Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uTorrent.exe

Overview

General Information

Sample Name:uTorrent.exe
Analysis ID:570317
MD5:007857e1cd5e960fea0416b2ef54534d
SHA1:9327a151202d9ba5d8415cb32a97f1c86e4ff82e
SHA256:4c7f671006c954103b076f46da7e2da23669da27a9e55b6ac268d071f8c90b86
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:20%

Compliance

Score:22
Range:0 - 100

Signatures

Tries to detect sandboxes / dynamic malware analysis system (registry check)
Obfuscated command line found
Antivirus or Machine Learning detection for unpacked file
Drops certificate files (DER)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains long sleeps (>= 3 min)
EXE planting / hijacking vulnerabilities found
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Adds / modifies Windows certificates
Drops PE files
Tries to load missing DLLs
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Stores large binary data to the registry
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Enables debug privileges
AV process strings found (often used to terminate AV products)
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Connects to several IPs in different countries
Contains functionality to launch a program with higher privileges
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sigma detected: Autorun Keys Modification

Classification

Analysis Advice

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

  • System is w10x64
  • uTorrent.exe (PID: 3112 cmdline: "C:\Users\user\Desktop\uTorrent.exe" MD5: 007857E1CD5E960FEA0416B2EF54534D)
    • uTorrent.tmp (PID: 1380 cmdline: "C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp" /SL5="$B03E2,943312,883200,C:\Users\user\Desktop\uTorrent.exe" MD5: 9054C48186BB9E64F0EDA6958EFEB852)
      • uTorrent.exe (PID: 4388 cmdline: "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010100111110 MD5: 8972ADD33EF8423C9C13BCEFBC97616E)
      • prod0.exe (PID: 5856 cmdline: "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe" /silent MD5: BF8C3713C265A55043C2C4B1563786A8)
        • RAVAntivirus-installer.exe (PID: 6208 cmdline: "C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe" "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe" /silent MD5: EEA360450972F6372891341AEFFFBAA8)
      • OperaSetup.exe (PID: 6496 cmdline: "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_new MD5: 4310BBB114DF4AACE5DF0A08B6A82B92)
        • OperaSetup.exe (PID: 6740 cmdline: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2b4,0x2b8,0x2bc,0x294,0x2c0,0x6d421678,0x6d421688,0x6d421694 MD5: 4310BBB114DF4AACE5DF0A08B6A82B92)
        • OperaSetup.exe (PID: 4700 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version MD5: 4310BBB114DF4AACE5DF0A08B6A82B92)
        • OperaSetup.exe (PID: 6084 cmdline: "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=6496 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20220210192600" --session-guid=dc5b86a8-4469-4529-9931-396e42450f24 --server-tracking-blob=YjFmY2FlNTY4ZGM2MzlhMGJiZTVmYWM4MTUyZWMyMzg0MWQ4YzNkNWYyNGFlZGQ5NThiYjc3OGY3YzkwYmVjNzp7ImNvdW50cnkiOiJJTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2ppcmEuaXJvbnNyYy5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9SVMmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249IiwidGltZXN0YW1wIjoiMTYwNzYwMDA0NC45NTQ2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg3LjAuNDI4MC44OCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6IjNlOWVmZDhkLTIzYjctNDUxZS04ZGJjLWFkOWI3NzI0NzkzOSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C05000000000000 MD5: 4310BBB114DF4AACE5DF0A08B6A82B92)
          • OperaSetup.exe (PID: 6876 cmdline: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2c4,0x2c8,0x2cc,0x294,0x2d0,0x6e0b1678,0x6e0b1688,0x6e0b1694 MD5: 4310BBB114DF4AACE5DF0A08B6A82B92)
      • uTorrent.exe (PID: 1664 cmdline: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe MD5: 8972ADD33EF8423C9C13BCEFBC97616E)
  • uTorrent.exe (PID: 4720 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MD5: 8972ADD33EF8423C9C13BCEFBC97616E)
    • utorrentie.exe (PID: 2280 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe" uTorrent_4720_03E6AA20_513898171 Torrent4823DF041B09 uTorrent MD5: ED4B9275AF0F55843336FE8E9A31CF0F)
    • utorrentie.exe (PID: 7040 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe" uTorrent_4720_03E6AEE0_1422913446 Torrent4823DF041B09 uTorrent MD5: ED4B9275AF0F55843336FE8E9A31CF0F)
    • chrome.exe (PID: 5192 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146 MD5: C139654B5C1438A95B321BB01AD63EF6)
      • chrome.exe (PID: 6072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,10124437272527245385,7484455714122685362,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • uTorrent.exe (PID: 6780 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MD5: 8972ADD33EF8423C9C13BCEFBC97616E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

There are no malicious signatures, click here to show all signatures.

Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: Data: Details: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe, ProcessId: 4388, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ut

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: 10.0.uTorrent.exe.400000.0.unpackAvira: Label: TR/Crypt.ULPM.Gen
Source: 7.0.uTorrent.exe.400000.0.unpackAvira: Label: TR/Crypt.ULPM.Gen
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: IPHLPAPI.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: MSIMG32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: WTSAPI32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: bcrypt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: PROPSYS.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: Secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: MLANG.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: WININET.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: USERENV.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: CRYPTSP.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: WindowsCodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: DNSAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: DEVOBJ.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: DPAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: DWrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION utorrentie.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146.exeJump to behavior
Uses 32bit PE files
Source: uTorrent.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: IPHLPAPI.DLLJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: MSIMG32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: WTSAPI32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: bcrypt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: PROPSYS.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: Secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: MLANG.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: WININET.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: USERENV.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: CRYPTSP.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: WindowsCodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: DNSAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: DEVOBJ.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: DPAPI.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDLL: DWrite.dllJump to behavior
Creates license or readme file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\license.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus\ui\LICENSE.electron.txt
Uses new MSVCR Dlls
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dll
Creates a directory in C:\Program Files
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\RAVAntivirus.7z
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\amd64
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\elam
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\resources
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state\prebuilds
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\swiftshader
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\x64
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\AntivirusInstaller.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\elam\evntdrv.xml
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\elam\rselam.cat
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\elam\rsElam.inf
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\resources\white-blue-icon.ico
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\resources\white-icon.ico
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsClient.Protection.Microphone.dll.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsEngine.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsEngineSvc.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsExtensionHost.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsHelper.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsRemediation.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\SecurityProductInformation.ini
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\Signatures.dat
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\chrome_100_percent.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\chrome_200_percent.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\icudtl.dat
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\LICENSE.electron.txt
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\LICENSES.chromium.html
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales\am.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales\ar.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales\bg.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales\bn.pak
Creates install or setup log file
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20220210192551382.log
Creates a software uninstall entry
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentJump to behavior
PE / OLE file has a valid certificate
Source: uTorrent.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: uTorrent.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Binary contains paths to debug symbols
Source: Binary string: aller_lib.dll.pdb source: OperaSetup.exe, 0000000C.00000000.793863619.00000000005CE000.00000080.00000001.01000000.0000000E.sdmp
Source: Binary string: aller_lib.dll.pdb source: OperaSetup.exe, 0000000C.00000000.793863619.00000000005CE000.00000080.00000001.01000000.0000000E.sdmp
Source: Binary string: X:\jenkins-workspace\workspace\client-builder-remoteieframe\ut_win\Build\Win32\Release\RemoteIEFrame.pdb source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\rsStub\rsStub\RavStub\obj\Release\RavStub.pdb source: RAVAntivirus-installer.exe, 0000000B.00000003.790761902.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, RAVAntivirus-installer.exe, 0000000B.00000000.788140923.0000000000572000.00000002.00000001.01000000.0000000B.sdmp, RAVAntivirus-installer.exe, 0000000B.00000003.793095069.000000001B590000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .exe.pdb source: OperaSetup.exe, 0000000C.00000000.793863619.00000000005CE000.00000080.00000001.01000000.0000000E.sdmp
Source: Binary string: X:\jenkins-workspace\workspace\client-builder-product\Build\Win32\Release\utorrent.pdb source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1.zipJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040AEF4 FindFirstFileW,FindClose,0_2_0040AEF4
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,0_2_0040A928
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0060C2B0 FindFirstFileW,GetLastError,1_2_0060C2B0
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0040E6A0 FindFirstFileW,FindClose,1_2_0040E6A0
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,1_2_0040E0D4
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,1_2_006B8DE4
Source: unknownNetwork traffic detected: IP country count 35
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%%s/offers/%shttp://update.utorrent.com/installoffer.phpRetrieveOffer
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/installstats.php
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/update_event.php
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/updatestats.php
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.php/NOTFAREAping.exe%s
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%S&file=%dhttp%%3A%%2F%%2Flocalhost%%3A%d%%2Fproxy%%3Fsid%%3D%S%%26fas
Source: uTorrent.exeString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%x&file=%d
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%x&file=%dverify_rsa_signature_appkeyrsa_generate_keyrsa_sign_hashrsa_
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/id
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/idCzsw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/idQa
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/idhttp://127.0.0.1:5001/hostuiwalletwallet.exeuTorrent
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/hostui
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/hostuiG
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/hostuiJfww
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.168.2
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.168.2.4:44867
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.168.2CYo
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com
Source: uTorrent.exeString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp?offer=
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp?offer=DOWNLOADINSTALLStarting
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp/MINIMIZEDINSTALLDEBUG:
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btappd
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://apps.bittorrent.comFailed
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://beta./TORRENTPANEINSTALL_FAIL_USER_CANCELINSTALL_FAIL_USER_CANCEL
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://beta.bundles.bittorrent.com/feed.rss
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bit.ly/1hknGHI
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://bit.ly/HTwxBjhttps://www.bittorrent.com/btfs/faqenabled.%Z
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://blog.utorrent.com/releases/windows/
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://btinstall-artifacts.bittorrent.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://btinstall-artifacts.staging.bittorrent.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://btinstall-artifacts.staging.bittorrent.comhttp://btinstall-artifacts.bittorrent.com/clients/u
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://bundles.bittorrent.com/feed.rss
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.931809959.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/bt.json
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/bt.jsontg
Source: uTorrent.exe, 00000007.00000002.774542465.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/staging_bt.json
Source: uTorrent.exe, 00000007.00000002.774542465.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/staging_ut.json
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/ut.json
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/ut.jsonhttp://cdn.ap.bittorrent.com/control/featur
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.json
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonP
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonac
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonhpsv
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonhttp://cdn.ap.bittorrent.com/control/tags/ut.jsonht
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.json
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.json%gNv
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.json0s
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.json;cEv
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonKsRw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonMcsv
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonQp
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonq
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonzpav
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.json
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.json.s-w
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.json2c
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.json4pWv
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonFpEv
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonYgjv
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonfd
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonosnw
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.925717501.0000000003EFA000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.json
Source: uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.json.utorr
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonOpNv
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonTsww
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonY
Source: uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonch.uto
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsoncpjv
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonqd
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonup
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.799867897.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.795011488.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.html
Source: uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.html?adt=4&browser=chrome&clientdata=ut%7c3%2e5%2e5%2e4
Source: uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.html?adt=5&browser=chrome&clientdata=ut%7c3%2e5%2e5%2e4
Source: uTorrent.exe, 0000000A.00000003.799867897.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.795011488.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.htmlF
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.htmlaming
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.htmloffers.ftAdUrloffers.lrecAdUrloffers.ftAdIdoffers.l
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/0
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: uTorrent.tmp, 00000001.00000003.819559078.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.838188652.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.931809959.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.833779999.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851063994.0000000003F2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-14.crl0S
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-82.crl0S
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://crl.thawte.com/ThawteServerPremiumCA.crl0
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934354009.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.931809959.0000000003F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934354009.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.931809959.0000000003F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exe
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exebtfsbtfs_install_amd64.exebtfsbtfs-wi
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://download-lb.utorrent.com/
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://download-lb.utorrent.com/endpoint/hydra-os/winxp/os/winvista/os/win7/os/win8/os/win81/os/win/
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://download.utorrent.com/help/utorrent-help-3551.zip
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://download.utorrent.com/help/utorrent-help-3551.ziputorrent.chmAddToolbarClickONBOARDINGcart=ut
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://dslreports.com/speedtest/
Source: uTorrent.exe, 0000000A.00000003.830185826.0000000005A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.wikipedia
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://engine.ap.bittorrent.com
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://engine.ap.bittorrent.comX6-
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion)
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion)a
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion.~
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion5zAw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion7
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionDdlw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionG
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionH
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionJzzw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionOdsw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionV~sw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionWn
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionXa
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionXzlw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionX~Aw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionc
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversiono
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionoa
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionq
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionra
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionre
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://forum.utorrent.com?client=%s%s
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://help.bittorrent.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://help.utorrent.com/customer/portal/articles/257678
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://help.utorrent.com/customer/portal/articles/257678:
Source: uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i-20.b-46146.ut.bench.utorrent.com/e?i=20
Source: uTorrent.exe, 0000000A.00000003.795011488.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-21.b-46146.ut.bench.utorrent.com/e?i=21
Source: uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i-29.b-46146.ut.bench.utorrent.com/e?i=290
Source: uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i-29.b-46146.ut.bench.utorrent.com/e?i=290&
Source: uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-43.b-46146.ut.bench.utorrent.com/e?i=43
Source: uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-43.b-46146.ut.bench.utorrent.com/e?i=430ly
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://i-45.b-
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://i-45.b-webui.enablewebui.enable_guestwebui.enable_listenwebui.token_authwebui.token_auth_filt
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18T33l?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18qTPD?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xGDT?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xJbM?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xaUu?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yF6n?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19ylKx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yuvA?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
Source: uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19ywNG?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBPfCZL?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBX2afX?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBnYSFZ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/langpacks/langpack-4308500ut.win.zip
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/langpacks/langpack-4308500ut.win.zip9
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/speedtestobjects.txt
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/speedtestobjects.txthttp://update.utorrent.com/speedserverl
Source: prod0.exe, 00000009.00000000.780892188.000000000040A000.00000008.00000001.01000000.00000009.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.931809959.0000000003F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ocsp.entrust.net02
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://play-artifacts.bittorrent.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://play-artifacts.staging.bittorrent.com
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://portforward.com/
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.799867897.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.795011488.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/client-webui/%s/client-webui.json
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/client-webui/%s/client-webui.jsonCAMPAIGNBROWSERCRASHSET_UPDATE_HOSTCO
Source: uTorrent.exe, 0000000A.00000003.799867897.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.795011488.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/client-webui/%s/client-webui.jsonk
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://remote.utorrent.com/
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://remote.utorrent.com/send?btih=
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://remote.utorrent.com/send?btih=%s%H&dn=%U&message=%U&sid=%s&cid=%U%s%H&dn=%U&message=%Uhttp://
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://report.bittorrent.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://report.bittorrent.com--ReportAdsContent-Type:
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934473965.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934473965.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.pngLMEM
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif3-QLMEM
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woffleLMEM
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16g6qc.img?h=27&w=27&
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17eTok.img?h=75&w=100
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18T33l.img?h=166&w=31
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18qTPD.img?h=16&w=16&
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19x3nX.img?h=166&w=31
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xJbM.img?h=75&w=100
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xaUu.img?h=166&w=31
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yF6n.img?h=333&w=31
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yKf2.img?h=250&w=30
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19ywNG.img?h=75&w=100
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBRUB0d.img?h=16&w=16&m
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://svr-ov-crl.thawte.com/ThawteOV.crl0
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://test.trontv.c
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://test.trontv.com/network/utclassic.html?bucket=adzerk-default&testid=24
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://tinyurl.com/api-create.php?url=%U
Source: uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trontv.com/#
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://trontv.com?client=%s%s
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://twitter.com/utorrent
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://twitter.com/utorrentWi
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.bittorrent.com/time.php
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: uTorrent.exe, 00000007.00000002.775553316.0000000003A66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installstats.php?cl=uTorrent&v=111916098&h=NWWSaQpU3Gy4CMB-&w=42EE000A&bu
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/speedserverlist.php
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/speedstats.php?result=
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/streamstats.php
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://update.utorrent.com/surveyTake
Source: uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/surveyrf9
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utclient.utorrent.com/badads-feedback/index.html#/
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/images/mobile-icon.png
Source: uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/images/mobile-icon.pnge
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utclient.utorrent.com/offers/onboarding-basic/i18n/en/ads-nofill.html
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utclient.utorrent.com/offers/onboarding-basic/i18n/en/ads-offer.html
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utclient.utorrent.com/offers/onboarding-basic/i18n/en/ads-offer.htmlhttp://utclient.utorrent.
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utclient.utorrent.com/offers/trontv-popout/index.html
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utclient.utorrent.com/offers/trontv-popout/index.htmlcpucpu_thresholdmemorymemory_thresholdlr
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/flow/onboarding-pro/i18n/en/first-torrent-ut.htmltorrent_addedproOn
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.html
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.htmlCustomerIdSoftware
Source: uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.htmlampaign
Source: uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.htmlntry
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/download/langpacks/dl.php?build=46146&ref=client&client=utorrent&sys_l=%s&sel_l=
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/prodnews%S?v=%Sopen_r.open_r_retry.open_r_err..errCode.install.change_permsinsta
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e461467u
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146BAT
Source: uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146I
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146o
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146x
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnewsct
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/testport?plain=1
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/testport?plain=1&port=%d:
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://utorrent.com/webui-guide.php
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://video.trontv.com/partners/didomi/client-cmp-ut.min.html
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://video.trontv.com/partners/didomi/client-cmp-ut.min.html:
Source: uTorrent.exe, 0000000A.00000003.841546736.0000000005A70000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.841774787.0000000005A70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICE
Source: uTorrent.exe, 0000000A.00000003.841373407.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.841267373.0000000005A70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.apple.com/itunes
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.apple.com/itunesFailed
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com/certified-devices/
Source: uTorrent.exe, 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.bittorrent.com/certified-devices/ORCopy
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.com/legal/eula
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.com/legal/privacy
Source: OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.entrust.net/rpa0
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.entrust.net/rpa03
Source: uTorrent.exe, 0000000A.00000003.856499219.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.856182660.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.856308955.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.856632436.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.856795261.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.857254458.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.857062177.0000000005A6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: uTorrent.exe, 0000000A.00000003.863751339.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.864158981.0000000005A6E000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.862596105.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.865338043.0000000005A6E000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.865014088.0000000005A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlH
Source: uTorrent.exe, 0000000A.00000003.862596105.0000000005A6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlm
Source: uTorrent.exe, 0000000A.00000003.859890073.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.859685965.0000000005A6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: uTorrent.exe, 0000000A.00000003.838315838.0000000005A51000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.838526126.0000000005A52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.google-analytics.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.google-analytics.comnull%S
Source: uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818357181.0000000002505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.kymoto.org
Source: uTorrent.exe, 00000000.00000003.672884888.0000000002600000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818432564.000000000252C000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.kymoto.orgAbout
Source: uTorrent.exe, 0000000A.00000003.879680047.0000000005A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustVm
Source: uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.805107814.0000000005DD7000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818204548.0000000007634000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.809400277.0000000007710000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.820588798.000000000018F000.00000004.00000010.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819026701.0000000005DCD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819255081.0000000005DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/)
Source: OperaSetup.exe, 0000000C.00000003.931711994.0000000003F21000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.opera.com
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.opera.com0
Source: uTorrent.exe, 0000000A.00000003.847872942.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.847679372.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848520585.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848725315.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848234039.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848844719.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848142490.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.847772641.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848647374.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848435446.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.847491415.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848940594.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848055981.0000000005A6D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.848343212.0000000005A6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comZ
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934473965.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934473965.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: uTorrent.exe, 0000000A.00000003.839522428.0000000005A70000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.838819741.0000000005A70000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.839247486.0000000005A70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.trontv.com/network/default.html
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trontv.com/network/default.htmlC~Hw
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com
Source: uTorrent.exe, 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com.
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/faq
Source: uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/faq#mlabs
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/faq.phphttp://ll.www.bittorrent.com/llspeedtest/http://update.utorrent.com/s
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/faq?client=%s%s
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/get-helpProV
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/help/guides/rss
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/help/guides/rss%dx%.2dp
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/pro/?x-source=myproacct#comp-tbl
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/pro/?x-source=myproacct#comp-tbl&procomppage=&proupgradepage=&licensestatus=
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com/testport.php?port=%d
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com0
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.com?client=%s%s
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.utorrent.comURLInfoAboutBitTorrent
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://yogi.apps.bittorrent.com/track/?data=%s&ip=1
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://yogi.apps.bittorrent.com/track/?data=%s&ip=1X-ClientID:
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://activate.utorrent.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://activate.utorrent.comhttp://play-artifacts.staging.bittorrent.comhttp://play-artifacts.bitto
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.jsLMEM
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/)~2w
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/A
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/G
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/da
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/p
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/5a
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/5~Vw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/J~Ow
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/Q~zw
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/lege
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/v
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/x
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.9Ky5Gf3gP0o.O/m=gap
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.adobedtm.com/
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC54c8a2b02c3446f48a60b41e8a5ff47
Source: uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC54c8a2b02c3446f7
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3
Source: OperaSetup.exe, 0000000C.00000003.838357633.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/
Source: OperaSetup.exe, 0000000C.00000003.838357633.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/9
Source: uTorrent.exeString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxupdate_urlclassic_uninstall/UNINSTALL
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media
Source: uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: uTorrent.exe, 00000000.00000003.672884888.0000000002600000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818432564.000000000252C000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818204548.0000000007634000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: uTorrent.exe, 00000000.00000003.672884888.0000000002600000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818432564.000000000252C000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818204548.0000000007634000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d3cfdnjelz8u20.cloudfront.net/o
Source: uTorrent.exe, 00000000.00000003.672884888.0000000002600000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818432564.000000000252C000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818032136.0000000007570000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/
Source: uTorrent.tmp, 00000001.00000003.818337722.00000000024F7000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/Opera/files/OperaSetup.zip
Source: uTorrent.tmp, 00000001.00000003.818337722.00000000024F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/Opera/files/OperaSetup.zip.
Source: uTorrent.tmp, 00000001.00000002.825650419.000000000543A000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/Opera/files/OperaSetup.zip06ed
Source: uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/Opera/images/DOTPS-502/EN.png
Source: uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/Opera/images/DOTPS-502/EN.png:
Source: uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/Opera/images/DOTPS-502/EN.pngXT
Source: uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/Opera/images/DOTPS-502/EN.pngefT
Source: uTorrent.tmp, 00000001.00000002.826397666.0000000005DAE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.803114593.0000000005DAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/RAV/images/RAV_uto3/EN.png3f2edfa0xeGc
Source: uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/RAV/images/RAV_uto3/EN.pngig
Source: uTorrent.exe, 00000000.00000003.672884888.0000000002600000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818432564.000000000252C000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818233688.0000000007658000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818625184.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/uTorrentClassic/DOTPS-424/2/uTorrent.exe
Source: uTorrent.tmp, 00000001.00000003.819559078.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d4bohzj3dmv4j.cloudfront.net/f/uTorrentClassic/DOTPS-424/2/uTorrent.exeO
Source: uTorrent.exe, 00000000.00000003.672884888.0000000002600000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818432564.000000000252C000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818107153.00000000075C0000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.804987065.0000000005DCC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.826043771.0000000005D70000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.817051699.0000000005DCD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.826449407.0000000005DCD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819026701.0000000005DCD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4w1kp01cnm54.cloudfront.net/zbd
Source: uTorrent.tmp, 00000001.00000002.826043771.0000000005D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d4w1kp01cnm54.cloudfront.net/zbdes
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/SysWOW64
Source: OperaSetup.exe, 0000000C.00000003.838357633.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851429465.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934181372.0000000000B95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: OperaSetup.exe, 0000000C.00000003.838357633.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary0
Source: OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary8
Source: OperaSetup.exe, 0000000C.00000003.851111613.0000000003F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary?w
Source: OperaSetup.exe, 0000000C.00000003.851429465.0000000000B95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryource=ais&niuid=3e9efd8d-23b7-451e-8dbc
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853416692.0000000003EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B83C84637
Source: OperaSetup.exe, 0000000C.00000003.838232156.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.838212387.0000000003F3B000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/
Source: OperaSetup.exe, 0000000C.00000003.838232156.0000000003F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/KeT
Source: OperaSetup.exe, 0000000C.00000003.838188652.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=55144&autoupdate=1&ni=1
Source: OperaSetup.exe, 0000000C.00000003.838357633.0000000000B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=55144&autoupdate=1&ni=1I
Source: OperaSetup.exe, 0000000C.00000003.838357633.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=55144&autoupdate=1&ni=1p
Source: OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=56255&autoupdate
Source: OperaSetup.exe, 0000000C.00000003.934181372.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.838833965.0000000000BB1000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851543623.0000000000BB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=56255&autoupdate=1&ni=1&stream=stable&utm_campaign=opera
Source: OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/
Source: OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.931809959.0000000003F29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/pub/opera/desktop/83.0.4254.54/win/Opera_83.0.4254.54_Autoupdate_x64.
Source: uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQE7dARJDf70CVtvXguPcFi4kAoAFTTEX3FZ_Kd&s=0LMEM
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQFso5PEv3c0kRR2gODJUq62DZF6fnxNsqKUTBX-00QeuCR
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQcijPNIB_ZGSU0DrjPI_tJ1YOI-6PHUbyHUjTLi3M5nnkK
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQyeaAiOCtrhzoyiUuHOZcp67UWv4aYiYIKZ629tWqIyQ_l
Source: uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS9bnSRFZj9kLnT0CeZ7r27C9IrO3sFLnQL62gz&s=0LMEM
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSHEjIxVJou5NRecC2n_FnHaUJDfppR3IDOglu2Ry9INoxt
Source: uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSrCEL2r-B2oHHnS0EeiVjQLJYayeF4GHjCZod9vr4&soni
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://gearbox.bittorrent.com
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://gearbox.bittorrent.comclient_key:
Source: uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.805107814.0000000005DD7000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818204548.0000000007634000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.809400277.0000000007710000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.820588798.000000000018F000.00000004.00000010.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819026701.0000000005DCD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819255081.0000000005DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/arvidn/libtorrent/blob/master/LICENSE
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnwt
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnwt=ga
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DsDH
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n4cm
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJ7
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJa
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tG3OP
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tQVa
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tQVach#
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqj5Zh
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4zuiC
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileaf
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853416692.0000000003EA4000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
Source: uTorrent.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: uTorrent.exe, 00000000.00000000.672130485.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/ConvergedLoginPaginatedStrings.en.jsngLMEM
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/ConvergedLogin_PCore.jsLMEM
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/Converged_v21033.cssLMEM
Source: uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/images/ellipsis_white.svg?x=5ac590ee72bfe06a7cecfd75b588
Source: uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.28666.10/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000.28666.10/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc1937
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v21033_-0mnSwu67knBd7qR7YN9GQ2.cssLMEM
Source: uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/OldConvergedLogin_PCore_xqcDwEKeDux9oCNjuqEZ-A2.jsaaLM
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://media.adaware.com/torrentscanner/lp/search.php?p=bt&q=
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://media.adaware.com/torrentscanner/lp/search.php?p=bt&q=eo
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.0/mwf-auto-init-main.var.min.js
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.0/mwf-auto-init-main.var.min.jsLMEM
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2020-07-22-21-45-19/PreSignInSettingsConfig.json?One
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onecs-live.azureedge.net/api/settings/en-US/xml/settings-tipset?release=rs4
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4sQBcLMEM
Source: uTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://rebrand.ly/368mel?type=%s-%U&h=%s&v=%d
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://rebrand.ly/368mel?type=%s-%U&h=%s&v=%dSoftware
Source: OperaSetup.exe, 0000000C.00000003.851111613.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.835018649.0000000000BBC000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.838232156.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/www.opera.com/firstrun/?utm_campaign=opera_new&utm_medium=pb&utm_source=ais&
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s.yimg.com/lo/api/res/1.2/BXjlWewXmZ47HeV5NPvUYA--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
Source: uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/RAVAntivirus-installer.exe?dui=
Source: uTorrent.tmp, 00000001.00000003.818367972.000000000250C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/RAVAntivirus-installer.exe?dui=d06ed635-68f6-4e9a-955c-4899f5f57b9
Source: uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/network/utclassic-content.html?bucket=test-holistic&test=1
Source: uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/network/utclassic-content.html?bucket=test-holistic-ctp&test=1
Source: uTorrent.exe, 0000000A.00000003.925717501.0000000003EFA000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/network/utclassic-content.html?bucket=test-holistic-ctp&test=1Hv
Source: uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-prebid&tes
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/network/utclassic.html?bucket=classic-us
Source: uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/smart/display/smart.html?bucket=test-holistic-plus-display-prebid
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/smart/video/autoplay-test.html
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/smart/video/mute-
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/smart/video/mute-button-test.html
Source: uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/smart/video/mute-button-test.htmlcod3
Source: uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.com/smart/video/preroll-pod.html?bucket=test-holistic-plus-video-prebid&test=
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://staging.trontv.j
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css?c=7
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css?c=7jsLMEM
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://test.tro
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://test.trontv.co
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://test.trontv.com/network
Source: uTorrent.exe, 0000000A.00000003.906410357.0000000003F97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.901536637.0000000003F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://test.trontv.com/network/utclassic-conte
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://test.trontv.com/network/utclassic-content.html?bucket=classic-us
Source: uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://test.trontv.com/network/utclassic-content.html?bucket=test-holistic
Source: uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://test.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-prebid&test=1
Source: RAVAntivirus-installer.exe, 0000000B.00000003.790761902.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, RAVAntivirus-installer.exe, 0000000B.00000000.788140923.0000000000572000.00000002.00000001.01000000.0000000B.sdmp, RAVAntivirus-installer.exe, 0000000B.00000003.793095069.000000001B590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://track.analytics-data.io
Source: RAVAntivirus-installer.exe, 0000000B.00000003.790761902.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, RAVAntivirus-installer.exe, 0000000B.00000000.788140923.0000000000572000.00000002.00000001.01000000.0000000B.sdmp, RAVAntivirus-installer.exe, 0000000B.00000003.793095069.000000001B590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.reasonsecurity.com/v1/update
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://utclient.utorrent.com/client-user-onboarding/index.html
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://utclient.utorrent.com/client-user-onboarding/index.htmlhttps://utclient.utorrent.com/client-
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.806317180.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://utclient.utorrent.com/client-user-onboarding/second-entry-index.html
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://utclient.utorrent.com/client-user-onboarding/second-entry-index.htmleo
Source: uTorrent.exe, 0000000A.00000003.925717501.0000000003EFA000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.t
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.tron
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.c
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.925717501.0000000003EFA000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.co
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/n
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/netw
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/netwo
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/a
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic
Source: uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-
Source: uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classi
Source: uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classic-aunz
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classic-ca
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classic-de
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classic-es
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classic-fr
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classic-it
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classic-uk
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=classic-us
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-pIx
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-prebid&clien
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-prebid&test=
Source: uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-1
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-10
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-1i
Source: uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-2
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-3
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-37
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-4
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-4;
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-5
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-6
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-6Goc
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-7
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-7:443
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-8
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-8Uz
Source: uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-8y3-
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-9
Source: uTorrent.exe, 0000000A.00000003.906410357.0000000003F97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.901536637.0000000003F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.hQ
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.906410357.0000000003F97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.901536637.0000000003F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-amer
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-apac
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-aunz
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-br
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-ca
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-de
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-es
Source: uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-eur
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-fr
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-it
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-mea
Source: uTorrent.exe, 0000000A.00000003.925717501.0000000003EFA000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934473965.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-mrec-sou
Source: uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-mrec-sound-on
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-mrec-sound-on00
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.906410357.0000000003F97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.901536637.0000000003F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-mx
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-nordics
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-ru
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-uk
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=classic-us
Source: uTorrent.exe, 0000000A.00000003.925717501.0000000003EFA000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916665921.0000000003EFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-1
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-10
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-10es
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-1?buau/
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-2
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-2tml#um
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-3
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-4
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-4ntv
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-5
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-6
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-6m/n
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-7
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-7eca
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-8
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-8ame4u
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-9
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-9inF
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-dis
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-1
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-10
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-10t
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-1si
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-2
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-2etu
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-3
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-3la
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-4
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-5
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-6
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-7
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-7rk
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-8
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-8o.
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-9
Source: uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/network/utclassic.html?bucket=test-qa-mrec-display-9:
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/smart/display/smart.html?bucket=test-holistic-plus-display-prebid
Source: uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/smart/display/smart.html?bucket=test-holistic-plus-display-prebidRv
Source: uTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/smart/display/smart.html?bucket=test-holistic-plus-display-prebidps://
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/smart/video/mute-button-test.html
Source: uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/smart/video/mute-button-test.htmly
Source: uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/smart/video/preroll-pod.html?bucket=test-holistic-plus-video-prebid&test=1&
Source: uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://video.trontv.com/smartZ8/
Source: uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
Source: uTorrent.exe, 00000000.00000003.672884888.0000000002600000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818432564.000000000252C000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818233688.0000000007658000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/eula/
Source: uTorrent.tmp, 00000001.00000002.824488675.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819355776.0000000000A5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/eula/y-policy/9ba649d7f339d262e3f2edfa0
Source: uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/privacy-policy/
Source: uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/terms-of-use/
Source: uTorrent.tmp, 00000001.00000003.791765979.0000000005975000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933512178.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934354009.0000000003F6A000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.938424350.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.931809959.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933639264.0000000003F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/gtm/js?id=GTM-N7S69J3&cid=993498051.1601450642LMEM
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/bgasy?ei=gTJ0X7zPLY2f1fAPlo2xoAI&yv=3&async=_fmt:jspb
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/css/main.v3.min.cssXXC:
Source: uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpgbbC:
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-help.jpg
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/google-play-download.pngLMEM
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-beta.pngt3.LMEM
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-dev.pngLMEM
Source: uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-enterprise.png
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-enterprise.pngLMEM
Source: uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-middle.png
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.png
Source: uTorrent.exeString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_features.png
Source: uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_features.pngl
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_features.pngmLMEM
Source: uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_privacy.png
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_privacy.pngLMEM
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepage/laptop_desktop.pngLMEM
Source: uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/homepageI
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/thank-you/thankyou-animation.json
Source: uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/static/js/installer.min.jsr
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?q&cp=0&client=psy-ab&xssi=t&gs_ri=gws-wiz&hl=en&authuser=0&ps
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?q=ch&cp=2&client=Q
Source: uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?q=ch&cp=2&client=psy-ab&xssi=t&gs_ri=gws-wiz&hl=en&authuser=0
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?q=chro&cp=4&client=psy-ab&xssi=t&gs_ri=gws-wiz&hl=en&authuser
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?q=chrome&cp=6&client=psy-ab&xssi=t&gs_ri=gws-wiz&hl=en&authus
Source: uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complsB
Source: uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/hpp/Chrome_Owned_96x96.png__C:
Source: uTorrent.exeString found in binary or memory: https://www.google.com/images/phd/px.gif
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/phd/px.giftorLMEMXP)
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/searchbox/desktop_searchbox_sprites302_hr.pngLMEM
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/js/bg/4sIGg4Q0MrxdMwjTwsyJBGUAZbljSmH8-8Fa9_hVOC0.js
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/xjs/_/js/k=xjs.s.en_GB.u8fwEfmm86E.O/ck=xjs.s.hyRG9kR79v8.L.I11.O
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853416692.0000000003EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/xjs/_/js/k=xjs.s.en_GB.u8fwEfmm86E.O/ck=xjs.s.hyRG9kR79v8.L.I11.O/m=IvlUe
Source: uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853416692.0000000003EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.ConsentUi.en_GB.wmTUy5P6FUM.es5.O/ck=
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.bMYZ6MazNlM.
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/external_hosted/autotrack/autotrack.jsLMEM
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/external_hosted/modernizr/modernizr.jsLMEM
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/ScrollMagic.min.js1LMEM
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/animation.gsap.min.js
Source: uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/animation.gsap.min.jsh
Source: uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_92x36dp.pngLMEM
Source: uTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/check_black_24dp.png
Source: uTorrent.exe, 0000000A.00000003.898464392.0000000003EE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/check_black_24dp.pngLMEM
Source: uTorrent.exeString found in binary or memory: https://www.gstatic.com/kpui/social/fb_32x32.png
Source: uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/kpui/social/fb_32x32.pngexiN
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.og2.en_US.vA2d_upwXfg.O/rt=j/m=def
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.CniBF78B8Ew.L.X.O/m=qcwid/excm=qaaw
Source: uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/ui/v1/activityindicator/loading_24.gifLMEM
Source: uTorrent.exe, 00000000.00000003.677235452.000000007FB90000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.674931514.0000000002740000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, uTorrent.tmp, 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: uTorrent.tmp, 00000001.00000003.818413308.0000000002525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/h
Source: uTorrent.tmp, 00000001.00000003.818413308.0000000002525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he
Source: uTorrent.tmp, 00000001.00000003.818166936.0000000007605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
Source: uTorrent.tmp, 00000001.00000002.825650419.000000000543A000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersb
Source: uTorrent.tmp, 00000001.00000002.825650419.000000000543A000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersdfa0
Source: uTorrent.tmp, 00000001.00000002.825650419.000000000543A000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersdfa0i
Source: uTorrent.tmp, 00000001.00000003.818166936.0000000007605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
Source: uTorrent.tmp, 00000001.00000003.819559078.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacye4
Source: uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/privacy-policy
Source: RAVAntivirus-installer.exe, 0000000B.00000003.790761902.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, RAVAntivirus-installer.exe, 0000000B.00000000.788140923.0000000000572000.00000002.00000001.01000000.0000000B.sdmp, RAVAntivirus-installer.exe, 0000000B.00000003.793095069.000000001B590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/privacy-policy?utm_source=rav_antivirus_installer
Source: uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/terms
Source: uTorrent.tmp, 00000001.00000003.819559078.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/terms?5M
Source: RAVAntivirus-installer.exe, 0000000B.00000003.790761902.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, RAVAntivirus-installer.exe, 0000000B.00000000.788140923.0000000000572000.00000002.00000001.01000000.0000000B.sdmp, RAVAntivirus-installer.exe, 0000000B.00000003.793095069.000000001B590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/terms?utm_source=rav_antivirus_installer
Source: uTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/termsrspera/images/DOTPS-502/EN.png:opera_newziponid
Source: uTorrent.tmp, 00000001.00000002.826043771.0000000005D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reasonsecurity.com/termsv
Source: uTorrent.exe, 00000000.00000003.677235452.000000007FB90000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.674931514.0000000002740000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, uTorrent.tmp, 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: uTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.surveymonkey.com/r/QKYKJR9?vs=3.5.5&cl=
Source: uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.surveymonkey.com/r/QKYKJR9?vs=3.5.5&cl=utorrent&bld=46146&ssu=76&os=windows&lang_c=&l=en
Source: uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.surveymonkey.com/s/C2VFYPC
Source: uTorrent.tmp, 00000001.00000003.818395242.000000000251B000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.820114467.0000000005D86000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.825650419.000000000543A000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.820189169.0000000005D8D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.utorrent.com/.
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.utorrent.com/remotehelp.ico
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: `https://www.facebook.com/connect/login_success.htmlhttp://www.facebook.com/connect/login_success.htmlhttps://www.facebook.com/login.phphttp://www.facebook.com/login.phphttps://www.facebook.com/connect/uiserver.phphttp://www.facebook.com/connect/uiserver.phphttps://www.facebook.com/dialog/permissions.requesthttp://www.facebook.com/dialog/permissions.requesthttps://www.facebook.com/checkpoint/http://www.facebook.com/checkpoint/&scope=%Sclient_id=%S&redirect_uri=%s&response_type=token&display=popup%shttps://www.facebook.com/dialog/oauthcancelledhttp://www.facebook.com/dialog/oauth&to=%Sapp_id=%S&display=popup&message=%s&redirect_uri=%s%shttps://www.facebook.com/dialog/apprequests:}Yf}Y equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.facebook.com/utorrent equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http_add_torrent.btkeyadd_magnetlinkbtskindefaultautoAccepted launch|Type: %s Location: %sdouble_clickWM_ENDSESSIONWM_QUITWM_QUERYENDSESSIONWM_CLOSEonWmClose: %sonWmClose: msg %dMemory Compacting, system memory is low (%u%% CPU usage)Memory Compacted, released %ztshttp://update.bittorrent.com/time.phpsocial.bmpFacebookhttp://www.facebook.com/utorrentTwitterhttp://twitter.com/utorrentLanguageclient_first_runfirst_runscreensizeappsizedimensionsnot_installedflash versionflashDoDestroy %sShutdownBeginHelper shutdown succeededfailedShutdown pending: Trackers DiskIO DelTorrents UPnP Helper ShutdownPending"action":"%s.%d.%d.%02d.%d.%05d"ShutdownDoneSENTFAILEDShutdownDone %s with wait result %d.%#z<item></item>marquee<title></title><media:hash</media:hash><link></link><pubDate></pubDate>http://bundles.bittorrent.com/feed.rsshttp://beta.bundles.bittorrent.com/feed.rssautoupdateOnTimeoutPrevented update check because of proxy torrents[autorestart] Attempting to upgrade: (%S) -> (%S)[autorestart] Autorestarting.Unable to send crash report to server: equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http_add_torrent.btkeyadd_magnetlinkbtskindefaultautoAccepted launch|Type: %s Location: %sdouble_clickWM_ENDSESSIONWM_QUITWM_QUERYENDSESSIONWM_CLOSEonWmClose: %sonWmClose: msg %dMemory Compacting, system memory is low (%u%% CPU usage)Memory Compacted, released %ztshttp://update.bittorrent.com/time.phpsocial.bmpFacebookhttp://www.facebook.com/utorrentTwitterhttp://twitter.com/utorrentLanguageclient_first_runfirst_runscreensizeappsizedimensionsnot_installedflash versionflashDoDestroy %sShutdownBeginHelper shutdown succeededfailedShutdown pending: Trackers DiskIO DelTorrents UPnP Helper ShutdownPending"action":"%s.%d.%d.%02d.%d.%05d"ShutdownDoneSENTFAILEDShutdownDone %s with wait result %d.%#z<item></item>marquee<title></title><media:hash</media:hash><link></link><pubDate></pubDate>http://bundles.bittorrent.com/feed.rsshttp://beta.bundles.bittorrent.com/feed.rssautoupdateOnTimeoutPrevented update check because of proxy torrents[autorestart] Attempting to upgrade: (%S) -> (%S)[autorestart] Autorestarting.Unable to send crash report to server: equals www.twitter.com (Twitter)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/dialog/apprequests equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus\x64\reasoncamfilter.catJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus\elam\rselam.catJump to dropped file
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004323DC0_2_004323DC
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004255DC0_2_004255DC
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040E9C40_2_0040E9C4
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_006B786C1_2_006B786C
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0040C9381_2_0040C938
Source: uTorrent.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uTorrent.tmp.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uTorrent.tmp.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: OperaSetup.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: OperaSetup.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: OperaSetup.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: is-8MDKK.tmp.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uTorrent.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 3.5.5_46200.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: helper_web_ui.btinstall.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: helper_web_ui.btinstall.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeSection loaded: security.dll
Source: uTorrent.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_004AF110
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_0060F6D8
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: String function: 0060CD28 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: String function: 005F5C7C appears 50 times
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: String function: 005F5F60 appears 62 times
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: String function: 005DE888 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: String function: 006163B4 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: String function: 00616130 appears 39 times
Source: uTorrent.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: JS type: DOS executable (COM, 0x8C-variant)
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: PNG type: DOS executable (COM)
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant)
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant)
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: is-OO32S.tmp.1.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
Source: uTorrent.exe.7.drStatic PE information: Resource name: JS type: DOS executable (COM, 0x8C-variant)
Source: uTorrent.exe.7.drStatic PE information: Resource name: PNG type: DOS executable (COM)
Source: uTorrent.exe.7.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant)
Source: uTorrent.exe.7.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant)
Source: uTorrent.exe.7.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: uTorrent.exe.7.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
Source: uTorrent.exe.7.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: uTorrent.exe.7.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: uTorrent.exe.7.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: JS type: DOS executable (COM, 0x8C-variant)
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: PNG type: DOS executable (COM)
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant)
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant)
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM)
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: 3.5.5_46146.exe.10.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
Source: 3.5.5_46200.exe.10.drStatic PE information: Resource name: RT_ICON type: DOS executable (COM, 0x8C-variant)
Source: 3.5.5_46200.exe.10.drStatic PE information: Resource name: RT_ICON type: MIPSEL-BE MIPS-III ECOFF executable - version 9.74
Source: 3.5.5_46200.exe.10.drStatic PE information: Resource name: RT_ICON type: amd 29k coff archive
Source: 3.5.5_46200.exe.10.drStatic PE information: Resource name: RT_DIALOG type: SVR2 pure executable (USS/370) - version 1661773177
Source: 3.5.5_46200.exe.10.drStatic PE information: Resource name: RT_GROUP_ICON type: COM executable for DOS
Source: uTorrent.exe, 00000000.00000000.672298759.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs uTorrent.exe
Source: uTorrent.exe, 00000000.00000003.827185103.0000000002478000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs uTorrent.exe
Source: uTorrent.exe, 00000000.00000003.677235452.000000007FB90000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs uTorrent.exe
Source: uTorrent.exe, 00000000.00000003.674931514.0000000002740000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs uTorrent.exe
Source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenameRemoteIE.exe& vs uTorrent.exe
Source: is-OO32S.tmp.1.drStatic PE information: Section: UPX1 ZLIB complexity 0.99974746665
Source: uTorrent.exe.7.drStatic PE information: Section: UPX1 ZLIB complexity 0.99974746665
Source: 3.5.5_46146.exe.10.drStatic PE information: Section: UPX1 ZLIB complexity 0.99974746665
Source: 3.5.5_46200.exe.10.drStatic PE information: Section: UPX1 ZLIB complexity 0.999429256542
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: classification engineClassification label: sus24.evad.winEXE@28/129@0/100
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004AF9F0 FindResourceW,SizeofResource,LoadResource,LockResource,0_2_004AF9F0
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeFile read: C:\Users\user\Desktop\uTorrent.exeJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\uTorrent.exe "C:\Users\user\Desktop\uTorrent.exe"
Source: C:\Users\user\Desktop\uTorrent.exeProcess created: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp "C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp" /SL5="$B03E2,943312,883200,C:\Users\user\Desktop\uTorrent.exe"
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010100111110
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe" /silent
Source: unknownProcess created: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe "C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe" "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe" /silent
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_new
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2b4,0x2b8,0x2bc,0x294,0x2c0,0x6d421678,0x6d421688,0x6d421694
Source: unknownProcess created: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe" uTorrent_4720_03E6AA20_513898171 Torrent4823DF041B09 uTorrent
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe" uTorrent_4720_03E6AEE0_1422913446 Torrent4823DF041B09 uTorrent
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=6496 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20220210192600" --session-guid=dc5b86a8-4469-4529-9931-396e42450f24 --server-tracking-blob=YjFmY2FlNTY4ZGM2MzlhMGJiZTVmYWM4MTUyZWMyMzg0MWQ4YzNkNWYyNGFlZGQ5NThiYjc3OGY3YzkwYmVjNzp7ImNvdW50cnkiOiJJTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2ppcmEuaXJvbnNyYy5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9SVMmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249IiwidGltZXN0YW1wIjoiMTYwNzYwMDA0NC45NTQ2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg3LjAuNDI4MC44OCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6IjNlOWVmZDhkLTIzYjctNDUxZS04ZGJjLWFkOWI3NzI0NzkzOSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2c4,0x2c8,0x2cc,0x294,0x2d0,0x6e0b1678,0x6e0b1688,0x6e0b1694
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,10124437272527245385,7484455714122685362,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
Source: C:\Users\user\Desktop\uTorrent.exeProcess created: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp "C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp" /SL5="$B03E2,943312,883200,C:\Users\user\Desktop\uTorrent.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010100111110Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe" /silentJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_newJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe" uTorrent_4720_03E6AA20_513898171 Torrent4823DF041B09 uTorrentJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe" uTorrent_4720_03E6AEE0_1422913446 Torrent4823DF041B09 uTorrentJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2b4,0x2b8,0x2bc,0x294,0x2c0,0x6d421678,0x6d421688,0x6d421694
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=6496 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20220210192600" --session-guid=dc5b86a8-4469-4529-9931-396e42450f24 --server-tracking-blob=YjFmY2FlNTY4ZGM2MzlhMGJiZTVmYWM4MTUyZWMyMzg0MWQ4YzNkNWYyNGFlZGQ5NThiYjc3OGY3YzkwYmVjNzp7ImNvdW50cnkiOiJJTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2ppcmEuaXJvbnNyYy5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9SVMmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249IiwidGltZXN0YW1wIjoiMTYwNzYwMDA0NC45NTQ2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg3LjAuNDI4MC44OCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6IjNlOWVmZDhkLTIzYjctNDUxZS04ZGJjLWFkOWI3NzI0NzkzOSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_004AF110
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_0060F6D8
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\is-D82CR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0062CFB8 GetVersion,CoCreateInstance,1_2_0062CFB8
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0041A4DC GetDiskFreeSpaceW,0_2_0041A4DC
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\077cf2bd55145d691314f0889d7a1997\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpMutant created: \Sessions\1\BaseNamedObjects\ Torrent/{1F44C754-37E7-2687-70D4-148E574DF026}
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ Torrent4823DF041B09
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeMutant created: \Sessions\1\BaseNamedObjects\Local\uTorrent.exe
Source: uTorrent.exeString found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af
Source: uTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURL %s
Source: uTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
Source: uTorrent.exeString found in binary or memory: %u.%u.%u.%u.in-addr.arpa
Source: uTorrent.exeString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: uTorrent.exeString found in binary or memory: add-stopped
Source: uTorrent.exeString found in binary or memory: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --load-extension=C:\Windows\crx -- "
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile written: C:\Program Files\RAVAntivirus\SecurityProductInformation.ini
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Agree
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_88df21dd2faf7c49\MSVCR80.dll
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\RAVAntivirus.7z
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\amd64
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\elam
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\resources
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state\prebuilds
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\swiftshader
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\x64
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\AntivirusInstaller.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\elam\evntdrv.xml
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\elam\rselam.cat
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\elam\rsElam.inf
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\resources\white-blue-icon.ico
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\resources\white-icon.ico
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsClient.Protection.Microphone.dll.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsEngine.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsEngineSvc.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsExtensionHost.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsHelper.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\rsRemediation.exe.config
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\SecurityProductInformation.ini
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\Signatures.dat
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\chrome_100_percent.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\chrome_200_percent.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\icudtl.dat
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\LICENSE.electron.txt
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\LICENSES.chromium.html
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales\am.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales\ar.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales\bg.pak
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDirectory created: C:\Program Files\RAVAntivirus\ui\locales\bn.pak
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentJump to behavior
Source: uTorrent.exeStatic file information: File size 1877512 > 1048576
Source: uTorrent.exeStatic PE information: certificate valid
Source: uTorrent.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: aller_lib.dll.pdb source: OperaSetup.exe, 0000000C.00000000.793863619.00000000005CE000.00000080.00000001.01000000.0000000E.sdmp
Source: Binary string: aller_lib.dll.pdb source: OperaSetup.exe, 0000000C.00000000.793863619.00000000005CE000.00000080.00000001.01000000.0000000E.sdmp
Source: Binary string: X:\jenkins-workspace\workspace\client-builder-remoteieframe\ut_win\Build\Win32\Release\RemoteIEFrame.pdb source: uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\rsStub\rsStub\RavStub\obj\Release\RavStub.pdb source: RAVAntivirus-installer.exe, 0000000B.00000003.790761902.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, RAVAntivirus-installer.exe, 0000000B.00000000.788140923.0000000000572000.00000002.00000001.01000000.0000000B.sdmp, RAVAntivirus-installer.exe, 0000000B.00000003.793095069.000000001B590000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .exe.pdb source: OperaSetup.exe, 0000000C.00000000.793863619.00000000005CE000.00000080.00000001.01000000.0000000E.sdmp
Source: Binary string: X:\jenkins-workspace\workspace\client-builder-product\Build\Win32\Release\utorrent.pdb source: uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp

Data Obfuscation

barindex
Obfuscated command line found
Source: C:\Users\user\Desktop\uTorrent.exeProcess created: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp "C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp" /SL5="$B03E2,943312,883200,C:\Users\user\Desktop\uTorrent.exe"
Source: C:\Users\user\Desktop\uTorrent.exeProcess created: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp "C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp" /SL5="$B03E2,943312,883200,C:\Users\user\Desktop\uTorrent.exe" Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004B5000 push 004B50DEh; ret 0_2_004B50D6
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004B5980 push 004B5A48h; ret 0_2_004B5A40
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00458000 push ecx; mov dword ptr [esp], ecx0_2_00458005
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0049B03C push ecx; mov dword ptr [esp], edx0_2_0049B03D
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004A00F8 push ecx; mov dword ptr [esp], edx0_2_004A00F9
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00458084 push ecx; mov dword ptr [esp], ecx0_2_00458089
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004B1084 push 004B10ECh; ret 0_2_004B10E4
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004A1094 push ecx; mov dword ptr [esp], edx0_2_004A1095
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0041A0B4 push ecx; mov dword ptr [esp], ecx0_2_0041A0B8
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004270BC push 00427104h; ret 0_2_004270FC
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00458108 push ecx; mov dword ptr [esp], ecx0_2_0045810D
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004321C8 push ecx; mov dword ptr [esp], edx0_2_004321C9
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004A21D8 push ecx; mov dword ptr [esp], edx0_2_004A21D9
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0049E1B8 push ecx; mov dword ptr [esp], edx0_2_0049E1B9
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0049A260 push 0049A378h; ret 0_2_0049A370
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00455268 push ecx; mov dword ptr [esp], ecx0_2_0045526C
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004252D4 push ecx; mov dword ptr [esp], eax0_2_004252D9
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004592FC push ecx; mov dword ptr [esp], edx0_2_004592FD
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0045B284 push ecx; mov dword ptr [esp], edx0_2_0045B285
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00430358 push ecx; mov dword ptr [esp], eax0_2_00430359
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00430370 push ecx; mov dword ptr [esp], eax0_2_00430371
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00459394 push ecx; mov dword ptr [esp], ecx0_2_00459398
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004A1428 push ecx; mov dword ptr [esp], edx0_2_004A1429
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0049B424 push ecx; mov dword ptr [esp], edx0_2_0049B425
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004A24D8 push ecx; mov dword ptr [esp], edx0_2_004A24D9
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004224F0 push 004225F4h; ret 0_2_004225EC
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004304F0 push ecx; mov dword ptr [esp], eax0_2_004304F1
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00499490 push ecx; mov dword ptr [esp], edx0_2_00499493
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00458564 push ecx; mov dword ptr [esp], edx0_2_00458565
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00458574 push ecx; mov dword ptr [esp], edx0_2_00458575
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00457574 push ecx; mov dword ptr [esp], ecx0_2_00457578
Source: RAVAntivirus-installer.exe.9.drStatic PE information: 0xEB359209 [Tue Jan 18 02:35:53 2095 UTC]
Source: uTorrent.exeStatic PE information: section name: .didata
Source: uTorrent.tmp.0.drStatic PE information: section name: .didata
Source: ArchiveUtilityx64.dll.9.drStatic PE information: section name: _RDATA
Source: rsBridgeNapi.node.11.drStatic PE information: section name: _RDATA
Source: node.napi.node.11.drStatic PE information: section name: _RDATA
Source: OperaSetup.exe.1.drStatic PE information: real checksum: 0x24fa6d should be: 0x255000
Source: is-OO32S.tmp.1.drStatic PE information: real checksum: 0x20d864 should be: 0x216fed
Source: uTorrent.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x314e14
Source: 3.5.5_46146.exe.10.drStatic PE information: real checksum: 0x20d864 should be: 0x216fed
Source: botva2.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x15537
Source: is-8MDKK.tmp.1.drStatic PE information: real checksum: 0x822f9 should be: 0x86b57
Source: uTorrent.exe.7.drStatic PE information: real checksum: 0x20d864 should be: 0x216fed
Source: initial sampleStatic PE information: section name: .text entropy: 6.90689990924
Source: initial sampleStatic PE information: section name: .text entropy: 6.8458463901
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\helper_web_ui.btinstallJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\botva2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\is-8MDKK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\is-OO32S.tmpJump to dropped file
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\helper_web_ui.btinstallJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exeFile created: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\rsStubLib.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46200.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\helper\helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exeFile created: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0 (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exeFile created: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\ArchiveUtilityx64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exeFile created: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\ArchiveUtilityx86.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\license.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeFile created: C:\Program Files\RAVAntivirus\ui\LICENSE.electron.txt
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20220210192551382.log
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ Torrent.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run utJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run utJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run utJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run utJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_005C90B4 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,MessageBoxW,SetActiveWindow,1_2_005C90B4
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_006A68B0 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,SetActiveWindow,1_2_006A68B0
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Blob
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp TID: 5260Thread sleep time: -180000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp TID: 5244Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe TID: 6636Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe TID: 5572Thread sleep count: 37 > 30
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe TID: 6636Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-22922
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\botva2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDropped PE file which has not been started: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeDropped PE file which has not been started: C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46200.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\uTorrent\helper\helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\ArchiveUtilityx86.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1.zipJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: uTorrent.tmp, 00000001.00000002.824488675.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819355776.0000000000A5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
Source: OperaSetup.exe, 0000000C.00000003.851429465.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.838590471.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934181372.0000000000B95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWN
Source: uTorrent.tmp, 00000001.00000003.819934895.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824770261.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.774994009.0000000000DB7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.774905843.0000000000D85000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851429465.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.838590471.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934181372.0000000000B95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&1EC51BF7&0&000000
Source: uTorrent.tmp, 00000001.00000003.819934895.0000000000AB3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824770261.0000000000AB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_D
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004AF91C GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,0_2_004AF91C
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040AEF4 FindFirstFileW,FindClose,0_2_0040AEF4
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,0_2_0040A928
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0060C2B0 FindFirstFileW,GetLastError,1_2_0060C2B0
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0040E6A0 FindFirstFileW,FindClose,1_2_0040E6A0
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,1_2_0040E0D4
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose,1_2_006B8DE4
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile Volume queried: C:\Users\user\AppData\Roaming\uTorrent\share FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeCode function: 7_2_00673C29 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00673C29
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeMemory allocated: page read and write | page guard
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeCode function: 7_2_00673C29 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00673C29
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2b4,0x2b8,0x2bc,0x294,0x2c0,0x6d421678,0x6d421688,0x6d421694
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=6496 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20220210192600" --session-guid=dc5b86a8-4469-4529-9931-396e42450f24 --server-tracking-blob=YjFmY2FlNTY4ZGM2MzlhMGJiZTVmYWM4MTUyZWMyMzg0MWQ4YzNkNWYyNGFlZGQ5NThiYjc3OGY3YzkwYmVjNzp7ImNvdW50cnkiOiJJTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2ppcmEuaXJvbnNyYy5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9SVMmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249IiwidGltZXN0YW1wIjoiMTYwNzYwMDA0NC45NTQ2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg3LjAuNDI4MC44OCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6IjNlOWVmZDhkLTIzYjctNDUxZS04ZGJjLWFkOWI3NzI0NzkzOSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2c4,0x2c8,0x2cc,0x294,0x2d0,0x6e0b1678,0x6e0b1688,0x6e0b1694
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2b4,0x2b8,0x2bc,0x294,0x2c0,0x6d421678,0x6d421688,0x6d421694
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=6496 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20220210192600" --session-guid=dc5b86a8-4469-4529-9931-396e42450f24 --server-tracking-blob=YjFmY2FlNTY4ZGM2MzlhMGJiZTVmYWM4MTUyZWMyMzg0MWQ4YzNkNWYyNGFlZGQ5NThiYjc3OGY3YzkwYmVjNzp7ImNvdW50cnkiOiJJTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2ppcmEuaXJvbnNyYy5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9SVMmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249IiwidGltZXN0YW1wIjoiMTYwNzYwMDA0NC45NTQ2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg3LjAuNDI4MC44OCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6IjNlOWVmZDhkLTIzYjctNDUxZS04ZGJjLWFkOWI3NzI0NzkzOSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe" /silentJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_newJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "http://utorrent.com/prodnews?v=3%2e5%2e5%2e1%2e46146Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=73.0.3856.257 --initial-client-data=0x2b4,0x2b8,0x2bc,0x294,0x2c0,0x6d421678,0x6d421688,0x6d421694
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=6496 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20220210192600" --session-guid=dc5b86a8-4469-4529-9931-396e42450f24 --server-tracking-blob=YjFmY2FlNTY4ZGM2MzlhMGJiZTVmYWM4MTUyZWMyMzg0MWQ4YzNkNWYyNGFlZGQ5NThiYjc3OGY3YzkwYmVjNzp7ImNvdW50cnkiOiJJTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2ppcmEuaXJvbnNyYy5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9SVMmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249IiwidGltZXN0YW1wIjoiMTYwNzYwMDA0NC45NTQ2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg3LjAuNDI4MC44OCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6IjNlOWVmZDhkLTIzYjctNDUxZS04ZGJjLWFkOWI3NzI0NzkzOSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_006A60E8 ShellExecuteExW,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,1_2_006A60E8
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_005C7CE0 AllocateAndInitializeSid,GetVersion,GetModuleHandleW,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,1_2_005C7CE0
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_005C8B3C InitializeSecurityDescriptor,SetSecurityDescriptorDacl,1_2_005C8B3C
Source: C:\Users\user\Desktop\uTorrent.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,0_2_0040B044
Source: C:\Users\user\Desktop\uTorrent.exeCode function: GetLocaleInfoW,0_2_0041E034
Source: C:\Users\user\Desktop\uTorrent.exeCode function: GetLocaleInfoW,0_2_0041E080
Source: C:\Users\user\Desktop\uTorrent.exeCode function: GetLocaleInfoW,0_2_004AF218
Source: C:\Users\user\Desktop\uTorrent.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0040A4CC
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: GetUserDefaultUILanguage,GetLocaleInfoW,1_2_0040E7F0
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: GetLocaleInfoW,1_2_006103F8
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_0040DC78
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\RAV_antivirus.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\Opera_new.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\rsStubLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsn980C.tmp\rsStubLib.dll VolumeInformation
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00405AE0 cpuid 0_2_00405AE0
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0041C3D8 GetLocalTime,0_2_0041C3D8
Source: C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmpCode function: 1_2_00625754 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeW,GetLastError,CreateFileW,SetNamedPipeHandleState,CreateProcessW,CloseHandle,CloseHandle,1_2_00625754
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004B5114 GetModuleHandleW,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy,0_2_004B5114
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 BlobJump to behavior
Source: uTorrent.exeBinary or memory string: pg2.exe
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATIONJump to behavior
Source: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATIONJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		11
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts1
Scripting		2
DLL Search Order Hijacking		1
DLL Side-Loading		11
Deobfuscate/Decode Files or Information		LSASS Memory4
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Native API		1
Windows Service		2
DLL Search Order Hijacking		1
Scripting		Security Account Manager38
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts112
Command and Scripting Interpreter		11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		31
Obfuscated Files or Information		NTDS1
Query Registry		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon Script1
Windows Service		31
Software Packing		LSA Secrets131
Security Software Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.common12
Process Injection		1
Timestomp		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup Items11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		DCSync31
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job2
DLL Search Order Hijacking		Proc Filesystem1
Application Window Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)13
Masquerading		/etc/passwd and /etc/shadow2
System Owner/User Discovery		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)11
Modify Registry		Network Sniffing1
Remote System Discovery		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron31
Virtualization/Sandbox Evasion		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchd1
Access Token Manipulation		KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
Compromise Hardware Supply ChainVisual BasicScheduled TaskScheduled Task12
Process Injection		GUI Input CaptureDomain GroupsExploitation of Remote ServicesEmail CollectionCommonly Used PortProxyDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 570317 Sample: uTorrent.exe Startdate: 10/02/2022 Architecture: WINDOWS Score: 24 72 18.66.112.54 MIT-GATEWAYSUS United States 2->72 74 216.58.215.238 GOOGLEUS United States 2->74 76 173.222.108.192 AKAMAI-ASN1EU United States 2->76 8 uTorrent.exe 2 2->8         started        12 uTorrent.exe 4 61 2->12         started        process3 dnsIp4 58 C:\Users\user\AppData\Local\...\uTorrent.tmp, PE32 8->58 dropped 102 Obfuscated command line found 8->102 15 uTorrent.tmp 6 25 8->15         started        82 90.255.42.97 VodafoneGB United Kingdom 12->82 84 87.215.126.78 VERSATELASfortheTrans-EuropeanTele2IPTransportbackbo Netherlands 12->84 86 87 other IPs or domains 12->86 60 C:\Users\user\AppData\...\3.5.5_46200.exe, PE32 12->60 dropped 62 C:\Users\user\AppData\...\utorrentie.exe, PE32 12->62 dropped 64 C:\Users\user\AppData\...\3.5.5_46146.exe, PE32 12->64 dropped 66 2 other files (none is malicious) 12->66 dropped 104 Tries to detect sandboxes / dynamic malware analysis system (registry check) 12->104 file5 signatures6 process7 dnsIp8 94 18.66.107.151 MIT-GATEWAYSUS United States 15->94 96 8.8.8.8 GOOGLEUS United States 15->96 98 52.222.206.57 AMAZON-02US United States 15->98 32 C:\Users\user\AppData\...\uTorrent.exe (copy), PE32 15->32 dropped 34 C:\Users\user\AppData\...\OperaSetup.exe, PE32 15->34 dropped 36 C:\Users\user\AppData\Local\...\prod0 (copy), PE32 15->36 dropped 38 4 other files (none is malicious) 15->38 dropped 19 uTorrent.exe 64 52 15->19         started        23 prod0.exe 1 15->23         started        25 OperaSetup.exe 15->25         started        file9 process10 dnsIp11 40 C:\Users\user\AppData\...\uTorrent.exe, PE32 19->40 dropped 100 Tries to detect sandboxes / dynamic malware analysis system (registry check) 19->100 42 C:\Users\user\AppData\Local\...\rsStubLib.dll, PE32 23->42 dropped 44 C:\Users\user\...\RAVAntivirus-installer.exe, PE32 23->44 dropped 46 C:\Users\user\...\ArchiveUtilityx86.dll, PE32 23->46 dropped 48 C:\Users\user\...\ArchiveUtilityx64.dll, PE32+ 23->48 dropped 28 RAVAntivirus-installer.exe 23->28         started        78 185.26.182.117 NO-OPERANO Norway 25->78 80 104.18.3.211 CLOUDFLARENETUS United States 25->80 50 Opera_installer_2202101825436176496.dll, PE32 25->50 dropped 52 C:\Users\user\AppData\Local\...\opera_package, PE32 25->52 dropped 54 C:\Users\user\...\additional_file0.tmp, PE32 25->54 dropped 56 3 other files (none is malicious) 25->56 dropped file12 signatures13 process14 dnsIp15 88 34.203.60.21 AMAZON-AESUS United States 28->88 90 13.32.99.44 AMAZON-02US United States 28->90 92 52.222.214.108 AMAZON-02US United States 28->92 68 C:\Program Files\...\node.napi.node, PE32+ 28->68 dropped 70 C:\Program Files\...\rsBridgeNapi.node, PE32+ 28->70 dropped file16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
uTorrent.exe2%VirustotalBrowse
uTorrent.exe0%MetadefenderBrowse
uTorrent.exe7%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node0%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
10.0.uTorrent.exe.400000.0.unpack100%AviraTR/Crypt.ULPM.GenDownload File
7.0.uTorrent.exe.400000.0.unpack100%AviraTR/Crypt.ULPM.GenDownload File
12.0.OperaSetup.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://127.0.0.1:%d/proxy?sid=%x&file=%dverify_rsa_signature_appkeyrsa_generate_keyrsa_sign_hashrsa_0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic.html?bucket=classic-aunz0%Avira URL Cloudsafe
https://video.trontv.com/smart/display/smart.html?bucket=test-holistic-plus-display-prebidRv0%Avira URL Cloudsafe
https://video.trontv.com/netw0%Avira URL Cloudsafe
https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
https://desktop-netinstaller-sub.osp.opera.software/SysWOW640%Avira URL Cloudsafe
https://test.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-prebid&test=10%Avira URL Cloudsafe
http://192.168.2CYo0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-6Goc0%Avira URL Cloudsafe
https://www.innosetup.com/0%URL Reputationsafe
https://staging.trontv.com/network/utclassic.html?bucket=classic-us0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic-content.html?bucket=classic-aunz0%Avira URL Cloudsafe
https://logincdn.msauth.net/16.000.28666.10/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370%URL Reputationsafe
https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-4;0%Avira URL Cloudsafe
https://logincdn.msauth.net/16.000.28666.10/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e0%URL Reputationsafe
https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-7:4430%Avira URL Cloudsafe
https://logincdn.msauth.net/16.000.28230.00/ConvergedLoginPaginatedStrings.en.jsngLMEM0%Avira URL Cloudsafe
http://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.php/NOTFAREAping.exe%s0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-6m/n0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-370%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic.html?bucket=classic-mea0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-2tml#um0%Avira URL Cloudsafe
https://logincdn.msauth.net/16.000.28230.00/Converged_v21033.cssLMEM0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-1i0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic.html?bucket=classic-eur0%Avira URL Cloudsafe
http://trontv.com?client=%s%s0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic.hQ0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-7eca0%Avira URL Cloudsafe
https://test.tro0%Avira URL Cloudsafe
http://127.0.0.1:5001/api/latest/idCzsw0%Avira URL Cloudsafe
http://engine.ap.bittorrent.comX6-0%Avira URL Cloudsafe
https://video.trontv.com/smart/video/preroll-pod.html?bucket=test-holistic-plus-video-prebid&test=1&0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic-content.html?bucket=classi0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-prebid&test=0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-100%Avira URL Cloudsafe
http://192.168.20%Avira URL Cloudsafe
http://www.utorrent.com?client=%s%s0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic-content.html?bucket=classic-us0%Avira URL Cloudsafe
https://video.trontv.com/network/utclassic.html?bucket=classic-apac0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://127.0.0.1:%d/proxy?sid=%x&file=%dverify_rsa_signature_appkeyrsa_generate_keyrsa_sign_hashrsa_uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
  • Avira URL Cloud: safe
low
https://www.google.com/chrome/static/images/uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    http://events.bittorrent.com/startConversionXzlwuTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      http://www.utorrent.com/faquTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpfalse
        		high
        https://video.trontv.com/network/utclassic.html?bucket=classic-aunzuTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://video.trontv.com/smart/display/smart.html?bucket=test-holistic-plus-display-prebidRvuTorrent.exe, 0000000A.00000003.902553473.0000000003EF9000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.utorrent.com/remotehelp.icouTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
          		high
          https://video.trontv.com/netwuTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://deff.nelreports.net/api/report?cat=msnuTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://desktop-netinstaller-sub.osp.opera.software/SysWOW64OperaSetup.exe, 0000000C.00000003.851323877.0000000000B71000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://test.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-prebid&test=1uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://192.168.2CYouTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://www.bittorrent.com/certified-devices/ORCopyuTorrent.exe, 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpfalse
            		high
            http://www.bittorrent.com/certified-devices/uTorrent.exe, 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpfalse
              		high
              https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-6GocuTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://btinstall-artifacts.staging.bittorrent.comuTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                		high
                https://www.innosetup.com/uTorrent.exe, 00000000.00000003.677235452.000000007FB90000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.674931514.0000000002740000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, uTorrent.tmp, 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://www.reasonsecurity.com/termsuTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://staging.trontv.com/network/utclassic.html?bucket=classic-usuTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://events.bittorrent.com/startConversionrauTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://update.utorrent.com/speedstats.php?result=uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                      		high
                      http://cdn.ap.bittorrent.com/control/feature/tags/staging_ut.jsonuTorrent.exe, 00000007.00000002.774542465.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                        		high
                        https://video.trontv.com/network/utclassic-content.html?bucket=classic-aunzuTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://events.bittorrent.com/startConversionreuTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp?offer=uTorrent.exefalse
                            		high
                            https://download5.operacdn.com/pub/opera/desktop/83.0.4254.54/win/Opera_83.0.4254.54_Autoupdate_x64.OperaSetup.exe, 0000000C.00000003.934140911.0000000000B72000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.933473944.0000000003F47000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.931809959.0000000003F29000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://utclient.utorrent.com/pro/utorrent/index.htmluTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.922015846.0000000000CD6000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.opera.com/heuTorrent.tmp, 00000001.00000003.818413308.0000000002525000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.google.com/complete/search?q&cp=0&client=psy-ab&xssi=t&gs_ri=gws-wiz&hl=en&authuser=0&psuTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://logincdn.msauth.net/16.000.28666.10/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc1937uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-4;uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://apps.bittorrent.com/utorrent-onboarding/player.btappuTorrent.exe, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://logincdn.msauth.net/16.000.28666.10/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266euTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.reasonsecurity.com/privacy-policyuTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://events.bittorrent.com/startConversion.~uTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://d3cfdnjelz8u20.cloudfront.net/ouTorrent.exe, 00000000.00000003.672884888.0000000002600000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818432564.000000000252C000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.817504561.0000000004D42000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818204548.0000000007634000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.680911705.0000000003540000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-7:443uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.pnguTorrent.exe, 0000000A.00000003.808218046.0000000003EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.kymoto.orguTorrent.exe, 00000000.00000003.827085716.0000000002425000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.818357181.0000000002505000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.reasonsecurity.com/termsvuTorrent.tmp, 00000001.00000002.826043771.0000000005D70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.symauth.com/cps0(uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934473965.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://d4bohzj3dmv4j.cloudfront.net/f/Opera/images/DOTPS-502/EN.pnguTorrent.tmp, 00000001.00000002.825574550.00000000053B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://logincdn.msauth.net/16.000.28230.00/ConvergedLoginPaginatedStrings.en.jsngLMEMuTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.php/NOTFAREAping.exe%suTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.jsLMEMuTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.935189415.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://update.utorrent.com/speedserverlist.phpuTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                          		high
                                                          https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-6m/nuTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.opera.com/he/eula/computersbuTorrent.tmp, 00000001.00000002.825650419.000000000543A000.00000004.00000800.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000003.819705955.0000000005438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.surveymonkey.com/s/C2VFYPCuTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                              		high
                                                              http://download.utorrent.com/help/utorrent-help-3551.zipuTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                		high
                                                                http://www.symauth.com/rpa00uTorrent.exe, 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmp, uTorrent.exe, 0000000A.00000003.934473965.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-37uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://utclient.utorrent.com/offers/trontv-popout/index.htmluTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                    		high
                                                                    http://utorrent.com/download/langpacks/dl.php?build=46146&ref=client&client=utorrent&sys_l=%s&sel_l=uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                      		high
                                                                      https://video.trontv.com/network/utclassic.html?bucket=classic-meauTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-2tml#umuTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.google.com/chrome/static/images/fallback/icon-help.jpguTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.opera.com/he/privacye4uTorrent.tmp, 00000001.00000003.819559078.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://utorrent.com/webui-guide.phpuTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                            		high
                                                                            https://logincdn.msauth.net/16.000.28230.00/Converged_v21033.cssLMEMuTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-1iuTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d4bohzj3dmv4j.cloudfront.net/f/uTorrentClassic/DOTPS-424/2/uTorrent.exeOuTorrent.tmp, 00000001.00000003.819559078.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, uTorrent.tmp, 00000001.00000002.824821093.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://video.trontv.com/network/utclassic.html?bucket=classic-euruTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898624026.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://utclient.utorrent.com/pro/utorrent/index.htmlCustomerIdSoftwareuTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                		high
                                                                                http://trontv.com?client=%s%suTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                https://video.trontv.com/network/utclassic.hQuTorrent.exe, 0000000A.00000003.906410357.0000000003F97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.901536637.0000000003F77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.reasonsecurity.com/privacy-policy?utm_source=rav_antivirus_installerRAVAntivirus-installer.exe, 0000000B.00000003.790761902.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, RAVAntivirus-installer.exe, 0000000B.00000000.788140923.0000000000572000.00000002.00000001.01000000.0000000B.sdmp, RAVAntivirus-installer.exe, 0000000B.00000003.793095069.000000001B590000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://events.bittorrent.com/startConversionJzzwuTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://certificates.godaddy.com/repository/0uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                      		high
                                                                                      http://twitter.com/utorrentuTorrent.exe, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.854258684.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.google.com/images/phd/px.gifuTorrent.exefalse
                                                                                          		high
                                                                                          https://video.trontv.com/network/utclassic.html?bucket=test-qa-leaderboard-7ecauTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://cdn.ap.bittorrent.com/control/feature/tags/staging_bt.jsonuTorrent.exe, 00000007.00000002.774542465.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                            		high
                                                                                            http://www.utorrent.com/pro/?x-source=myproacct#comp-tbl&procomppage=&proupgradepage=&licensestatus=uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                              		high
                                                                                              https://www.google.com/images/searchbox/desktop_searchbox_sprites302_hr.pngLMEMuTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://cdn.bitmedianetwork.com/network/index.html?adt=5&browser=chrome&clientdata=ut%7c3%2e5%2e5%2e4uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://i-29.b-46146.ut.bench.utorrent.com/e?i=290uTorrent.exe, 0000000A.00000003.854274369.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.853739927.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851458301.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://events.bittorrent.com/startConversionoauTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://test.trouTorrent.exe, 0000000A.00000003.898212076.0000000003EFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://127.0.0.1:5001/api/latest/idCzswuTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://engine.ap.bittorrent.comX6-uTorrent.exe, 0000000A.00000003.902169553.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.930707518.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		low
                                                                                                      https://video.trontv.com/smart/video/preroll-pod.html?bucket=test-holistic-plus-video-prebid&test=1&uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://update.bittorrent.com/time.phpuTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                        		high
                                                                                                        http://utclient.utorrent.com/badads-feedback/index.html#/uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                          		high
                                                                                                          https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2uTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://update.utorrent.com/surveyrf9uTorrent.exe, 0000000A.00000003.853563653.0000000003E67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.851093159.0000000003E58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://download.opera.com/download/get/?id=56255&autoupdate=1&ni=1&stream=stable&utm_campaign=operaOperaSetup.exe, 0000000C.00000003.934181372.0000000000B95000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.934339905.0000000003F5F000.00000004.00000800.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.838833965.0000000000BB1000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000C.00000003.851543623.0000000000BB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://video.trontv.com/network/utclassic-content.html?bucket=classiuTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://video.trontv.com/network/utclassic-content.html?bucket=test-holistic-plus-video-prebid&test=uTorrent.exe, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909349790.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.919876226.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916147694.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910504161.0000000003E58000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909722610.0000000003DBC000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://utclient.utorrent.com/offers/onboarding-basic/i18n/en/ads-offer.htmlhttp://utclient.utorrent.uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.utorrent.com/testport.php?port=%duTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://video.trontv.com/network/utclassic-content.html?bucket=test-qa-mrec-video-10uTorrent.exe, 0000000A.00000003.909506925.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.910775698.0000000003E97000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.916470904.0000000003E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.google.com/chrome/static/images/homepage/google-enterprise.pngLMEMuTorrent.exe, 0000000A.00000003.807909774.0000000003E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://192.168.2uTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		low
                                                                                                                      http://www.utorrent.com?client=%s%suTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		low
                                                                                                                      http://apps.bittorrent.com/utorrent-onboarding/player.btapp/MINIMIZEDINSTALLDEBUG:uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://video.trontv.com/network/utclassic-content.html?bucket=classic-usuTorrent.exe, 0000000A.00000003.934627198.0000000003F67000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934776517.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.898338665.0000000003EF5000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933951404.0000000003DE2000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.933929390.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.909898084.0000000003DD6000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934985413.0000000003E55000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000A.00000003.934887781.0000000003F57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://video.trontv.com/network/utclassic.html?bucket=classic-apacuTorrent.exe, 0000000A.00000003.923391243.0000000000CDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://cdn.ap.bittorrent.com/control/tags/bt.jsonuTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://api-dev.bt.co/v1/rule/utclassic/puTorrent.exe, 00000007.00000002.774552092.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            37.73.76.216
                                                                                                                            		unknownUkraine
                                                                                                                            		34058LIFECELL-ASUAfalse
                                                                                                                            95.29.43.16
                                                                                                                            		unknownRussian Federation
                                                                                                                            		8402CORBINA-ASOJSCVimpelcomRUfalse
                                                                                                                            86.115.193.183
                                                                                                                            		unknownFinland
                                                                                                                            		1759TSF-IP-CORETeliaFinlandOyjEUfalse
                                                                                                                            95.140.230.217
                                                                                                                            		unknownUnited Kingdom
                                                                                                                            		22822LLNWUSfalse
                                                                                                                            216.58.215.238
                                                                                                                            		unknownUnited States
                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                            152.57.170.147
                                                                                                                            		unknownIndia
                                                                                                                            		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                                                                                            84.229.199.96
                                                                                                                            		unknownIsrael
                                                                                                                            		9116GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSystefalse
                                                                                                                            183.210.251.148
                                                                                                                            		unknownChina
                                                                                                                            		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
                                                                                                                            79.182.42.126
                                                                                                                            		unknownIsrael
                                                                                                                            		8551BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneILfalse
                                                                                                                            52.222.206.57
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            18.66.112.54
                                                                                                                            		unknownUnited States
                                                                                                                            		3MIT-GATEWAYSUSfalse
                                                                                                                            95.111.247.158
                                                                                                                            		unknownUkraine
                                                                                                                            		51167CONTABODEfalse
                                                                                                                            62.217.191.186
                                                                                                                            		unknownRussian Federation
                                                                                                                            		41275LEALTA-ASMoscowRussiaRUfalse
                                                                                                                            8.8.8.8
                                                                                                                            		unknownUnited States
                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                            173.252.54.213
                                                                                                                            		unknownCanada
                                                                                                                            		11260EASTLINK-HSICAfalse
                                                                                                                            18.66.107.151
                                                                                                                            		unknownUnited States
                                                                                                                            		3MIT-GATEWAYSUSfalse
                                                                                                                            154.60.246.120
                                                                                                                            		unknownUnited States
                                                                                                                            		15364ASN-TECAVICASESfalse
                                                                                                                            50.19.117.181
                                                                                                                            		unknownUnited States
                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                            104.16.235.79
                                                                                                                            		unknownUnited States
                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                            185.123.194.200
                                                                                                                            		unknownRussian Federation
                                                                                                                            		203791ASKURIERRUfalse
                                                                                                                            104.18.3.211
                                                                                                                            		unknownUnited States
                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                            47.31.178.74
                                                                                                                            		unknownIndia
                                                                                                                            		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                                                                                            204.236.227.238
                                                                                                                            		unknownUnited States
                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                            188.74.64.183
                                                                                                                            		unknownUnited Kingdom
                                                                                                                            		25178KEYCOM-ASGBfalse
                                                                                                                            34.203.60.21
                                                                                                                            		unknownUnited States
                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                            72.68.0.37
                                                                                                                            		unknownUnited States
                                                                                                                            		701UUNETUSfalse
                                                                                                                            213.34.163.254
                                                                                                                            		unknownNetherlands
                                                                                                                            		33915TNF-ASNLfalse
                                                                                                                            180.15.189.171
                                                                                                                            		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                                                                                                                            104.152.239.53
                                                                                                                            		unknownJamaica
                                                                                                                            		30689FLOW-NETJMfalse
                                                                                                                            78.155.23.160
                                                                                                                            		unknownSwitzerland
                                                                                                                            		15547NETPLUSCHfalse
                                                                                                                            82.221.103.244
                                                                                                                            		unknownIceland
                                                                                                                            		50613THORDC-ASISfalse
                                                                                                                            45.33.39.224
                                                                                                                            		unknownUnited States
                                                                                                                            		63949LINODE-APLinodeLLCUSfalse
                                                                                                                            78.137.87.152
                                                                                                                            		unknownYemen
                                                                                                                            		30873PTC-YEMENNETYEfalse
                                                                                                                            108.172.180.100
                                                                                                                            		unknownCanada
                                                                                                                            		852ASN852CAfalse
                                                                                                                            239.255.255.250
                                                                                                                            		unknownReserved
                                                                                                                            		unknownunknownfalse
                                                                                                                            52.222.214.85
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            89.142.67.116
                                                                                                                            		unknownSlovenia
                                                                                                                            		5603SIOL-NETTelekomSlovenijeddSIfalse
                                                                                                                            103.119.190.78
                                                                                                                            		unknownIndia
                                                                                                                            		55352MCPL-INMicroscanComputersPrivateLimitedINfalse
                                                                                                                            54.70.174.84
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            45.139.215.151
                                                                                                                            		unknownGreece
                                                                                                                            		6799OTENET-GRAthens-GreeceGRfalse
                                                                                                                            95.140.230.170
                                                                                                                            		unknownUnited Kingdom
                                                                                                                            		22822LLNWUSfalse
                                                                                                                            129.226.190.101
                                                                                                                            		unknownSingapore
                                                                                                                            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                            84.106.52.75
                                                                                                                            		unknownNetherlands
                                                                                                                            		33915TNF-ASNLfalse
                                                                                                                            50.16.195.150
                                                                                                                            		unknownUnited States
                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                            176.199.211.128
                                                                                                                            		unknownGermany
                                                                                                                            		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
                                                                                                                            121.121.114.10
                                                                                                                            		unknownMalaysia
                                                                                                                            		9534MAXIS-AS1-APBinariangBerhadMYfalse
                                                                                                                            144.91.66.212
                                                                                                                            		unknownGermany
                                                                                                                            		51167CONTABODEfalse
                                                                                                                            216.145.88.58
                                                                                                                            		unknownUnited States
                                                                                                                            		22792MNETUSfalse
                                                                                                                            13.32.99.44
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            79.133.112.196
                                                                                                                            		unknownRussian Federation
                                                                                                                            		59793CISP-ASRUfalse
                                                                                                                            179.6.57.11
                                                                                                                            		unknownPeru
                                                                                                                            		12252AmericaMovilPeruSACPEfalse
                                                                                                                            54.194.135.233
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            120.29.106.213
                                                                                                                            		unknownPhilippines
                                                                                                                            		17639CONVERGE-ASConvergeICTSolutionsIncPHfalse
                                                                                                                            45.139.215.41
                                                                                                                            		unknownGreece
                                                                                                                            		6799OTENET-GRAthens-GreeceGRfalse
                                                                                                                            77.222.156.165
                                                                                                                            		unknownUkraine
                                                                                                                            		3326DATAGROUPDatagroupPJSCUAfalse
                                                                                                                            41.200.139.157
                                                                                                                            		unknownAlgeria
                                                                                                                            		36947ALGTEL-ASDZfalse
                                                                                                                            62.16.59.201
                                                                                                                            		unknownRussian Federation
                                                                                                                            		15640FPIC-ASRUfalse
                                                                                                                            51.218.239.252
                                                                                                                            		unknownSaudi Arabia
                                                                                                                            		25019SAUDINETSTC-ASSAfalse
                                                                                                                            52.222.214.108
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            135.181.182.186
                                                                                                                            		unknownGermany
                                                                                                                            		24940HETZNER-ASDEfalse
                                                                                                                            185.26.182.117
                                                                                                                            		unknownNorway
                                                                                                                            		39832NO-OPERANOfalse
                                                                                                                            180.38.94.153
                                                                                                                            		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                                                                                                                            173.222.108.192
                                                                                                                            		unknownUnited States
                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                            90.255.42.97
                                                                                                                            		unknownUnited Kingdom
                                                                                                                            		5378VodafoneGBfalse
                                                                                                                            89.109.44.187
                                                                                                                            		unknownRussian Federation
                                                                                                                            		12389ROSTELECOM-ASRUfalse
                                                                                                                            5.74.102.25
                                                                                                                            		unknownIran (ISLAMIC Republic Of)
                                                                                                                            		12880DCI-ASIRfalse
                                                                                                                            31.166.100.82
                                                                                                                            		unknownSaudi Arabia
                                                                                                                            		35819MOBILY-ASEtihadEtisalatCompanyMobilySAfalse
                                                                                                                            207.244.225.53
                                                                                                                            		unknownUnited States
                                                                                                                            		40021CONTABOUSfalse
                                                                                                                            54.204.23.186
                                                                                                                            		unknownUnited States
                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                            95.105.125.89
                                                                                                                            		unknownRussian Federation
                                                                                                                            		41704OGS-ASRUfalse
                                                                                                                            108.55.9.35
                                                                                                                            		unknownUnited States
                                                                                                                            		701UUNETUSfalse
                                                                                                                            92.191.66.129
                                                                                                                            		unknownFrance
                                                                                                                            		12479UNI2-ASESfalse
                                                                                                                            87.215.126.78
                                                                                                                            		unknownNetherlands
                                                                                                                            		13127VERSATELASfortheTrans-EuropeanTele2IPTransportbackbofalse
                                                                                                                            5.198.53.30
                                                                                                                            		unknownUnited Kingdom
                                                                                                                            		12390KINGSTON-UK-ASGBfalse
                                                                                                                            139.167.190.78
                                                                                                                            		unknownIndia
                                                                                                                            		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                                                                                                                            86.0.200.120
                                                                                                                            		unknownUnited Kingdom
                                                                                                                            		5089NTLGBfalse
                                                                                                                            112.162.81.56
                                                                                                                            		unknownKorea Republic of
                                                                                                                            		4766KIXS-AS-KRKoreaTelecomKRfalse
                                                                                                                            95.28.36.192
                                                                                                                            		unknownRussian Federation
                                                                                                                            		8402CORBINA-ASOJSCVimpelcomRUfalse
                                                                                                                            95.140.230.192
                                                                                                                            		unknownUnited Kingdom
                                                                                                                            		22822LLNWUSfalse
                                                                                                                            91.171.137.17
                                                                                                                            		unknownFrance
                                                                                                                            		12322PROXADFRfalse
                                                                                                                            193.32.127.220
                                                                                                                            		unknownSweden
                                                                                                                            		39351ESAB-ASSEfalse
                                                                                                                            64.66.195.81
                                                                                                                            		unknownCanada
                                                                                                                            		53913CITY-WIDE-COMMUNICATIONSCAfalse
                                                                                                                            93.89.171.21
                                                                                                                            		unknownHungary
                                                                                                                            		5483MAGYAR-TELEKOM-MAIN-ASMagyarTelekomNyrtHUfalse
                                                                                                                            196.188.244.100
                                                                                                                            		unknownEthiopia
                                                                                                                            		24757EthioNet-ASETfalse
                                                                                                                            92.118.228.18
                                                                                                                            		unknownLatvia
                                                                                                                            		35913DEDIPATH-LLCUSfalse
                                                                                                                            136.243.91.52
                                                                                                                            		unknownGermany
                                                                                                                            		24940HETZNER-ASDEfalse
                                                                                                                            31.201.22.191
                                                                                                                            		unknownNetherlands
                                                                                                                            		50266TMOBILE-THUISNLfalse
                                                                                                                            60.98.106.186
                                                                                                                            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                                                                                                                            106.193.207.61
                                                                                                                            		unknownIndia
                                                                                                                            		45609BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSServicefalse
                                                                                                                            45.139.215.181
                                                                                                                            		unknownGreece
                                                                                                                            		6799OTENET-GRAthens-GreeceGRfalse
                                                                                                                            93.169.76.216
                                                                                                                            		unknownSaudi Arabia
                                                                                                                            		39891ALJAWWALSTC-ASSAfalse
                                                                                                                            35.163.251.58
                                                                                                                            		unknownUnited States
                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                            90.151.81.19
                                                                                                                            		unknownRussian Federation
                                                                                                                            		12389ROSTELECOM-ASRUfalse
                                                                                                                            54.225.179.233
                                                                                                                            		unknownUnited States
                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                            27.60.14.191
                                                                                                                            		unknownIndia
                                                                                                                            		45609BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSServicefalse
                                                                                                                            84.26.143.136
                                                                                                                            		unknownNetherlands
                                                                                                                            		33915TNF-ASNLfalse
                                                                                                                            37.214.72.154
                                                                                                                            		unknownBelarus
                                                                                                                            		6697BELPAK-ASBELPAKBYfalse

                                                                                                                            Private

                                                                                                                            IP
                                                                                                                            192.168.2.1
                                                                                                                            192.168.2.4
                                                                                                                            192.168.2.3

                                                                                                                            General Information

                                                                                                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                            Analysis ID:570317
                                                                                                                            Start date:10.02.2022
                                                                                                                            Start time:19:23:46
                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                            Overall analysis duration:0h 16m 19s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Sample file name:uTorrent.exe
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                            Number of analysed new started processes analysed:26
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • HDC enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Detection:SUS
                                                                                                                            Classification:sus24.evad.winEXE@28/129@0/100
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 75%
                                                                                                                            HDC Information:
                                                                                                                            • Successful, ratio: 42.2% (good quality ratio 41.1%)
                                                                                                                            • Quality average: 80.3%
                                                                                                                            • Quality standard deviation: 23.8%
                                                                                                                            HCA Information:Failed
                                                                                                                            Cookbook Comments:
                                                                                                                            • Adjust boot time
                                                                                                                            • Enable AMSI
                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                            • Execution Graph export aborted for target uTorrent.exe, PID 4720 because there are no executed function
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            TimeTypeDescription
                                                                                                                            19:24:53API Interceptor9x Sleep call for process: uTorrent.tmp modified
                                                                                                                            19:25:29AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ut C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
                                                                                                                            19:25:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ut C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
                                                                                                                            19:25:48API Interceptor9x Sleep call for process: uTorrent.exe modified
                                                                                                                            19:26:49API Interceptor2x Sleep call for process: utorrentie.exe modified

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            No context

                                                                                                                            Domains

                                                                                                                            No context

                                                                                                                            ASNs

                                                                                                                            No context

                                                                                                                            JA3 Fingerprints

                                                                                                                            No context

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Program Files\RAVAntivirus\AntivirusInstaller.exe.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):161
                                                                                                                            Entropy (8bit):5.010777093927904
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRyAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRyAqDQIm
                                                                                                                            MD5:DDC25AEFCAE9826CCE1754C2C89E959D
                                                                                                                            SHA1:36899490B8B0CF36AE8A1477468F3884C0CC9664
                                                                                                                            SHA-256:F8AD17C37D444521B3905CCBD75EA6CB6E3D2763B16EB56B2E1AA4274173E614
                                                                                                                            SHA-512:4C52E02E4E6A17FD36714E3769D34BC14675D47BE0322B14F4BBB13268C34DFE647A37DB7DF0DE7D8C31494BF878B597EDF85913E7FB648CB0D993E89FB5D611
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup></configuration>..

                                                                                                                            C:\Program Files\RAVAntivirus\RAVAntivirus.7z

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:7-zip archive data, version 0.4
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):77798468
                                                                                                                            Entropy (8bit):7.999991601212277
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:1572864:Wzl/EHR/XinKgxL9sKll86iNTadQ7LJI5I0eh:WzlscnhzsKlpyTadqNX1h
                                                                                                                            MD5:75C020694E7DB1B7BDA82437B818FBD5
                                                                                                                            SHA1:1D0C5093BDC6BA5DD52D7F2A1C1AA5A80AFBB2C0
                                                                                                                            SHA-256:5DD0B04E233485D20370CD098F137929A780087D1C739A918F12D1117183149B
                                                                                                                            SHA-512:817921439967F2514886913EE84309D425FC0EA1586CB18BFF57AF2312895777AE27D9266708C8FF96563CE962D38CDCC5A26872248D36EB00675BBA43C6E7D7
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:7z..'...=...........%.......d.H....].......f......{3....(1v%f M*.m..]...IJC...i.M`..L.K..O....*...^?..G TX..y5.I.C7O.(.f.p...C....N....t...Q..Z~..^.|....Uis....L.*.4S!.'v...\..f*.A........2T.V.,.5.~...:@B....%..lK.....1....$..M.E.]..Dm.bs.........8=.2]..nX...SI..K..i#......|:.g.apw.B(.g).[.....h.:...e.4,.P...|..)......^wJ-.:......TFq......Rj<.,.|...f"..B8f.N.P.....c}.tB{...d.8....RG....{.. k....&.X....v.......M.F..\...m...5..M,._...a.u.,...Jm.3...Bu.....L._........%..i...1J....h....u.Ln..&v..t|.kma.......`.,sZ".O.y...VX..|C.X...*.s.h.hTXIp.. .kZ..MK+;.Q.W.,.?..i=...w...]..tKL.8.........G...0...t8.........T.5...Q-...;..+..b_.s........Pk.,...`.&....I...0...X.fd...$.\...:H".b...PI..2. .V......t.$n...D+........D.q@x..q.^.s.UN%....0.4.:S...g?....<.....K.1.....HF.7b..z(..!....<p.Z......$Ht.7].&\.de-.7.s.......n..o&+..p.tz....Cx.Y....p.Y....E.....3.....#?...;.eED....s.%.....Y.[_SK..A.`t..!..~..x...82..|..`...//.,TI..,.v..k.{.EE...m.C..O..q

                                                                                                                            C:\Program Files\RAVAntivirus\SecurityProductInformation.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):112
                                                                                                                            Entropy (8bit):4.9372191821953795
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:LBQBIGqr2igRUGLsW7/ZA783dEcsAVCXoA0Ayn:1U2rwRUGZA783dAAVCXoA7y
                                                                                                                            MD5:AA76741FF18EEF8DADD607315B86815D
                                                                                                                            SHA1:F71E92F4ABDC7DC7FBEAF8583A8415A83948F2DA
                                                                                                                            SHA-256:3F8B58A5E9F78367AC1F366488004B409BC1526439D1C3FAA344A95BCA445D32
                                                                                                                            SHA-512:7FBE625D421AD9A6DFB1AF1956CC4B65320385E05B1013054922E17AFCF990857B8996EED02E2497F978CFAF07460D7EC9487B070BB1287074DD3DA4A5055164
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:[Products] ..Name=Reason Cybersecurity ..Version=3.5.0 ..Company=Reason Software Company, Inc ..Upgrade=FALSE ..

                                                                                                                            C:\Program Files\RAVAntivirus\Signatures.dat

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1975512
                                                                                                                            Entropy (8bit):5.999992122758542
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24576:9LFPMocurTzJBn/sMAhJbEcjr173mkGABSD/9+OGp6N+W1CNQUbbEw0QswOKzn31:jH1H/sMAX4AB40K+tBsly3/Hn9W7MjF
                                                                                                                            MD5:F469E100AE5362C5FCFA0973784D6297
                                                                                                                            SHA1:314B51E31350F49AF49A34FFCCDB7C9F453FCF61
                                                                                                                            SHA-256:C12BFB653A38E997FB6153171C6ABD5D7F5A45603369E144A5913A12FE9A81E2
                                                                                                                            SHA-512:4E4AD79DDD6A04E46DD4D3029BFD7F95011749D425D088E2C66AF30DFF2561FF352814C8CB7C7967D1BE368C00E37E8AB336438F986EC8B70A8B0B731EDA4C8C
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:LtAADqVO7UZPm5M2i6U0UkLXvs0a+55XcQzqWKHPpCEeJTeOfjrOE8Ba8CDQIiybyCq1HZebegW9AyHX4+3/QgWR+TbsaDFmNl4d7p5jihdZKZMt5AK6eREtEaLUMytSIOwW7hr1gZ4HAVpcWLrhHmJfvRaRnt4IFf+1XIviDBdAlaeXTrunXuWhR+dDuN22NjwXIglKjv3geB2MVg8CzEGOEpUeVz4dkqaIYVGf85cy6THZP3m0wckj5WPN+bSsADmrZaN8rnZkXMulYXmWNXIPtd04L0rp6igFaplCebFi+zutPWL0zKnNIXull0/3Jy0d/M/GZNk7B7+cB7u05QTnpOy+wdlcloyFFEUwqzDvn49foubP/RnVUj3sOGcZL88bBX8TxahLBxjvvoW3J+7HfG2FYwEhsk6dwM2tSye+KyFQ9yokAoHB+pBf6lO0gr2JG48rRm+KqfARUYfFrj1t8kr4rbIwpIQBXCCDUM3iVRmO8KCTTRZMqlarXqSNyIRD11wf+nA7rtULCatLPNr8k7GZIUwnhek1942r47ybjuZGxihgbejZDA7XqU/0rBRC+T2tZNBsE239ou0Rp5q5NKq86lQ54RWx3vphmnZUtNd7Oj4ifYZsqTBcQhb/DZ0+YaFW9LSN25YgaSRXkOrmW1+dNbOHqi13ZufeGX/MkxD25XbLGPolPVrbTkc84fqY4gxi5/W7yZgqiPpu4ppi5YCWx0jB7hfXrOONms2ca1IqeEkF/A1KPHWaCmDee+5NE/LIXU1l54AnP+9HgXQYHG9N3+8qrIPY3aYYQexDkWorvC1e43qpraM9/s3SLl/akRyz9qaQt6T/kGf7nVzTGCc5b+p50c2Km0zEazr3i+83Uzz/vitJGHcn3HcHA9CAlxdtKpP6B2iCrlG+wl8DzyNXA9sX3lydW7EWBGumFO+vj2AHNGn+zYWBH10+K5oSHd0Pj/ah3OHYITyXJY5Li1OLfAahndnifV3G

                                                                                                                            C:\Program Files\RAVAntivirus\WhiteList.dat

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):425964
                                                                                                                            Entropy (8bit):5.999921067027658
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:m4pEw82XNg28scaLzfipw1kD/iDfeGETP5BPhwQxiSlHeaq3xSMlTt6g2Z25UF7x:zq/Rai/rHGOEgO2ZYM5
                                                                                                                            MD5:63C1EF6AD116D0AFDC877231C5413B45
                                                                                                                            SHA1:930CC9465DA5C211754D5DAB9563833A8B02D58D
                                                                                                                            SHA-256:13CE90E2781919B3E613DF900C84F71CF92007576187D2C6215FD2A4F1AFD356
                                                                                                                            SHA-512:7E7C085B5CC4E8674873428B27466A0473AEFEF9DC07A75C61CDE29919D4308D8F96567804024188179E3FEB8FFD3A14ACFC2D4BB89D153B127507A0FDFE0C63
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:aQvzoi2Wy/GM1W18d4S2cF7+b/4F6oyptFWnwfSPzgEnbJWME2NZkx5sqg0g1jJw4YntiwhMqDjbCvqE+Ja6jTxx9OvbkMplJmYkQcf4POyMoZXyLWmQyR4w54ZKSBuGMFed3bQeGWaEKX/9GTopmd9vMmFsRhKhWrC/W9aSFk2VdEhAInrvbW7k3e8WaBFYtuZ/1tJ+RlzCjo3P5l2U/lUqaySQQhBiMhbUUtR5Fp4hgzNU32rEJGjBKpwoc1IiRzh2xtommn4eQV+az2ij8MkSuyYy+lGggRkT9dk+eoyX551qAVAFkoP5mhSlLGaTfVvTp7T0Lad3adm2kmsOz2aduEpFrir+bEcga0VXK+3MeijEJJrQBKNzyzJqXyqhrs0r1K2vDTzSOFZGGKOpbKHUaX1wDcFK30R4qVr8d5aGrwOoHwhnpWRUT+NOXHxjxQzfbtSdmc1D5f1xrE+aKG4wmFGp2UzM9Jg9ddmKaDs1RlcH4VXbt8UY1Z5JEaBYhd/6afD1kbZRoZpdsGyRrSzkaMTZJJAuPm5nqv+ykYtKizzlw2aZY2Kyl2KPLGjrdTRwYJpbE7Aq0EFGHjrsK1QI5KCe7t6A7VBwvm2Sj4tajelSNbpKZUTI13n0xrWacHI/NCMsW2j9FZJ/abe0Ei0gsz7RpmHXHq51YwYpBIyzEV8pof/P4S6/mQPQl3WeFQlfQkLhlfriPSFkm6epgyXO9vdH4dECb0go8AhqYCIf+yVIjqRH4GzFsrduo8wfdcXJle8NjP5wXauhxOnksDZ0l9ZFIQ4eVN2HnIyue2b6P3Lhaemm5kbepGZUncdOFaOQTKVf0/0hKfabNWOhtiGab/pWyummhYDTdOI+Bw8e023BvVd5pTR4unoSq9jNA+c9J2Hleuto7o3cmO/XarviHD6pJnnmJ8zPitdEC4r19ifhC0lssEONQDmWVOkUyOBWbYP2k38HOJPdywy8ii+4VZH9Z8R/fZ71qj4f

                                                                                                                            C:\Program Files\RAVAntivirus\elam\evntdrv.xml

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:XML 1.0 document text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2357
                                                                                                                            Entropy (8bit):4.908284940509403
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:o55s8iPgzK7W96MhM5IVkZJElInU/9ysI1qNA:o550ozK7WFhM5I6eo89ysI1qNA
                                                                                                                            MD5:2AF5B11A9B5F5B7C2BFEA7A3D7186B85
                                                                                                                            SHA1:E1F32261FD6D3D4679740B69E923CB053B30CE5F
                                                                                                                            SHA-256:6953F1DB3172307E77B65295FDE86915E77A0589B6669EB80ADFCDB8056802A6
                                                                                                                            SHA-512:4BD531D81FE46B1ABE933258C945683D98209E3C83BA3B3A0AB136F6D1A3D22D8731131FD6D11B58D8FD7B642E324C3DB1942BA22E9033CB76302E110E8D01DF
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:<?xml version='1.0' encoding='utf-8' standalone='yes'?>....<instrumentationManifest.. xmlns="http://schemas.microsoft.com/win/2004/08/events".. xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events".. xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://schemas.microsoft.com/win/2004/08/events eventman.xsd">.. <instrumentation>.. <events>.. <provider.. guid="{b5a0bda9-50fe-4d0e-a83d-bae3f58c94d6}".. messageFileName="%SystemRoot%\System32\drivers\rsElam.sys".. name="Reason ELAM Driver".. resourceFileName="%SystemRoot%\System32\drivers\rsElam.sys".. symbol="DriverControlGuid">.. <channels>.. <importChannel.. chid="SYSTEM".. name="System" />.. </channels>.. <templates>.. <template tid="AllEventsTemplate">.. <data name="message" inType="win:UnicodeString" outType="xs:string">..

                                                                                                                            C:\Program Files\RAVAntivirus\elam\rsElam.inf

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1720
                                                                                                                            Entropy (8bit):5.236257940466185
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:FhHF8wMlKnfM2nnwrIP5yHvb2/oyzvae+X:zGDlE0ow2yHvb2Xzye2
                                                                                                                            MD5:8A772C81F6383ACE2A62917F9D1BB757
                                                                                                                            SHA1:135484D6EC69047AEC4D4B9892D45B0EE2151170
                                                                                                                            SHA-256:8174291FDE972120CEBF5AC186A7FC4FE1F8CFD79F4962CF6A15F013CBB9765E
                                                                                                                            SHA-512:BC08886A501052A94FC5C8C7AE385D9215915D5D3850EA33770218422C39CFDBDCB5A91C5CEA28785DFDC65B8A65ED84D2CD426A2B0847BF2102BE9CC13F83D4
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:[Version]..Signature = "$Windows NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider = %ManufacturerName%..DriverVer = 04/14/2021,11.0.28.351..CatalogFile = rsElam.cat......[DestinationDirs]..DefaultDestDir = 12....[DefaultInstall.NTamd64]..OptionDesc = %rsElamDescription%..CopyFiles = rsElam.DriverFiles....[DefaultInstall.NTamd64.Services]..AddService = %ServiceName%,,rsElam_Service....[DefaultUninstall.NTamd64]..DelReg = ElamDelReg..DelFiles = rsElam.RemoveDriverFiles..LegacyUninstall=1....[DefaultInstall.NTx86]..OptionDesc = %rsElamDescription%..CopyFiles = rsElam.DriverFiles....[DefaultInstall.NTx86.Services]..AddService = %ServiceName%,,rsElam_Service....[DefaultUninstall.NTx86]..DelReg = ElamDelReg..DelFiles = rsElam.RemoveDriverFiles..LegacyUninstall=1....[ElamDelReg]..HKLM, "SYSTEM\ControlSet001\Services\rsElam"....[rsElam_Service]..DisplayName = %rsElamDisplayName%..Description = %rsElamDescription%..ServiceTyp

                                                                                                                            C:\Program Files\RAVAntivirus\elam\rselam.cat

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):9991
                                                                                                                            Entropy (8bit):7.162570944529979
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:Jn5nE7vyfJCxuXooyKfPFWQFidvo21EhqnajTcny:JWY0IrPFRWrsl3cny
                                                                                                                            MD5:6AFD7AEB0C4DEB2AC5B068DC1BF07C20
                                                                                                                            SHA1:D8D83F41C53E7856001D96A218B49EE2564FEA31
                                                                                                                            SHA-256:1DEAF16D7A4AF884D90C5CDF9F9217CF0DB96C73CCAC7A0BBA3675336DF7A9FF
                                                                                                                            SHA-512:7AFECB824BF1ACC6A3C36DAF34F604EC86BC0A2467E928D8512A176055AD24DA0D6BF3D6D8D42CA9D1CA88815D31E57BFD4167351D13CA64C88312537E5EB1E2
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:0.'...*.H........&.0.&....1.0...`.H.e......0.....+.....7......0...0...+.....7.....!..X.I^L.Y...'.3..210414101845Z0...+.....7.....0..G0......d.......l..\.....Y1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...i.n.f...0.... .YR.{hP.1..=.9J.......8.o..NH..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... .YR.{hP.1..=.9J.......8.o..NH..0... ..}{..,%.Km4.g........Ve1.E1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..}{..,%.Km4.g........Ve1.E0.......h....Y.O.@...N1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........r.s.e.l.a.m...s.y.s......10..-0J..+.....7....<0:.&

                                                                                                                            C:\Program Files\RAVAntivirus\resources\white-blue-icon.ico

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):167793
                                                                                                                            Entropy (8bit):2.6797213118611594
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:K1uDnxf0JzEjdulin5YE3DJl0k91HZS3T:PQlg5YAtOwHZs
                                                                                                                            MD5:BB08684354DB664FC3A6F99EEA2E5DBC
                                                                                                                            SHA1:EEEB2D3D320E0718C199A4B1CD6E3A802EB5B639
                                                                                                                            SHA-256:E22ECA41714D2A4F5CE3565B97CAA09FFAD250C0EFCE35A21115E0548AA0552F
                                                                                                                            SHA-512:4AC412A3A952BDAB72F6F8CB3720C8925D2A1975ABE0981511AADE49E587A605277CA9D2A61EE3D208207C642B4B8E42A73ACC606B6B23EF8BE95DB9CA734941
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p..............Vx..(....... ..... ..........................x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...`................ ..x...x...x...x...x...x...x...x...x............................0..x...x...x...x...x...x...x...@.........x...x...x... ..........x...x...x...x...x...x...x..........0..x...x...x...x...`......?..x...x...x...x...x...x..........x...x...x...x...x...@......_..x...x...x...x...x...x..........0..x...x...x...x..........@..x...x...x...x...x...x... .......... ..x...x... ..........x...x...x...x...x...x...x...x............................0..x...x...x...x...x...x...x...x...x...@................ .. .....x...x...x...x...x...x......... ..x...x...x...x... .........x...x...x...x...x...x...p.......................

                                                                                                                            C:\Program Files\RAVAntivirus\resources\white-icon.ico

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):173712
                                                                                                                            Entropy (8bit):3.4146604477538784
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:pXIn5mzanTrUwugXYaPStkZMjvSAvJwu1aB+:VI5mza/YEskZMdvJbaB+
                                                                                                                            MD5:788CAB4B0BF15FFC01C0246F47E0FF33
                                                                                                                            SHA1:1079593CD60EAD78FAE3B191F88EF105A6A7E5A3
                                                                                                                            SHA-256:CDECBAC352A3E6A8E0BAF44616B06758E5A00F01CF9AD7CC79A301870A3FAECC
                                                                                                                            SHA-512:3B8885B1B6B5379D4749B33FFA6493A4D1BC36B89A4DE864460C468A8E73517E6F85808CBC50B4FFE4181155C708DE0BBD25A4DA981F092B699D2875DAF84E91
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ .:...Vx..(....... ..... ..........................yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI..yI....3.....................yI..yI..yI..yI..yI..yI..yI..yI..yI....j...........................6.yI..yI..yI..yI..yI..yI..yI....>...........@.y........b.............yI..yI..yI..yI..yI..yI............8.yI..yI..yI..yI....r.......i.yI..yI..yI..yI..yI..yI...........T..yI..yI..yI..yI..............yI..yI..yI..yI..yI..yI..........yI..yI..yI..yI..yI..............yI..yI..yI..yI..yI..yI..............yI..yI..yI..yI....K.........yI..yI..yI..yI..yI..yI....~.............yI..yI................4.yI..yI..yI..yI..yI..yI......................................yI..yI..yI..yI..yI..yI..yI..yI............................{.yI..Y..yI..yI..yI..yI..yI..yI....~...-.yI........@...9.....Y....P.........yI..yI..yI..yI...."...............%..........9..

                                                                                                                            C:\Program Files\RAVAntivirus\rsClient.Protection.Microphone.dll.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):161
                                                                                                                            Entropy (8bit):5.010777093927904
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:vFWWMNHU8LdgCQcIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRyAEDDQIMOov:TMVBd1InV7VQ7VJdfEyFRyAqDQIm
                                                                                                                            MD5:DDC25AEFCAE9826CCE1754C2C89E959D
                                                                                                                            SHA1:36899490B8B0CF36AE8A1477468F3884C0CC9664
                                                                                                                            SHA-256:F8AD17C37D444521B3905CCBD75EA6CB6E3D2763B16EB56B2E1AA4274173E614
                                                                                                                            SHA-512:4C52E02E4E6A17FD36714E3769D34BC14675D47BE0322B14F4BBB13268C34DFE647A37DB7DF0DE7D8C31494BF878B597EDF85913E7FB648CB0D993E89FB5D611
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup></configuration>..

                                                                                                                            C:\Program Files\RAVAntivirus\rsEngine.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5016
                                                                                                                            Entropy (8bit):5.995330299186183
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:Od6n0ZkDDzU9M75wEloL7cWaT47v6o6lWTHC8I22CMkStEp8R4CwQo:Og0ZIkUecWaTLxl8K7x68R4So
                                                                                                                            MD5:E39C59E29FF2CE3FAEAD55C28B16EBC2
                                                                                                                            SHA1:BBDA02F5E175B6AEFF8EBD15CAF70E45BFC2A3B8
                                                                                                                            SHA-256:E05B83112DA9E902D14615AB649AF292976583800358A76A0FA44E5EE60E386C
                                                                                                                            SHA-512:835A05D12E6BBEFEA46B4454CB6E01068FA36278F654AA24D7B2C1CFB5F008E069972589A95C41792ADC7184454C39461A60495FB081BF67E86670A05D6BA4DD
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:SeNHHAozzDzx8xafGs52O0ptMOpxwrH3ipM96/hNICOUJi70x7nsMjPNoUSkriQbj8KFKcoykRd8YM37Uloeci4qEu5L8Sqi4EhVE8xrRHThgzFuH8JoXvI8wH3gY7A+jksqUn6dOLVfzV1JSDZRUwb4iZ7jT7JIN+lbZ959PPsQmVv+58fy3K0fZrilHjldG7BhYx0lra/MfnryT+HrxByCG0YBgXmFw7TY+xWKEAA12abAk4/TvYnQxqTDH9P+cClihClyV0nDiGlxMf3ORIh4Rxxz3b8Y2wzkEQ2uvP7QFK8uP8LWTeZb+n5kklM9+ooAB17yiVs9/rj7o2Fo/MJ/RfNxFyids2XkOrmMbxCy9FIpADfI3Mlhug36NPqVkx8mBHlxGCMnh9cYIDDARSCZVZ6/tCS/Iq12DJRNpklNGxpDyojXzgHnv3pqSP3CTLAMuM/gFRPk+bIOg8VP6IGFbR31l8slDAaORvRCyshnXuN6/A+zhuyuSe3CQDWbWNZHrNZjSdJiZBi/IrVzjgMWYQz4zSSIX3oHqbD9ArezIkm8vI7hjwgJZhH2jkYbOLZf2fE3Vvz1uXOhXB+B/zR7+eNkE0uEW4o0A7WEHTnGCzTzNmC5orC0OTrELkxbymirE5GCxkSvtGyqtyrOv5nFT9eLk0m4wtMqIff0mezJWogudB+y2XS0YutvS9/WO/OQ2HhdqW/PNpQMlCHlEiOkxDLglY1mBuH0aWt4wdVLRWqsRjwHKFQqWUX9t7QvNIi8wRbSU6ohcnDNrx8dkCjBhXX7GMI9PPpIvpMTHEEdvIFm4dRW8tyoACFggUfuqeDzGUdsYwVHJz/etenvwDN9T3uLG6vO9/ZA+VEQa5vRZlHkfoRN5EZCYGZ3P2AL6PnaMMnGiWAQTgwwkDZA7UOBBPXcYV1XT5gp9DZvouyFuPHhblloxYl+erMiP9TWlZvya0cECTdL2BgAwWe2UYDhzIG1FW5uUvBxRwGi

                                                                                                                            C:\Program Files\RAVAntivirus\rsEngineSvc.exe.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):332
                                                                                                                            Entropy (8bit):5.075213455940302
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:JiMV0kIffVKNC7VJdfEyFRSuAKr5KNZk2ygAyONNBgUaNN+f4FLupuh5W4QIT:MMG13VOcrS9LNZoE0NeUgNsI7o4xT
                                                                                                                            MD5:183621CDABE8EAE27DDC42EAC44C94E3
                                                                                                                            SHA1:F7F6BD958198B3E8D1BB303D6A6E6B6EA79A4F75
                                                                                                                            SHA-256:66231D790F26E2794EAA0FD0BFFFE46181335A258CA9587DAB41BD6E458A907D
                                                                                                                            SHA-512:1F9CCF6EAA9F377A21CECE17511D44002CD17DF6BF77EAFA3D0B713A91C31722CC6E030ECC881C04D42977DBC203D5FA6692E5078FBA9BC78A5950B95B841006
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.<?xml version="1.0"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false"/>.. <enforceFIPSPolicy enabled="false"/>.. <UseRandomizedStringHashAlgorithm enabled="1" />.. </runtime>..</configuration>

                                                                                                                            C:\Program Files\RAVAntivirus\rsExtensionHost.exe.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):332
                                                                                                                            Entropy (8bit):5.075213455940302
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:JiMV0kIffVKNC7VJdfEyFRSuAKr5KNZk2ygAyONNBgUaNN+f4FLupuh5W4QIT:MMG13VOcrS9LNZoE0NeUgNsI7o4xT
                                                                                                                            MD5:183621CDABE8EAE27DDC42EAC44C94E3
                                                                                                                            SHA1:F7F6BD958198B3E8D1BB303D6A6E6B6EA79A4F75
                                                                                                                            SHA-256:66231D790F26E2794EAA0FD0BFFFE46181335A258CA9587DAB41BD6E458A907D
                                                                                                                            SHA-512:1F9CCF6EAA9F377A21CECE17511D44002CD17DF6BF77EAFA3D0B713A91C31722CC6E030ECC881C04D42977DBC203D5FA6692E5078FBA9BC78A5950B95B841006
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.<?xml version="1.0"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false"/>.. <enforceFIPSPolicy enabled="false"/>.. <UseRandomizedStringHashAlgorithm enabled="1" />.. </runtime>..</configuration>

                                                                                                                            C:\Program Files\RAVAntivirus\rsHelper.exe.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):332
                                                                                                                            Entropy (8bit):5.075213455940302
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:JiMV0kIffVKNC7VJdfEyFRSuAKr5KNZk2ygAyONNBgUaNN+f4FLupuh5W4QIT:MMG13VOcrS9LNZoE0NeUgNsI7o4xT
                                                                                                                            MD5:183621CDABE8EAE27DDC42EAC44C94E3
                                                                                                                            SHA1:F7F6BD958198B3E8D1BB303D6A6E6B6EA79A4F75
                                                                                                                            SHA-256:66231D790F26E2794EAA0FD0BFFFE46181335A258CA9587DAB41BD6E458A907D
                                                                                                                            SHA-512:1F9CCF6EAA9F377A21CECE17511D44002CD17DF6BF77EAFA3D0B713A91C31722CC6E030ECC881C04D42977DBC203D5FA6692E5078FBA9BC78A5950B95B841006
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.<?xml version="1.0"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false"/>.. <enforceFIPSPolicy enabled="false"/>.. <UseRandomizedStringHashAlgorithm enabled="1" />.. </runtime>..</configuration>

                                                                                                                            C:\Program Files\RAVAntivirus\rsRemediation.exe.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):332
                                                                                                                            Entropy (8bit):5.075213455940302
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:JiMV0kIffVKNC7VJdfEyFRSuAKr5KNZk2ygAyONNBgUaNN+f4FLupuh5W4QIT:MMG13VOcrS9LNZoE0NeUgNsI7o4xT
                                                                                                                            MD5:183621CDABE8EAE27DDC42EAC44C94E3
                                                                                                                            SHA1:F7F6BD958198B3E8D1BB303D6A6E6B6EA79A4F75
                                                                                                                            SHA-256:66231D790F26E2794EAA0FD0BFFFE46181335A258CA9587DAB41BD6E458A907D
                                                                                                                            SHA-512:1F9CCF6EAA9F377A21CECE17511D44002CD17DF6BF77EAFA3D0B713A91C31722CC6E030ECC881C04D42977DBC203D5FA6692E5078FBA9BC78A5950B95B841006
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.<?xml version="1.0"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false"/>.. <enforceFIPSPolicy enabled="false"/>.. <UseRandomizedStringHashAlgorithm enabled="1" />.. </runtime>..</configuration>

                                                                                                                            C:\Program Files\RAVAntivirus\ui\LICENSE.electron.txt

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1096
                                                                                                                            Entropy (8bit):5.13006727705212
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                            MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                            SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                            SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                            SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                            C:\Program Files\RAVAntivirus\ui\LICENSES.chromium.html

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5432476
                                                                                                                            Entropy (8bit):4.830605614584281
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps
                                                                                                                            MD5:27206D29E7A2D80EE16F7F02EE89FB0F
                                                                                                                            SHA1:3CF857751158907166F87ED03F74B40621E883EF
                                                                                                                            SHA-256:2282BC8FE1798971D5726D2138EDA308244FA713F0061534B8D9FBE9453D59AB
                                                                                                                            SHA-512:390C490F7FF6337EE701BD7FC866354EF1B821D490C54648459C382BA63C1E8C92229E1B089A3BD0B701042B7FA9C6D2431079FD263E2D6754523FCE200840E2
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<style>.html {. --google-blue-50: rgb(232, 240, 254);. --google-blue-300: rgb(138, 180, 248);. --google-blue-600: rgb(26, 115, 232);. --google-blue-900: rgb(23, 78, 166);. --google-grey-200: rgb(232, 234, 237);. --google-grey-800: rgb(60, 64, 67);. --google-grey-900: rgb(32, 33, 36);.. --interactive-color: var(--google-blue-600);. --primary-color: var(--google-grey-900);.. --product-background: var(--google-blue-50);. --product-text-color: var(--google-blue-900);.. background: white;.}..@media (prefers-color-scheme: dark) {. html {. --interactive-color: var(--google-blue-300);. --primary-color: var(--google-grey-200);.. --product-background: var(--google-grey-800);. --pro

                                                                                                                            C:\Program Files\RAVAntivirus\ui\chrome_100_percent.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):142204
                                                                                                                            Entropy (8bit):7.920688294116045
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:48Kzw9bpM/OO3eS2Z8Gb0+VRLf0ld0GY3cQ3F2DExm/KLQ2I:9Kzw96/xm8Gb0OV8ld0GecQ3mExhLY
                                                                                                                            MD5:0FD0A948532D8C353C7227AE69ED7800
                                                                                                                            SHA1:C6679BFB70A212B6BC570CBDF3685946F8F9464C
                                                                                                                            SHA-256:69A3916ED3A28CD5467B32474A3DA1C639D059ABBE78525A3466AA8B24C722BF
                                                                                                                            SHA-512:0EE0D16ED2AFD7EBD405DBE372C58FD3A38BB2074ABC384F2C534545E62DFE26986B16DF1266C5807A373E296FE810554C480B5175218192FFACD6942E3E2B27
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:..................#.N...:......X.....X.....X.....X.....X1....X.....X.....X.....X.....X.....X/....X."...XM$...X.%...X:'...X.'...X31...Xa9...X.;...X)<...d.=...d8>...d.?...d.B...d.E...d.I...d.M...d.P...d.T...dWX...d.Y...d.[...dp\...dc]...d.^...d.^...d....dP....t%....t(....t^....t[....t.....t.....t$....t.....t.....t.....tC....t.....t.....t?....t.....t.....t7....tW....t.....t."...t3,...tk6...t.:...t9<...t.E...t.M...tjN...t.O...t.Q...t.T...t.U...u.X...u.Z...u]\...u4^...u.`...u8a...u.b...uJd...u.g...u.i...uAl...u.m...u4q...u.t...u4v...u.....u.....u.....u.....ur....uT....u....uN... u...!u...."u....#uQ...$u6...%u(...&u....'u....(u....)uH...*u6...+u....,u...-u.....u..../u_...0u4...1u....2u...6u....7uu...8u<...9u....:u....;u....<u:...>uL...?u(...@u....Aul...Bu....CuR...Du....Euz...FuD...Gu....Hu....Iu....Ju@...Ku....Lu....Mu....Nu@...Ouw...Pum...Qub...TuZ...tw4...uw....vw....ww-...xw....yw....zw....{w....|w`...}w....~w.....wC....wW....wA....w.....wA....w.....wN....w.....wg ...w. ...w.!...w.!

                                                                                                                            C:\Program Files\RAVAntivirus\ui\chrome_200_percent.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):207660
                                                                                                                            Entropy (8bit):7.947044413059884
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:BDQYaF+9bx/Gk5GMRejnbdZnVE6Yopym74:efsxS6edhVELo374
                                                                                                                            MD5:1014A2EE8EE705C5A1A56CDA9A8E72EE
                                                                                                                            SHA1:5492561FB293955F30E95A5F3413A14BCA512C30
                                                                                                                            SHA-256:ED8AFE63F5FC494FD00727E665F7F281600B09B4F4690FA15053A252754E9D57
                                                                                                                            SHA-512:AC414855C2C1D6F17A898418A76CCE49AD025D24C90C30E71AD966E0FD6B7286ACF456E9F5A6636FD16368BC1A0E8B90031E9DF439B3C7CD5E1E18B24A32C508
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:..................#.O...:......Xz....X.....Xm....X2....Xp....Xk....X)&...Xe+...Xu....X.5...X":...XyB...X.D...X_F...X.I...XYJ...X.^...X.p...X'v...X.v...d#x...d.|...d8....d,....d1....dp....d.....dc....d.....d....d.....d.....d.....d.....d.....d<....d.....d.....t.....tW....t.....t.....t.....t"....t.....tG!...t.)...to0...t.5...tR;...t4B...t.C...t.H...t.L...t.V...tFY...t.a...t.e...tFo...t.y...t.}...tp....tG....t....t.....t....t....t....t.....u.....u....uT....u+....u....u....u....u.....u.....u.....u.....u$....u=....u.....u/....u`....uV....u6....u.....uG....ua....ue....u.... uD ..!u.!.."uJ#..#u.$..$uN&..%u.(..&u.*..'uN/..(u<4..)u.<..*u.C..+u\E..,u.F..-u.H...utI../u.J..0u1L..1u.O..2u.S..3u.W..4u.X..5uNZ..6u.[..7u....8u....9uk...:u....;uq...<u*...>u<...?u....@u....Au;...Bu....Cu....Du....Eu....Fu....Gu....Hu....Iu....Ju....Ku....Lu!...MuB...Nu6...Ou....Pu....Quh...Tu,...tw&...uw~...vw....wwC...xw....yw$...zw....{wS...|w....}w....~we....w.....w.....w.....wZ....w.....wu....w.....w.....w=.

                                                                                                                            C:\Program Files\RAVAntivirus\ui\icudtl.dat

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):10215904
                                                                                                                            Entropy (8bit):6.2875551381301
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:196608:GEGwSv9AAQ48yTliXUxR0rHa93WhlU6tgYLu:G4KlQ4xliXUxR0rHa93WhlU6tgYC
                                                                                                                            MD5:224BA45E00BBBB237B34F0FACBB550BF
                                                                                                                            SHA1:1B0F81DA88149D9C610A8EDF55F8F12A87CA67DE
                                                                                                                            SHA-256:8DEE674CCD2387C14F01B746779C104E383D57B36C2BDC8E419C470A3D5FFADC
                                                                                                                            SHA-512:C04D271288DD2EFF89D91E31829586706EBA95FFBAB0B75C2D202A4037E66A4E2205E8A37ECF15116302C51239B1826064ED4670A3346439470B260ABA0EA784
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .1....A.......A.......A..`....A.......A.......A..P....A...%...B...&...B..p&..(B...m..<B...n..OB...n..bB..Po..uB...o...B..`q...B...q...B.. r...B...r...B...s...B..pt...B...u...C..@v.. C...v..3C...x..FC...x..YC...z..lC..P|...C...|...C...}...C..P~...C..0....C.......C.......C..`....D.......D......*D......=D......ND..`...bD......rD.......D..p....D..p....D.......D.......D..`....D.......E.......E..P...'E......7E......JE......aE..0...qE..P....E.......E.......E..@....E.......E.......E.../...F....&.'F..@.&.>F....&.UF....&.oF.. .&..F....&..F..P.&..F....&..F..0.&..F..PW(..G..."). G....).?G....).aG...A*..G....*..G....*..G....+..G....+..G..0.+..H....+."H...V+.>H....+.\H..p.-.uH..p.-..H....-..H....-..H....-..H..P.-..H..P....H.......I......%I..@...5I..@8..HI...8..[I...8..nI..09...I...9...I...9...I..0:...I...;...I..P]...I..@_...I.......J......'J.....<J..../.QJ..

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\am.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):170358
                                                                                                                            Entropy (8bit):4.979426281155178
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:miQIh89kOFR/92t7Rh4rgEkDvuhE8oeLakiYVGMqyZJjh6GVZYWAaTrx0kek97GT:52JHFEueQRhx30jH8+j
                                                                                                                            MD5:985BE89267E0D559BFFD4B66380E5E53
                                                                                                                            SHA1:FA33E9BBFFF5A89DCC26F52634561E27C1CF0E05
                                                                                                                            SHA-256:BD1A60F7FD63DA2230509211F858866ED782767F580B8CE4740AD2060D3C5D9B
                                                                                                                            SHA-512:7CB99EA1D92F810DD6F882669B2803B5CC87A9F34E70964D402F14CB7771A9D02F4C7493518B5C388F49887C8311E3B02FCE7FF3770A724FA9A0A2E776F2C3C6
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p.$9..q.*9..r.99..s.J9..t.S9..v.h9..w.u9..y.{9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....&:....<:....k:.....:.....:.....:.....:.....:.....:.....:....,;....L;....l;....s;....v;....w;.....;.....;.....;.....;.....;.....;.....;.....;.....<..*..<..+..<..,.;<../.L<..0.f<..1..<..2..<..3..<..4..=..5.Z=..6..=..7..=..>..>..?.'>..N.G>..g.T>..i.W>..j.[>..k.`>..l.h>...Mm>...M.>...M.>...M.?...M.?...M.@...M.@...M"@...ME@...MT@...M.@...M.@...M.A...M.A...M.A...M8B...MTB...M.B...M.B...M.B...M.B...M.C...M`C...M.C...M.C...M.C...M.C...M.C...MgD...M.D...M.D...M.D...M.D...M.E...McE...M#F...M.F...M.F...M0G...MFG...MpG...MPH...M`I...MwI...M.I...M.J...M.J...M.K...M.K...M.K...M$L...MCN...M`O...M;P...M.P...M.P...M.P...M.Q...M+Q...MDQ...M.Q...M.R...MWR...M.S...M*S...MVS...M.S...M.T...MxT...M.T...M<U...M.U...M.V...M.V...M.V...M;V...MgV...M.V...M.V...M.V...M.V...M.V...M.W...M.W...M.W...M.W...M.X...M@X...MLX...MYX...M.X...N.Y...N.\

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ar.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):175504
                                                                                                                            Entropy (8bit):5.0546398181316885
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:uva6wvR3SO1H2KNRpqhXRaJXFxuJ+7QMhS2xHMuZtE9T6N8djpK1P/X2dMgSENKv:uvHO3FnNRK+7QZjMgSENu/4I1ZV
                                                                                                                            MD5:5209516DEE9D9CE64854B70DA199108C
                                                                                                                            SHA1:5797E37DA5909E47E03D323ABF884B573ADF0840
                                                                                                                            SHA-256:8407BA456E51177358E6CE1E82C33E5E279EAEB553EE38DB9F0994EC57C2E246
                                                                                                                            SHA-512:0585C14BDA7800ACD3242794EEF7C9466F57217A059FEEFB0BF715E2CAE9D228A5172FA9046EA19D19CDC388DCDE2348A0A90CAA26A1BAEEE612006495B56524
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..8..o..9..p..9..q..9..r.#9..s.49..t.=9..v.R9..w._9..y.e9..z.t9..|.z9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....!:....>:....u:.....:.....:.....:.....:.....:.....:.....;....2;....H;....^;....e;....h;....r;....|;.....;.....;.....;.....;.....;.....;.....;..*..;..+..<..,. <../.7<..0.B<..1..<..2..<..3..<..4..<..5..<..6.e=..7..=..>..=..?..=..N..=..g..=..i..=..j..=..k..=..l..>...M.>...ML>...M.>...M.?...M.?...M.?...M.?...M.?...M.@...M!@...ML@...M.@...MuA...M.A...M.A...M.A...M.B...MGB...MSB...MuB...M.B...M.B...M.B...M.C...M3C...M9C...M^C...MsC...M.C...M.D...M2D...MMD...MoD...M.D...MBE...M.E...M.F...M.F...M.F...M.G...M9G...M.G...M.H...M.I...M#I...MbI...M.J...M.K...M.K...M.K...M.L...M0P...M.R...M.S...M.T...MDT...MNT...MeT...MvT...M.T...M.T...M.U...M.U...M_V...M.V...M.V...M.W...M.W...M'X...M.X...M.X...M.Z...M.Z...M$Z...M*Z...M0Z...M\Z...M.Z...M.Z...M.Z...M.Z...M.Z...M\[...M.[...M.[...M.\...M^\...Mm\...M.\...M.\...M.\...M.\...N.]...N.e...N.f

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\bg.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):187225
                                                                                                                            Entropy (8bit):4.788936443427241
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:L+842GSFq8zEyJDnfPkr2uqjNUwnPl+TPRZzrzCLy8AsIiaeD3ogT72ehPsUVxA:L+842GaTBDn0qncZzrmLy8A/PW72ehPI
                                                                                                                            MD5:7005E72419774FC1D78BA0718FCA1B47
                                                                                                                            SHA1:BEDCB1E0897A1A47A878BB820735D8E373A4B4F1
                                                                                                                            SHA-256:2B93AFB50CD154464B7B40C8D0015DB09B69F3341F0BD75D190C033C4EC4C72D
                                                                                                                            SHA-512:7A098EF7E4297D832ACF356367FAEDB78BCF33B68E2D0255EED0C1852CEC744D24FE594812F2C3A393B4FA75E83A080803D38176BF7534604362A7287242E9F0
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l..9..n.$9..o.)9..p.69..q.<9..r.K9..s.\9..t.e9..v.z9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....<:....^:....w:.....:.....:.....:.....:.....:.....:.....:....);....W;.....;.....;.....;.....;.....;.....;.....;.....<.....<....+<....N<....X<....d<.....<..*..<..+..<..,..<../..=..0.'=..1..=..2..=..3..=..4..>..5.A>..6..>..7..>..>..?..?..?..N.??..g.M?..i.P?..j.T?..k.[?..l.i?...Mn?...M.?...M.?...M.A...M,A...MsA...M.A...M.A...M.A...M.A...M.B...MlB...M.C...M.D...M.D...MhD...M.D...M.D...M.D...M+E...MBE...M.E...M.E...M.E...M.E...M#F...MIF...M.F...M.G...M3G...M[G...MgG...M.G...M.G...M.H...M.I...MHJ...MxJ...M.J...M.J...M.K...M.K...M(M...M@M...MgM...M.M...M.N...MaO...MnO...M.O...M.O...M.Q...M1R...M.R...MgS...M.S...M.S...M.S...M.S...M.T...M^T...M.T...MSU...M.V...MHV...MkV...M.V...M.W...M.X...M.X...M.X...M%Z...M?Z...MIZ...MUZ...M.Z...M.Z...M.Z...M.Z...M.[...M.[...My[...M.[...M9\...M`\...M.\...M.\...M.\...M.]...M.]...M[]...N.]...N.`

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\bn.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):243751
                                                                                                                            Entropy (8bit):4.4018243964069335
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:aAxz/E6Rp2KJvr58JMgtJxp+wuDKOgv+hfnmW:pzrf9vlN
                                                                                                                            MD5:5670D1C74A07E5E9BB3853307EA2CFD7
                                                                                                                            SHA1:7CD7568D2BD4C64B8685BF17E3289AFE923468B2
                                                                                                                            SHA-256:706681208F6E0C2508C55AC7FB8BF510A133CD66F6977C3DA3439526269A1C0A
                                                                                                                            SHA-512:27C5F596548A52D0D62A749324A744121F2448B29F8EEB908AFE487B7084C95E6E39B80326480E9253B997CA22F557F33E450FE155CCDBB2B601D0991389B47C
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p.!9..q.'9..r.69..s.G9..t.P9..v.e9..w.r9..y.x9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....u:.....:.....:.....:....';....);....-;...._;....{;.....;.....;.....;.....<....9<....<<....=<....S<....f<.....<.....<.....<.....<.....<.....<....*=..*.H=..,.K=../..=..0..=..1..>..2.0>..3.L>..4..>..5..>..6..?..7..?..>..@..?.$@..N.Y@..g.r@..i.u@..j.y@..k.~@..l..@...M.@...M.@...M.A...M.B...M.B...M=C...MFC...M^C...M.C...M.C...M.D...MyD...M.E...M.E...M.E...MNF...MjF...M.F...M.F...M.F...M&G...M;G...M.G...M.G...M.G...M.H...M;H...MaH...M.I...M`I...M.I...M.I...M.I...M.J...M.J...M.K...M.L...M.M...M.N...MxN...M.N...M.N...MKP...MUR...MlR...M.R...M.S...MtT...M.U...M.U...M.U...M.V...M.Y...M>[...M.\...M6]...M.]...M.]...M.]...M.]...M.]...M_^...M{_...M._...M.`...M.`...M;a...Mca...M@b...M.b...M.c...M.d...M.e...M.e...M.e...M.e...M.e...M.f...Mjf...M.f...M.f...M.f...M.f...MOg...M.g...M,h...M\h...M.h...M.h...M.h...M.i...M i...M.i...N.j

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ca.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):118448
                                                                                                                            Entropy (8bit):5.39170749558306
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Jx2Dl9DaccguH65rHBL8l/oY6wtwA1wN7O5qwajf1TYiUU/mYWHGPXf4Y0ozRhqN:Jmbcgmo9O5qHYiUU+YZPXfZ0ya/Akplz
                                                                                                                            MD5:5C5C2E574C8D51A61D9E58547D89B0DF
                                                                                                                            SHA1:268D6A348C22616432191AE55BB8C34E039FEAC7
                                                                                                                            SHA-256:4D96243F37CB8FFF76FA55CB71667F010CB002ED8EE6741A216C89E6ACA3FD73
                                                                                                                            SHA-512:E1D8AF4F6D1B66064B71D7F66391A896ED62BA379D5A7C1A2F667716A46E255588A098AF529358AE6904831AED2C085C8CE6536736111EBF9427869CA5CC8627
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l..9..n.$9..o.)9..p.69..q.<9..r.K9..s.\9..t.e9..v.z9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....3:....L:....l:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;.... ;....);....1;....6;....<;....N;....T;....\;....x;..*..;..+..;..,..;../..;..0..;..1..<..2..<..3.*<..4.I<..5.f<..6..<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..=...M.=...M4=...MV=...M.=...M.=...M&>...M.>...M5>...MK>...MX>...M.>...M.>...MO?...M~?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M,@...Mi@...Mu@...M.@...M.@...M.@...M.@...M.@...M(A...M=A...MRA...MUA...MoA...M.A...M.B...M.B...M.C...M*C...MTC...McC...M.C...M.D...M.D...M.D...M.E...MKE...M.E...M1F...MBF...MNF...MtF...M.G...M.H...M.H...M.H...M.I...M.I...M%I...M0I...MDI...MiI...M.I...M.I...MGJ...MiJ...M|J...M.J...M.K...MmK...M.K...M.K...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.M...M.M...MDM...MkM...M.M...M.M...M.M...M.M...M.N...M N...M.N...MYN

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\cs.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):121275
                                                                                                                            Entropy (8bit):5.801076457122706
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:KMZC7jzoG+y4cKLlDmg+5XZ/V0J8Q+Qdbx:KMoILlD2/Vw8Q5dbx
                                                                                                                            MD5:6310A8E1C7E8CA3A1611D78B4D67845B
                                                                                                                            SHA1:FA8CFF4EC0B1CF3ACA65E6745D9F31154DC48115
                                                                                                                            SHA-256:10C892B0722D117B4C3C55776F8FE4B2EF1631DDE91D23A9F7EF44F7ACF0C60E
                                                                                                                            SHA-512:900D9EEEF7305134D677F90C3C9D50F631C8CAE0CC0FC56A3F03984A28C7B7AF429276150EFBECB769D5AEBB04EA5FE3B0645922710891901CCCB2E32B01B813
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p..9..q.$9..r.39..s.D9..t.M9..v.b9..w.o9..y.u9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....":....4:....F:....[:....]:....a:....n:....y:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;....<;..*.F;..+.I;..,.g;../..;..0..;..1..;..2..;..3..;..4..<..5.#<..6._<..7.s<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M@>...M.>...M.>...M.>...M.?...M$?...MO?...MZ?...Mt?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M^@...M}@...M.@...M.@...M.@...M.@...M?A...M.A...M.B...M%B...MSB...MbB...M.B...M.C...M.C...M.C...M.C...M.D...M.D...MDE...MVE...MiE...M.E...M.G...M~H...MDI...M.I...M.I...M.I...M.I...M.I...M.I...M.I...MHJ...MfJ...M.J...M.J...M.K...M8K...M.K...M.K...M.L...MEL...M.L...M.L...M.L...M.L...M.L...M.M...M.M...M)M...M,M...M=M...M@M...MdM...M.M...M.M...M.M...M.M...M.N...M$N...M+N...M8N...M]N...N.N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\da.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):111245
                                                                                                                            Entropy (8bit):5.412627741732628
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:GAoI9oflaV0wDd7aBPQxjTnYg58M+67GAv4v8pOmPEHhiGHH:GAoIoIVDCQ9Tnp+6BAPiS
                                                                                                                            MD5:42628B87E74B0A3A7CBCE510F2EF674F
                                                                                                                            SHA1:C9FC502EAC895690F4BD0BD3CD47B72819BFC342
                                                                                                                            SHA-256:450184B07E707CC80F7F7B331CD7D95AEB10C22E6936FB50D438DE24C9DC3BA5
                                                                                                                            SHA-512:AD60A366E4EA7050AEF7CB6CD7C0D99FB9F37F7FF88F93A13FBDB21EB1C53CBC33CB28C284A14D7A44DA0CEEEF1FE9E693BE0716EC268C6DA0A674DB00194A25
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l. 9..n.(9..o.-9..p.:9..q.@9..r.O9..s.`9..t.i9..v.~9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....+:....;:....O:....h:....j:....n:....u:....|:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;..*.);..+.,;..,.J;../.Z;..0.d;..1..;..2..;..3..;..4..;..5..;..6..<..7..<..>.0<..?.9<..N.G<..g.R<..i.U<..j.Y<..k.^<..l.c<...Mh<...M.<...M.<...Mj=...Mp=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M.>...M.>...M.>...M.?...M ?...M(?...M??...MN?...MZ?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M4@...MB@...MR@...MX@...Mn@...M.@...M.@...MPA...M.A...M.A...M.A...M.A...M.B...M.B...M'C...M6C...MDC...MoC...M.C...MND...MWD...MfD...M.D...M.E...M7F...M.F...M.F...M.G...M.G...M$G...M+G...M5G...MoG...M.G...M.G...MNH...MgH...MxH...M.H...M.H...M:I...M.I...M.I...M<J...MDJ...MJJ...MMJ...M_J...MuJ...M.J...M.J...M.J...M.J...M.J...M.J...M1K...MCK...MYK...M`K...M{K...M.K...M.K...M.K...N.L

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\de.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):119704
                                                                                                                            Entropy (8bit):5.457282149553726
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:ql0IC/DCfhK7XghYIahUbnLKbhYvf+xzO5pq0JvehSbbXSPHxQ1NlkGfkhxEQE9b:qCIC/qKwmhUzLK4SS3uH8NrCG3s/rsSE
                                                                                                                            MD5:B48F5B846D1B32F8426255E8A03B4D20
                                                                                                                            SHA1:77272097E67BA495D73E3D82E3100237A1664FCC
                                                                                                                            SHA-256:28E394FD4DFCB0EE3AD947A8E276AF7EC1501F30E820BA42270D2D7F03EBF745
                                                                                                                            SHA-512:07E9AF3153E60E05678DB92E4654169E9C743BFFB5AEDA0725BD3B11DFBA9021551697149771BB3AADAC4FAFACA50C88A352F55D32BD6C5FC8867C44F660196F
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..8..o..8..p..9..q..9..r..9..s.,9..t.59..v.J9..w.W9..y.]9..z.l9..|.r9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:..../:....E:....G:....K:....^:....g:....|:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....+;....2;....;;....Q;..*.Z;..+.];..,.{;../..;..0..;..1..;..2..;..3..;..4..;..5..<..6.d<..7.x<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.=...M.=...M.=...M.=...M.>...M.>...M.>...M3>...M@>...M`>...M.>...M(?...M[?...Me?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...MH@...MV@...Mf@...Mo@...M.@...M.@...M.@...M.@...M.A...M.A...M$A...MGA...MxA...M.A...M.B...M2C...MIC...MrC...M.C...M.C...M4D...M.E...M.E...M0E...MWE...M.E...MAF...MHF...MSF...MtF...M.G...M.H...M.H...M.H...M.I...M(I...M6I...M?I...MNI...M.I...M.I...M.J...M.J...M.J...M.J...M.J...M@K...M.K...M.K...M L...M.L...M.L...M.L...M.L...M.L...M.M...M.M...M.M...M1M...M4M...M^M...M.M...M.M...M.M...M.N...M.N...M4N...M>N...MLN...MoN...N.N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\el.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):207258
                                                                                                                            Entropy (8bit):4.865114615082758
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:chZV/Ci+eFMkDuvnFKI3Rrl3Cp4V3/UzFMeF+f9Z2hl36MYlXSBzG:8X/Ci+eFMkDuvnFKI3Rrl3Cp4V3/UzFe
                                                                                                                            MD5:9D654962E91275C7538DABDB450A2F03
                                                                                                                            SHA1:3121A84F1035D7B44E4597EBE4857137B7172DA6
                                                                                                                            SHA-256:9EA03F3937D9312AF696D6C0A3071FA8C0DDB1B6259272CC0D9BE2E09DDC3D27
                                                                                                                            SHA-512:0A2E2BC0FBB587F210EBD74013C4C99A57A9DF088BA4C6D6BF670B085A45B825CC6800FA2F554D2C640669803350DDDB53122369A6F54F80EC92B928F84EC35A
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p. 9..q.&9..r.59..s.F9..t.O9..v.d9..w.q9..y.w9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....;:....b:.....:.....:.....:.....:.....;.....;....%;....H;....k;.....;.....;.....;.....;.....;.....;.....<....)<....;<....K<....^<....v<....~<.....<.....<..*..<..+..<..,..<../.N=..0.u=..1..=..2..>..3.(>..4.{>..5..>..6.2?..7.Z?..>..?..?..?..N..?..g..?..i..?..j..?..k..?..l..?...M.?...MR@...M.@...M.A...M.A...M!B...M1B...M7B...MkB...M}B...M.B...M.B...MCD...M.D...M.D...M.E...M=E...MqE...M.E...M.E...M.E...M.F...M.F...M.F...M.F...M.F...M.F...M.G...M.G...M.G...M!H...MBH...MZH...M.H...M.I...M.J...M.J...M.K...M.K...MNL...MuL...M.L...M.M...MOO...MjO...M.O...M.O...M.P...M.Q...M.Q...M.Q...M.R...M.T...M.T...M.U...MeV...M.V...M.V...M.V...M.V...M.V...MLW...M.W...M-X...M.Y...MkY...M.Y...M.Z...M.Z...M`[...M&\...M~\...M.]...M.]...M.]...M.]...M.]...M.]...M&^...MG^...MH^...Mg^...Mj^...M.^...M.^...Mw_...M._...M._...M._...M.`...M(`...M>`...Mz`

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\en-GB.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):97490
                                                                                                                            Entropy (8bit):5.4465427473273955
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:tYTEqB55WGHjrD0KWK4Rrge3365iBqgsSOiJedMJrVuh55MVfm3ggl+LXvcx:STEqBZHjEK0VxBqgj65b3ggl+LQ
                                                                                                                            MD5:DABD9D0434E128D6AE3FEEC3B2C2801E
                                                                                                                            SHA1:D7A25AC86C15F5D4A3B3D4B713A5302C5B385498
                                                                                                                            SHA-256:DC908ECD302CE83D9DC091B15011497EB7DE87999C4E5B895B6E85E24CB7C835
                                                                                                                            SHA-512:831F74FC1A3AF5DB1F23A1107133A090709693E829DE90F2C8727258CEFA1EADF1F42087134494E1A026DB044E9E63CABDA4EBEFB425CC2010AAF196DA0A3959
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l..9..n."9..o.'9..p.49..q.:9..r.I9..s.Z9..t.c9..v.x9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....#:....2:....B:....S:....U:....Y:....]:....d:....n:....~:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;..*..;..+..;..,.5;../.F;..0.O;..1..;..2..;..3..;..4..;..5..;..6..;..7..<..>..<..?.!<..N.0<..g.9<..i.<<..j.@<..k.E<..l.L<...MQ<...Mr<...M.<...M.<...M.<...M.=...M.=...M.=...M.=...M"=...M4=...MS=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M">...M>>...MK>...M.>...M.>...M.>...M.>...M.>...M.>...M.>...M.?...M!?...M-?...M1?...M@?...Mf?...M.?...M.@...Mk@...Mz@...M.@...M.@...M.@...M>A...M.A...M.A...M.B...M.B...M.B...M.B...M.C...M.C...M(C...M.D...M.D...M.D...M+E...MNE...MTE...M^E...MeE...MpE...M.E...M.E...M.E...MBF...MVF...MfF...M.F...M.F...M"G...MeG...M.G...M.H...M.H...M.H...M.H...M H...M2H...MHH...M[H...M\H...MgH...MjH...M.H...M.H...M.H...M.H...M.I...M.I...M-I...M1I...M@I...M\I

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\en-US.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):98300
                                                                                                                            Entropy (8bit):5.439187252846997
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:o0HHyVntEV0FYSED0FhSL2trM7H3x5dBqgtSO0JedMVrBnhBLVfD3ggl+sZfpkwh:oKHOnt3YSThF+5BqgATBp3ggl+sowh
                                                                                                                            MD5:214E2B52108BBDE227209A00664D30A5
                                                                                                                            SHA1:E2AC97090A3935C8AA7AA466E87B67216284B150
                                                                                                                            SHA-256:1673652B703771EF352123869E86130C9CB7C027987753313B4C555A52992BAB
                                                                                                                            SHA-512:9029402DAEA1CBE0790F9D53ADC6940C1E483930CF24B3A130A42D6F2682F7C2D6833F2CD52F2417009C3655FED6A648B42659729AF3C745EAA6C5E8E2B5BB9E
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k.%9..l.09..n.89..o.=9..p.J9..q.P9..r._9..s.p9..t.y9..v..9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....:.....:.....:....,:....9:....H:....X:....i:....k:....o:....s:....z:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....";..*.*;..+.-;..,.K;../.\;..0.e;..1..;..2..;..3..;..4..;..5..;..6..<..7..<..>..<..?.6<..N.E<..g.N<..i.Q<..j.U<..k.Z<..l.a<...Mf<...M.<...M.<...M.<...M.<...M.=...M =...M&=...M/=...M7=...MI=...Mh=...M.=...M.=...M.=...M.=...M.>...M.>...M$>...M7>...MS>...M`>...M.>...M.>...M.>...M.>...M.>...M.>...M.?...M+?...M5?...MA?...ME?...MT?...Mv?...M.?...M.@...Mw@...M.@...M.@...M.@...M.@...MMA...M.A...M.B...M.B...M<B...M.B...M.C...M.C...M%C...M>C...M3D...M.D...M8E...MiE...M.E...M.E...M.E...M.E...M.E...M.E...M.F...M)F...M.F...M.F...M.F...M.F...M#G...MeG...M.G...M.G...MNH...MUH...M[H...M`H...MdH...MvH...M.H...M.H...M.H...M.H...M.H...M.H...M.H...M%I...M6I...MPI...MWI...MqI...MuI...M.I...M.I

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\es-419.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):116443
                                                                                                                            Entropy (8bit):5.3616149019649635
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:+uskmEfjRbMZr4hbzexqXGoB24YddPcHYKC2Kbc0PWFsMH5BthDVZ2rrVHhQ:+uVlAkhOUYsHIBQ
                                                                                                                            MD5:7B45D7BE08EED5DFEE3D12F0B7E6111D
                                                                                                                            SHA1:E14D2E0861D42BC31EA778237F77FD71C5DD32C8
                                                                                                                            SHA-256:263FC4B258041034D040BB3D27758239153D5A5FAF85AB4217DA608E7C2A4F2C
                                                                                                                            SHA-512:DFA361344CFAB28E91DBF772123E043CCA16B6D86CAFFFCAF8D71686AC9CC3DEA832525B934C60FD1F110E9BF224A9B5F496924A443F742A7487D008F1AD7869
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n. 9..o.%9..p.29..q.89..r.G9..s.X9..t.a9..v.v9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....$:....3:....H:...._:....a:....e:....m:....{:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....&;....,;....4;....V;..*.a;..+.d;..,..;../..;..0..;..1..;..2..;..3..<..4.(<..5.K<..6..<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.=...M-=...MT=...M.>...M.>...M0>...M9>...M?>...MN>...M\>...Mx>...M.>...MK?...Mv?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...MI@...MT@...Mn@...Mu@...M.@...M.@...M.@...M#A...M3A...MGA...MLA...MjA...M.A...M.B...M.B...M.C...M.C...MSC...MfC...M.C...M.D...M.D...M.D...M.E...MFE...M.E...M4F...M<F...MCF...MhF...MIG...M.G...MJH...M.H...M.H...M.H...M.H...M.H...M.H...M#I...MmI...M.I...M.J...M%J...M8J...MiJ...M.J...M%K...M~K...M.K...MyL...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.M...M3M...M.M...M.M...M.M...M.M...M.M...M.M...M.M...M.N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\es.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):118125
                                                                                                                            Entropy (8bit):5.335522226016385
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:3/XvyXm+uKKLDdBk6YevJdYpYeFKqh3vijTxgFW9XlhgoMhoKWsHfL1w3OJ:3/2uKKffk61cpGl5aY2DC3w
                                                                                                                            MD5:2C8B6B9B30B62618C65237943C030E6A
                                                                                                                            SHA1:887717930C8D070F0BA965C8A215478653D3845F
                                                                                                                            SHA-256:4E1A07AC84554563488094169D2F68E29CF3B78C28C57E9E7EEC233A742440D4
                                                                                                                            SHA-512:B0792D483ADB7E51A2B219E44F08BB49E419CC7A17943B1F2E57316C907F16CB80151CAE1D5F117ECED002A56752908D90392A479ACCFD6D8C6F13A2B79A1B23
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l. 9..n.(9..o.-9..p.:9..q.@9..r.O9..s.`9..t.i9..v.~9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....#:....6:....F:....[:....s:....u:....y:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;.....;....";....);....:;....@;....H;....j;..*.u;..+.x;..,..;../..;..0..;..1..;..2..<..3..<..4.-<..5.L<..6..<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..=...M.=...M1=...MN=...M.=...M.=...M.>...M&>...M,>...M=>...MK>...Mv>...M.>...M6?...Mi?...Mr?...M.?...M.?...M.?...M.?...M.?...M.@...M%@...Mb@...Mm@...M.@...M.@...M.@...M.@...M.A...M:A...MJA...M\A...MaA...M.A...M.A...M$B...M.B...M.C...M3C...M^C...MnC...M.C...M.D...M.D...M.D...M.D...M%E...M.E...M.E...M.F...M.F...M8F...M3G...M.G...M'H...M.H...M.H...M.H...M.H...M.H...M.H...M.I...MVI...M.I...M.I...M.J...M/J...MrJ...M.J...MBK...M.K...M.K...M}L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.M...M;M...M.M...M.M...M.M...M.M...M.M...M.M...M.M...M.N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\et.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):106533
                                                                                                                            Entropy (8bit):5.440253172929359
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:04oj8c38UE3DyE4x2nQAGsg9juuLEC8hj6SpsPQHPD:04oAcsUEGE4x2CjNLSj6bPQH7
                                                                                                                            MD5:7C8BE63ADAE41CFA46A1A614DE18E842
                                                                                                                            SHA1:EB11A953DDFE42DCBB5A4AEEA0A40B6B18F596B4
                                                                                                                            SHA-256:0E3AF6B70BFB8F28542CAF5D6AC7086B248E31CA5D31621D417154964CFAE3BE
                                                                                                                            SHA-512:4F5C6B976D9AC82002259E75C5AFBE211BE096F238882B912A97A9FA4ECF7103CC164E7475EBEB4B33794999668744AAA5465C059ACCCF5C467391FDBC386761
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k.!9..l.,9..n.49..o.99..p.F9..q.L9..r.[9..s.l9..t.u9..v..9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....2:....B:....T:....i:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;.....;....*;....0;....6;....O;..*.Z;..+.];..,.{;../..;..0..;..1..;..2..;..3..;..4..;..5..<..6.Q<..7.h<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...ME>...M.>...M.>...M.>...M&?...M5?...MY?...M_?...Mm?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M_@...M.@...M.@...M.@...M.@...M.@...M.@...MEA...M.A...M.B...M/B...MRB...M`B...MyB...M.B...M.C...M.C...M.C...M.C...MgD...M.D...M.D...M.D...M.E...M.F...M.F...M.F...M#G...M=G...MEG...MQG...MXG...MjG...M.G...M.G...M.G...MTH...MtH...M.H...M.H...M.I...MVI...M.I...M.I...M8J...M?J...MBJ...MGJ...M]J...MuJ...M.J...M.J...M.J...M.J...M.J...M.J...MCK...McK...M.K...M.K...M.K...M.K...M.K...M.K...N>L

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\fa.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):166973
                                                                                                                            Entropy (8bit):5.150730715318144
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:OsXO94RawKa8M+6NS9/W2ESEmmzR2XQmN4o67sbdxv7f5b8YIO/ECu3v8jdr8Zew:OsXA4RawKa8M+6NS9/W2ESEmmV2XQmNI
                                                                                                                            MD5:00BC7A02631C7DE396537EE08DEEEC7C
                                                                                                                            SHA1:063C897B59CD70955CEE3CA27D8743A0989F0A86
                                                                                                                            SHA-256:93EB27E9A20061666F36D93D2271547FCE61191894DADA922DDE3BD71819CDEC
                                                                                                                            SHA-512:CEBCB30A0AEFC0ACD5F672E7B18CDDBC446997F17911EE2A1468141ED4FEA7C7D5E7DB7B613275A4FDE8261204A72FE485F5A8289238C8ED842182F8839E34F2
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..8..o..8..p..8..q..8..r..9..s..9..t.#9..v.89..w.E9..y.K9..z.Z9..|.`9..}.r9....z9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....,:....V:....}:.....:.....:.....:.....:.....:.....:.....:.....;....4;....;;....>;....O;....`;....n;....v;....};.....;.....;.....;.....;..*..;..+..;..,..<../.6<..0.D<..1..<..2..<..3..<..4..<..5..=..6.m=..7..=..>..=..?..=..N..>..g..>..i..>..j..>..k..>..l.'>...M1>...M.>...M.>...M.?...M.?...M.?...M.?...M.@...M4@...MB@...M.@...M.@...M.A...M.B...M.B...MfB...M{B...M.B...M.B...M.B...M.C...M,C...M.C...M.C...M.C...M.C...M.C...M.C...MgD...M.D...M.D...M.D...M.D...M.E...MjE...MVF...M+G...M.H...M.H...MdH...MuH...M.H...M.I...M.J...M.J...M.K...MfK...M%L...M.L...M.M...M6M...MeM...M.O...M.P...M.Q...M.R...M[R...MwR...M.R...M.R...M.R...MgS...M.S...MMT...MvT...M.T...M.T...MgU...M.U...M]V...M.V...MfW...MpW...MvW...M|W...M.W...M.W...M.W...M.W...M.X...M.X...MHX...M|X...M.Y...M)Y...MaY...MpY...M.Y...M.Y...M.Y...M.Y...N{Z...N.^...N*^...N@^

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\fi.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):108740
                                                                                                                            Entropy (8bit):5.416198513812839
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:n7MzQSWmrTJqWUEvIj+EEz18Ml8R/qxmlPjNM1zOA9mRf:7y97EEz18MSqK4Of
                                                                                                                            MD5:4215D02D92E1BE2E182197A0BB87EF29
                                                                                                                            SHA1:005CC2D1ED5039FC34FC14270344EBC938760554
                                                                                                                            SHA-256:22B97C139D11B485B2C9EBD8D86708D38BB9F7044D7171C846F516CA9BBB27FB
                                                                                                                            SHA-512:B0B71716B8D7867392825980E65D3A60C84F302DCF0B6ED7CF1EA0D8B605D1A82ACCEE03C3E639851FEB1273CBD327C14D82E497D6B70977272992BB227D21C5
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p..9..q."9..r.19..s.B9..t.K9..v.`9..w.m9..y.s9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:....#:....6:....O:....Q:....U:....Z:....i:....u:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;..*..;..+.!;..,.?;../.a;..0.o;..1..;..2..;..3..;..4..;..5..;..6.4<..7.S<..>.s<..?.|<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...MA>...M.>...M.>...M.>...M.?...M.?...M3?...M8?...MG?...M[?...Mh?...M.?...M.?...M.?...M.?...M.?...M.?...M*@...MO@...Ma@...Mr@...Mx@...M.@...M.@...M*A...M.A...M.A...M.A...M)B...M6B...MZB...M.B...M.C...M.C...M.C...M.C...M\D...M.D...M.D...M.D...M.D...M.E...McF...M.F...M.G...M)G...M-G...M;G...MGG...MTG...MuG...M.G...M.G...M4H...MFH...MUH...M}H...M.H...M.I...MZI...M|I...M.I...M.I...M.I...M.J...M.J...M/J...MEJ...MFJ...MVJ...MYJ...M.J...M.J...M.J...M.J...M.K...M K...MDK...MKK...MXK...M}K...N.K

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\fil.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):121406
                                                                                                                            Entropy (8bit):5.18070124653139
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:2FJpOddYffVmLeA23EzLNvuNpEWnGkplKgcAM64CzPEhhYkZzQ11PdXXcM4:+JudENM27KgcAaCzy7VwpXc5
                                                                                                                            MD5:919D0BAE6D964906176CEC8530C019BA
                                                                                                                            SHA1:AB41E78A91314608FFA0CEC927B4E001B3833E4A
                                                                                                                            SHA-256:851650876E64FBE8404A15D79984B8983A8F1B04B0F918EC3D700AEC09C0C4AA
                                                                                                                            SHA-512:1E816EA6117511E49648EF5A110420B4F264C1DD85BAA7381173529A17A97440CB6A646A89697BDBCEE4CDA0AD6849F9B3391EEAE0083412A8BBD42A76409A01
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l. 9..n.(9..o.-9..p.:9..q.@9..r.O9..s.`9..t.i9..v.~9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....(:....=:....S:....o:....q:....u:....{:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;....$;....5;....<;....D;....k;..*.y;..+.|;..,..;../..;..0..;..1..;..2..<..3..<..4.&<..5.G<..6..<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M+=...MB=...M.=...M.=...M.=...M.>...M.>...M.>...M(>...MD>...Ml>...M.>...M.?...M!?...MF?...MQ?...Mo?...My?...M.?...M.?...M.?...M.?...M.@...M.@...M.@...M+@...M:@...M.@...M.@...M.@...M.@...M.@...M.@...M.A...M.A...M.A...MeB...M{B...M.B...M.B...M.B...MrC...M4D...MFD...M_D...M.D...M.D...M.E...M.E...M.E...M.E...MSG...M.H...M.H...M.I...M&I...M0I...MDI...MLI...M[I...M.I...M.I...M.I...MYJ...MxJ...M.J...M.J...M*K...MwK...M.K...M.K...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.M...M.M...M.M...M.M...MBM...MaM...M.M...M.M...M.M...M.M...M.N...M#N...M5N...M\N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\fr.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):127320
                                                                                                                            Entropy (8bit):5.3630125118970025
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:e7F8GwnwTJ3WRGbJK9G1dZ83gCl+NlkyUpSQz+RHD+IwKByroFDuFcVXYwgcYyNL:e73TRWRGdaG1dZ8QCl+NlkyUpStRHD+m
                                                                                                                            MD5:9442FBFC2B150479F4836706313E42C2
                                                                                                                            SHA1:4600FFC3E1BB3BCB1B3A2B40AA23E97FDCD1BF4F
                                                                                                                            SHA-256:01D05239FECB14FF5E20E2A25F16238BBCA41665770F4E5214C22B47DA3A5C87
                                                                                                                            SHA-512:4965FB48FF272615F4374183E631D54596AAADC651D729A38F3D03304CC41C927BDE8562F2C6D2068F96C09A772A6F5F3A00D0EAC7DCE433C555252B2B50B559
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p."9..q.(9..r.79..s.H9..t.Q9..v.f9..w.s9..y.y9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:.....:....1:....@:....B:....F:....M:....Z:....h:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....8;..*.B;..+.E;..,.c;../.z;..0..;..1..;..2..;..3..;..4..<..5. <..6.l<..7.}<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.=...M&=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...MI>...Mq>...M.>...M)?...M+?...MX?...Mi?...M.?...M.?...M.?...M.?...M.?...M1@...M:@...MP@...M[@...Mr@...M.@...M.@...M.A...M.A...M,A...MPA...M.A...M.B...M.B...M/C...MKC...MqC...M.C...M.C...M2D...M.E...M.E...M.E...M`E...M.E...M.F...M.F...M.F...M.F...M.H...M.I...MFJ...M.J...M.J...M.J...M.J...M.J...M.K...MhK...M.K...M.L...M,L...M?L...MtL...M.L...M_M...M.M...M.M...M.N...M.N...M.N...M.N...M.N...M.N...M.N...M.O...M.O...M.O...M%O...MSO...MwO...M.O...M.O...M.O...M.O...M.P...M'P...M5P...M^P...N.P...NtS

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\gu.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):234414
                                                                                                                            Entropy (8bit):4.447163191425168
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:F4Sbi+ia1A626OO8n3U8IrJcKYdO3C362oY5mPVOCogPB/KO4ue5GmdRPIt2pTsm:F4SeAjar
                                                                                                                            MD5:2E015F0AD58E22B8EAF60E4D727AA3A0
                                                                                                                            SHA1:DBA0B894F32AD6507EA6A41917C0631F06F2C03E
                                                                                                                            SHA-256:168C12E17D1A41D8C4913E0BE19097BAD272C38FFB7876514D6E98F448109B5C
                                                                                                                            SHA-512:3AA797FECAA53F8DD71B6952D0D04AF06E0003683FB5B77234D183D0AEED9350470AEBECEEAF42CDD4B50A2E7CAF09A96DF6802B1D6B829AB4BBA41DBAEC6503
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o..9..p.&9..q.,9..r.;9..s.L9..t.U9..v.j9..w.w9..y.}9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....Z:....|:.....:.....:.....;.....;.....;....N;....d;....z;.....;.....;.....;.....<.....<.....<.....<....1<....J<....i<....|<.....<.....<.....<.....<.....=..*.,=..+./=..,.M=../..=..0..=..1..>..2.!>..3.D>..4.~>..5..>..6..?..7.K?..>..?..?..?..N..?..g..?..i..@..j..@..k..@..l..@...M.@...Ml@...M.@...M.A...M.B...MLB...MUB...MjB...M.B...M.B...M.C...M.C...M.D...M.D...M.E...MNE...MjE...M.E...M.E...M.E...M$F...MPF...M.G...M G...MQG...M`G...M.G...M.G...MLH...M.H...M.H...M.H...M.H...M5I...M.I...M.J...M.K...M.L...M.L...MMM...MvM...M.M...M.N...M.P...M.P...M.Q...M.Q...M.R...M.S...M.T...M;T...M.T...MNX...M.Y...M.[...M.[...M.[...M.[...M.\...M*\...MS\...M.\...M^]...M.]...M.^...M.^...M$_...M~_...Mg`...M8a...M.a...M7b...M~c...M.c...M.c...M.c...M.c...M&d...M.d...M.d...M.d...M.e...M.e...MSe...M.e...M:f...Mgf...M.f...M.f...M<g...MXg...Mrg...M.g

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\he.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):146562
                                                                                                                            Entropy (8bit):4.808833826707293
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:t4hSnWQ6QWgciXLpi3lH65sVN3XTnwVFHNEF:eonWQ6ziXLpi3lH65sV5XTnwVFHNEF
                                                                                                                            MD5:70DE839CAF5F0CAECCC5A2B7DD438583
                                                                                                                            SHA1:AA4B932B2313BCA859568D62E8C12F9249D7BB81
                                                                                                                            SHA-256:66CE4CFEB8328CF1B44AE76EE77C16E59C6A6550B64937931D5A05F161FD8479
                                                                                                                            SHA-512:73620DD618971C3301535A1DBC2FD58CC81CD3B2DC3D90A388DFA01FA5516304DCDBC5B362EF7E899310AFE28F3D5E3B0695263C82339443AB2D29DF03253348
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..8..o..9..p..9..q..9..r.#9..s.49..t.=9..v.R9..w._9..y.e9..z.t9..|.z9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:..../:....H:....a:....~:.....:.....:.....:.....:.....:.....:.....:.....;.....;....&;....);....*;....4;....I;....S;....];....h;....|;.....;.....;.....;..*..;..+..;..,..;../..;..0..;..1.<<..2.Q<..3.d<..4..<..5..<..6..<..7..=..>.)=..?.:=..N.S=..g.`=..i.c=..j.g=..k.l=..l.t=...My=...M.=...M.=...M.>...M.>...M.>...M.>...M.?...M ?...M,?...MW?...M.?...MW@...M.@...M.@...M.@...M.A...M6A...M>A...MMA...MqA...M.A...M.A...M.A...M.A...M.B...M B...M7B...M.B...M.B...M.B...M.B...M.B...M)C...MeC...M.C...M.D...M+E...MCE...MuE...M.E...M.E...M\F...MKG...MhG...M.G...M.G...MtH...MbI...MtI...M.I...M.I...MPL...MzM...M.N...M.O...M1O...M;O...MRO...M_O...MtO...M.O...M.P...M=P...M.P...M.P...M.Q...MVQ...M.Q...M!R...M.R...M.R...MkS...MuS...M.S...M.S...M.S...M.S...M.S...M.S...M.S...M.T...M.T...M=T...MrT...M.T...M.U...M>U...MMU...M|U...M.U...M.U...M.U

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\hi.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):242396
                                                                                                                            Entropy (8bit):4.416832886294876
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:ifF4UAdBqz5cwfKSIvGx3cBEVhkDNo4O/S/+fm9NLokKF3mLORvTH+f+oELIBKfN:ihAi7GPU
                                                                                                                            MD5:361F04E0A4176AC478B7B7674779388C
                                                                                                                            SHA1:68B4E7A9A31E0F9450C856D073B8D03613AE9816
                                                                                                                            SHA-256:95F89C3429C3692F7239551565C584FAAC04D8AE71FBE5B359892E7538FBD35C
                                                                                                                            SHA-512:7DCDBD9E3F9AD940C3140325527D37DC5EF90C7DCF460395928D48FB2742FD5FD7B60DD64FBB7BA523D46CD658BD5BD85D492BAC0A65A8D1634789B6D27CA119
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..8..o..8..p..9..q..9..r..9..s.*9..t.39..v.H9..w.U9..y.[9..z.j9..|.p9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....P:....r:.....:.....:.....:.....:.....:.....;....2;....W;....y;.....;.....;.....;.....;.....<.....<.....<....4<....M<....c<.....<.....<.....<.....<.....=..*.&=..+.)=..,.G=../..=..0..=..1..>..2.=>..3.]>..4..>..5..>..6.)?..7.s?..>..?..?..?..N..@..g..@..i.1@..j.5@..k.:@..l.H@...MM@...M.A...MmA...M.C...M.C...M%D...M1D...MCD...M.D...M.D...M.D...MrE...M$G...M.G...M.G...M`H...M.H...M.I...M6I...MoI...M.I...M.I...M.J...M.J...M.J...M.J...M.K...M.K...M.K...M3L...McL...M.L...M.L...M.L...MlM...McN...MMO...MDP...MpP...M.P...M.P...M.Q...MSR...M.S...M.T...MYT...M.T...M'V...M>W...MuW...M.W...M.W...M.Z...MW\...M.]...M.^...MW^...Mm^...M.^...M.^...M.^...M__...M.`...M.`...M.a...M.b...M9b...M.b...MYc...M)d...M.d...M.e...M.f...M.f...M.f...M.f...MHg...M.g...M.g...M.g...M.h...M.h...M.h...M?i...M.i...M.j...MNj...M.j...M.j...M.j...M;k...N!l...N.r

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\hr.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):116226
                                                                                                                            Entropy (8bit):5.498116138812957
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:2A3a1zKRUAGC5+leWq8ljdpIXpUa+GULbakWqTMMokZk7CuVKkx9s:+1sKx
                                                                                                                            MD5:7BEE03725BA9ACE3CB2AAF64CF0C26A2
                                                                                                                            SHA1:076F0CE744BAD1CF242325D5B2378B501E069D38
                                                                                                                            SHA-256:E16A6391049E4D851A50EBFE3B7AF3CC5346DFD28E305F22EAFB6D5E6B360941
                                                                                                                            SHA-512:1A27E5159225604513BBBB5F4165CE7CB52CCA22D0C6F32B6C2A74C4809D00BDC3A38112EA9BBA0C09038960F9113146996F8801E764237164816A654E813510
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l..9..n.&9..o.+9..p.89..q.>9..r.M9..s.^9..t.g9..v.|9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....':....3:....A:....R:....T:....X:....`:....l:....z:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;....<;..*.G;..+.J;..,.h;../..;..0..;..1..;..2..;..3..;..4..;..5..<..6.Y<..7.r<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M(>...MW>...M.>...M.?...M.?...ME?...MU?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M.@...M9@...MJ@...M.@...M.@...M.@...M.@...M.@...M.A...M4A...M.A...M.A...MeB...MyB...M.B...M.B...M.B...M>C...M.C...M.D...M.D...M[D...M.D...M.E...M.E...M.E...M.E...M.G...M.H...M.I...M.I...M.I...M.I...M.J...M.J...M(J...MJJ...M.J...M.J...M.K...M/K...MFK...MnK...M.K...M.L...MsL...M.L...M.M...M5M...M;M...MAM...MYM...MnM...M.M...M.M...M.M...M.M...M.M...M.M...M9N...MNN...MiN...MpN...M.N...M.N...M.N...M.N...NPO

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\hu.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):124821
                                                                                                                            Entropy (8bit):5.6270043020548
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:J/wQ7LPT2sXViHCw/eiGSY20gtdAaWdpEYLt543ICm:J/R7YeiGZgjWdpE6u3ICm
                                                                                                                            MD5:14D81146EC6E0DDF4B14FA7B2DF372C3
                                                                                                                            SHA1:9C77F0F0C959F2CB21E283B352176596A77992FD
                                                                                                                            SHA-256:588CB3F8F455616281FE991D5D060A9BD1567DD439DCD5E76149EC88031BA568
                                                                                                                            SHA-512:9FCBFD48FEC75F0EAE99D78A7750B9444A77CC49AAC8604FCE7952CB42C021CE625CD2449897EEFC4AA31056C7611B4DB014306DCA3E51CB173BA7EA6F0F5756
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o..9..p.&9..q.,9..r.;9..s.L9..t.U9..v.j9..w.w9..y.}9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:..../:....E:....Z:....n:....p:....t:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;....%;....2;....B;....K;....U;....l;....r;....x;.....;..*..;..+..;..,..;../..;..0..;..1..<..2."<..3./<..4.L<..5.n<..6..<..7..<..>..<..?..<..N..=..g..=..i..=..j..=..k..=..l.#=...M(=...MY=...M{=...M;>...MI>...M{>...M.>...M.>...M.>...M.>...M.>...M.>...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M/@...ME@...M[@...M.@...M.@...M.@...M.@...M.@...M.@...M(A...MNA...M^A...MqA...MvA...M.A...M.A...M'B...M.B...M.C...M)C...MSC...MgC...M.C...M.D...M.D...M.D...M.E...MCE...M.E...M:F...MMF...MZF...MwF...M.G...M.H...M.H...M.H...M.H...M.H...M.I...M"I...M9I...MdI...M.I...M.I...MMJ...MrJ...M.J...M.J...MFK...M.K...M.L...M-L...M.L...M.L...M.L...M.M...M.M...M.M...M8M...MIM...MJM...M^M...MaM...M.M...M.M...M!N...M:N...MSN...MZN...M.N...M.N...M.N...M.N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\id.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):105891
                                                                                                                            Entropy (8bit):5.3364193456898334
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:3wQmPfs/Vl95KW5ueIJ8WsAzaZT3AcCgA:3yfSvtwsEaJM
                                                                                                                            MD5:D0517C1BF9A89E06ED2B510B9408E578
                                                                                                                            SHA1:71494250010ED09B55F3879488D4566808A8398B
                                                                                                                            SHA-256:19A6AA1CD288AE30461AC43CEBD31B50919B2D949D586F877BBB1CDA96A9F3A3
                                                                                                                            SHA-512:20B5465633CEB58CB28207885D83DBD30409B29B051FA9FF5A188550241F6F220BA8FB5D4BDB6ABCB54DAB34D1CFFEC5DDD783471E8D32B31D3A6D7730F0EDCD
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..9..o..9..p..9..q..9..r.-9..s.>9..t.G9..v.\9..w.i9..y.o9..z.~9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:.... :....2:....4:....8:....@:....H:....]:....n:....}:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;..*..;..+..;..,.5;../.E;..0.I;..1.};..2..;..3..;..4..;..5..;..6..<..7..<..>.'<..?./<..N.@<..g.I<..i.L<..j.P<..k.U<..l.]<...Mb<...M.<...M.<...M5=...M<=...M`=...Mf=...Ml=...M.=...M.=...M.=...M.=...M?>...Mf>...Mn>...M.>...M.>...M.>...M.>...M.>...M.>...M.?...MJ?...MS?...Mc?...Mi?...Mv?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...MG@...M.@...M.A...M.A...M.A...M.A...M.A...M.A...M|B...M4C...MCC...MUC...M{C...M.C...MRD...MbD...MpD...M.D...MlE...M.E...M\F...M.F...M.F...M.F...M.F...M.F...M.F...M.F...M?G...MjG...M.G...M.G...M.G...M.H...MfH...M.H...M.H...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.J...M.J...M.J...M.J...M=J...MbJ...M.J...M.J...M.J...M.J...M.K...M.K...M.K...M:K

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\it.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):115589
                                                                                                                            Entropy (8bit):5.267187178658603
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Z2zga5TIU3kiyYJpiyN4tA7kxA74dgBzJZPP07u/C:4sa5TIU3kdCEyN4tA7kxA74qbZnMu/C
                                                                                                                            MD5:812115CCF85CB84B2EA167A16E16587B
                                                                                                                            SHA1:317E50A1C4C7D8C46554822B43A81A0D8237DFD6
                                                                                                                            SHA-256:52C78A10A5EC39BC046B594F4D89A311A26C6A29E475824DC3FB1A1BA4AC9F37
                                                                                                                            SHA-512:5FD4B625910BF06055EB8FED311284B1347F85C769F8C3E7A57D4D7D73E20576E873DD2F579B8AAF494AD4EE4885B6850060D4893D2CE43E82872161C93F3982
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o..9..p.*9..q.09..r.?9..s.P9..t.Y9..v.n9..w.{9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....":....1:....J:....[:....]:....a:....h:....t:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;....*;....2;....8;....V;..*.b;..+.e;..,..;../..;..0..;..1..;..2..;..3..;..4..<..5.<<..6..<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.=...M7=...M.=...M.=...M.>...M.>...M.>...M(>...M4>...Mh>...M.>...M;?...Mf?...Mk?...M.?...M.?...M.?...M.?...M.?...M.?...M.?...M3@...M<@...MU@...MZ@...Mk@...Mv@...M.@...M.@...M.@...M.A...M.A...M'A...MSA...M.A...M B...M.B...M.B...M.B...M.B...M.C...M.C...M.D...M.D...M.D...M.D...MUE...M.E...M.E...M.E...M.F...M(G...M.G...M1H...M.H...M.H...M.H...M.H...M.H...M.H...M8I...MlI...M.I...M.I...M.J...MIJ...M.J...M.K...M\K...M.K...M4L...M<L...MDL...MHL...MLL...McL...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M,M...M=M...MVM...M`M...M.M...M.M...M.M...M.M...N.N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ja.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):139992
                                                                                                                            Entropy (8bit):5.81571434795241
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:JgUd1K9tHhKyhM4AhLdcHmB46apsg+7hB+nF0bcN8VW:Jgu10B5AhLdcmci9B+FccN8VW
                                                                                                                            MD5:F8DCD5F1433D83464B44265449DE812C
                                                                                                                            SHA1:47763205F105E19CADAFDEB1CDEC6F45001F2C58
                                                                                                                            SHA-256:F932BA21D0857C5C92DD3D24E49F3FCC4F9423FE1E2180FE26F9C0BF669C8C3B
                                                                                                                            SHA-512:76B8C4154F7DE55E0AD958CD122EC650F3289BF4F92C03E45E6E03B6467D09387115D5894F19C1B108869A2EE02CE2D476CB2C943191E0FC42AD0183478A7EB8
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:..........1.j..8..k..8..l..8..m..8..o..8..p..8..q..8..v..8..w..8..y..9..z..9..|..9..}.)9....19....69....>9....I9....Q9....`9....e9....m9....t9....{9.....9.....9.....9.....9.....9.....:....9:....;:....?:....K:....Z:....`:....{:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;....0;....6;....<;....\;..*.b;..+.e;..,..;../..;..0..;..1..;..2..<..3..<..4.8<..5._<..6..<..7..<..>..<..?..<..N..=..g..=..i..=..j..=..k."=..l.*=...M/=...M}=...M.=...M|>...M.>...M.>...M.>...M.>...M.>...M.>...M.?...MK?...M.@...ME@...M.@...M.@...M.@...M.@...M.@...M.A...M.A...MqA...MzA...M.A...M.A...M.A...M.A...M.B...MSB...MtB...M.B...M.B...M.B...M.B...MkC...M.C...MkD...M}D...M.D...M.D...M.D...MmE...M>F...MOF...MsF...M.F...MjG...M.G...M.G...M.H...MHH...M3I...M.I...MYJ...M.J...M.J...M.J...M.J...M.J...M.K...MGK...M.K...M.K...MSL...MgL...MyL...M.L...M.L...MHM...M.M...M.M...M.N...M.N...M.N...M.N...M.N...M.N...M.O...M.O...M.O...M.O...MUO...M.O...M.O...M.O...M.P...M"P...MFP...MLP...M]P...M~P...N.P...N.R...N.R...N.R

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\kn.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):266758
                                                                                                                            Entropy (8bit):4.346445064989586
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:qmZALI+U4gJEg7n3+aDu6F1TU17JQOfCKJfc:1Zxag+suby
                                                                                                                            MD5:ACAB21F3FAFC58F1F42016F33D032158
                                                                                                                            SHA1:682F11E3C282724093179C85A7DF7D0992495CD4
                                                                                                                            SHA-256:8031157FC7EE856546FB3551E1F54E36899656447C2BF3C6D48E69BF57137B7F
                                                                                                                            SHA-512:D96DFBCD561B10848E874D1B93A8F3326F2BCF4E06389FACC0352EDFB4A5B4FFAE688D19B2EFF6B0B8F125F1A1B449CAE18352A61014986D5B3B354FC1BF6C64
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o..9..p.,9..q.29..r.A9..s.R9..t.[9..v.p9..w.}9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....x:.....:.....:....&;....r;....t;.....;.....;.....;.....;.....<....S<.....<.....<.....<.....<.....<.....<.....=....0=....H=....[=.....=.....=.....=.....=..*..>..+..>..,./>../.`>..0.~>..1..?..2.+?..3.C?..4..?..5..?..6.a@..7..@..>..@..?..@..N.@A..g.\A..i._A..j.cA..k.hA..l.vA...M{A...M.A...MLB...M.C...M.C...MDD...MPD...MnD...M.D...M.D...M$E...M.E...M.F...M_G...M}G...M.G...M.H...MAH...M_H...M.H...M.H...M.I...M.I...M.J...M1J...M@J...MrJ...M.J...MAK...M.K...M.K...M.L...M,L...MlL...M.L...M6N...M:O...MLP...M.P...M.P...M.Q...MjQ...M.R...M.U...M'U...M|U...M.V...MYW...M.X...M.Y...M>Y...M.Y...M.]...M'_...M.`...MBa...M.a...M.a...M.a...M-b...M.b...M.c...M.c...M"e...MUe...M.e...M.f...M.g...M.g...M.h...MAi...M.j...M.j...M.j...M.j...M.j...MMk...M.k...M.k...M.k...M$l...M'l...Mel...M.l...M~m...M.m...M.m...M.m...M[n...Mjn...M.n...M.n...N.o

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ko.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):117142
                                                                                                                            Entropy (8bit):6.127484707212581
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:AA7CdcczqtrYNAgWCYeHw0pFSCuUkprTUOKV0/4KiWg3qbUSwDx:AA7Y+t1AW0fSwN
                                                                                                                            MD5:95239FDEF6E852DF2D2E9D52DD99B622
                                                                                                                            SHA1:360BE5E62AC4573EE1A6BFA7EFFBE245C039862D
                                                                                                                            SHA-256:F77338AA0FE86F36CAE03BD13C488BDD320C3ABDA336C8F464EE2B8A0B17E7AE
                                                                                                                            SHA-512:0B09790B0FC21BB838ED6FCBFE2BB7DC41A7AB8D424A5057FC3BFB701BE2B414E4A8F55980CDF4BE116679C21116D24349D7B058F134FB959C7A040946594B0D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:..........3.j..8..k..8..l..8..m..8..o..8..p..8..q..8..r..8..s..8..t..8..y..9..z..9..|..9..}.'9..../9....49....<9....G9....O9....^9....c9....j9....q9....s9.....9.....9.....9.....9.....9.....9.....9.....:.....:.....:....-:....::....S:....i:....p:....s:....|:.....:.....:.....:.....:.....:.....:.....:.....:..*..:..+..:..,..;../.$;..0.0;..1.u;..2..;..3..;..4..;..5..;..6..<..7.%<..>.<<..?.M<..N.a<..g.k<..i.n<..j.r<..k.w<..l..<...M.<...M.<...M.<...Mz=...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M.>...M.?...M.?...M$?...M*?...M7?...MD?...MT?...M.?...M.?...M.?...M.?...M.?...M.?...MC@...Mw@...M.@...M.@...M.@...M.@...M.@...MiA...M.A...MaB...MxB...M.B...M.B...M.B...MnC...MiD...MzD...M.D...M.D...MEE...M.E...M.E...M.E...M.E...M.G...M.G...M.H...MVH...M.H...M.H...M.H...M.H...M.H...M1I...MdI...M.I...M.I...M.J...M*J...M.J...M.J...M(K...MMK...M.K...M.K...M.K...M.L...M!L...M;L...M<L...MOL...MRL...M.L...M.L...M.L...M.M...M4M...M=M...MQM...MWM...MiM...M.M...N.M...N<O...NPO...N^O...NkO...N{O

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\lt.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):126902
                                                                                                                            Entropy (8bit):5.611814673108179
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:fWb1GOLr5hR5d8FY4KKUMBFa9M0YN5f+R6mK5rmz3MWthg5mVFuqv6SP5nGWSgAa:ub1pLrTpK1BFasmRRbX/zPuqv6SP5nv
                                                                                                                            MD5:6E6993270327064CAD2FF0784F20585A
                                                                                                                            SHA1:924A2CE4FFFEE99F29CBEE875CD5ABAB2E814888
                                                                                                                            SHA-256:848C219486A434EF18EDDE0F16BE9BEC475E2D7626E9D8064ACF25D793FDE434
                                                                                                                            SHA-512:F6A21975836A64A9DBEB76005C63A19D450A3E9D1C9381FC7DA23CB8A96A3E33DA204EBB4A192E608154DC71E13C555FCF97E0FD262681F2FEC54FE0F8AC6DEC
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o..9..p.,9..q.29..r.A9..s.R9..t.[9..v.p9..w.}9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....":..../:....C:....T:....V:....Z:....c:....s:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....&;....+;....5;....S;..*.`;..+.c;..,..;../..;..0..;..1..;..2..;..3..<..4.#<..5.K<..6..<..7..<..>..<..?..<..N..<..g..=..i..=..j..=..k..=..l.&=...M==...Ma=...Mu=...M.>...M#>...MI>...MR>...Mj>...M}>...M.>...M.>...M.>...Mb?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M&@...M;@...Mt@...M~@...M.@...M.@...M.@...M.@...M.A...M?A...MRA...McA...MjA...M.A...M.A...M1B...M.B...MHC...MbC...M.C...M.C...M.C...MUD...M.E...M+E...MCE...MlE...M.E...M.F...M.G...M.G...M>G...MhI...M.J...M.K...M.L...M8L...MAL...MWL...M`L...MsL...M.L...M.M...M8M...M.M...M.M...M.M...M$N...M.N...M.N...MFO...M.O...MQP...M\P...MbP...MgP...M.P...M.P...M.P...M.P...M.P...M.P...M.P...M.Q...MLQ...MgQ...M.Q...M.Q...M.Q...M.Q...M.Q...M.Q...N.R

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\lv.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):125989
                                                                                                                            Entropy (8bit):5.602154685779625
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:T2oRkQAoXgAcOARc9qZGBI4M+hzLEz0YRUVBIr1R8b4zSuAhaIGhcmE42QWa7EmB:T2oSAcOAIqZG9GUVBIr8EBzfatdI
                                                                                                                            MD5:E21A8A96D9F17E1F9E3EDE2CB66EEA9B
                                                                                                                            SHA1:E3F456B5D238CE2095E7A51A4250FE26C361BFDC
                                                                                                                            SHA-256:1DA6722966D120BBC418C66068BB22B12911D11BE94232786BED1A8AE5CE5090
                                                                                                                            SHA-512:F0B4FEDB0BCED810A63E00321EE17DDC20B340E9AD458D6CD8598E4F6F0C26307421C0417DEF39ADD0E9DF3991A910F67F54E8BD93FE7770E47E83E675C46F40
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l.&9..n..9..o.39..p.@9..q.F9..r.U9..s.f9..t.o9..v..9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....2:....E:....[:....w:....y:....}:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;....%;....,;....>;....F;....Q;....r;..*..;..+..;..,..;../..;..0..;..1..<..2..<..3.(<..4.><..5.c<..6..<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..=..l..=...M.=...M6=...MR=...M.=...M.>...M%>...M.>...M<>...MO>...M[>...M.>...M.>...ME?...Mp?...Mx?...M.?...M.?...M.?...M.?...M.?...M.@...M)@...Me@...Mq@...M.@...M.@...M.@...M.@...M.@...M"A...M8A...MMA...MSA...MhA...M.A...M.B...M.B...M.B...M.C...M:C...MMC...MhC...M.C...M.D...M.D...M.D...M2E...M.E...MoF...MvF...M.F...M.F...M.H...M.I...MhJ...M.J...M.J...M.J...M.J...M.J...M.K...M3K...M}K...M.K...M.K...M.L...M1L...MeL...M.L...M.M...MQM...M.M...M.N...M.N...M N...M(N...M,N...MMN...McN...M.N...M.N...M.N...M.N...M.N...M.N...M6O...MMO...MrO...MyO...M.O...M.O...M.O...M.O

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ml.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):281028
                                                                                                                            Entropy (8bit):4.371158072177184
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:KcvuSg1YAyxjVU+YBkPQ4VxdEswJTYdh03W:FgCWEQWxd1yTq03W
                                                                                                                            MD5:7DABD95B96D90662432026C0A9AE1C22
                                                                                                                            SHA1:49EB49428D642BD906AED9B0B69870A843326EFD
                                                                                                                            SHA-256:50E5033485A6D2BCBDFC7EECD7AC26FE790A84642D9FF2C1E77FE976B18BF9A5
                                                                                                                            SHA-512:6A51F19543CD2E963BC83BB8A7753CCC3DC5A835F1E242338713DC01346F8716CEF9C3304A618E7FD3DB2224DA6D0678959FF87007891FF4EAD216AB452993CF
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o..9..p.&9..q.,9..r.;9..s.L9..t.U9..v.j9..w.w9..y.}9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....N:.....:.....:.....;....W;....Y;....];.....;.....;.....;.....<....D<....w<.....<.....<.....<.....<.....<.....<...."=....==....Y=.....=.....=.....=.....=..*.+>..+..>..,.\>../..>..0..>..1.??..2._?..3..?..4..?..5.8@..6..@..7..A..>..A..?..A..N..A..g..A..i..B..j..B..k..B..l..B...M#B...M.B...M.B...M.D...M.D...MUE...M^E...M.E...M.E...M.E...M1F...M.F...MBH...M.H...M.H...MFI...MeI...M.I...M.I...M.I...MZJ...M.J...M(K...MGK...MuK...M.K...M.K...M.L...M.L...M.M...M8M...MvM...M.M...M.M...MdN...M.O...M.P...M.Q...M=R...M.R...M.R...M;S...M.T...M.V...M.W...MYW...M.X...MHY...MYZ...M.Z...M.Z...M@[...M.^...M._...M._...M.`...M%a...M@a...Mea...M.a...M.a...M.b...M@c...M.c...M.d...M.e...Mke...M.e...M.f...M.g...Mzh...M.i...M.j...M.j...M.j...M.j...M'k...Mzk...M.k...M.k...M.k...M.k...MMl...M.l...MSm...M.m...M.m...M.m...Mpn...M.n...M.n...M.o...N.o

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\mr.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):229900
                                                                                                                            Entropy (8bit):4.436817953694277
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:A6vsAb2uMB6D/Wcq02zUITc7npSZhrFlWSLQMDd5dEB3xdTYjD069AH:Dcih
                                                                                                                            MD5:ABCC39ABC488CDBF73E44F53D74B15AF
                                                                                                                            SHA1:982F12328342EDDBACFBE45BE577D839568C96E0
                                                                                                                            SHA-256:5E19425A057DB47AAA1BBCADA3406F916F80B230B1CDF2B224BD37B1074D3D54
                                                                                                                            SHA-512:7CDC4B00A33079C4724912B715614AB691395C45004AA7C2C265139E47AF6785AA3309D9B8541387F56FBCCBA8043BACA9925189133FC64265D385E5625B1F89
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..8..o..8..p..9..q..9..r..9..s..9..t.79..v.L9..w.Y9..y._9..z.n9..|.t9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....?:....a:.....:.....:.....:.....:.....:....#;....9;....b;....~;.....;.....;.....;.....;.....;.....;.....<.....<....;<....N<....e<.....<.....<.....<.....<..*..<..+..<..,..=../.Z=..0.g=..1..=..2..=..3..>..4.J>..5..>..6..>..7..?..>.n?..?..?..N..?..g..?..i..?..j..?..k..?..l..?...M.?...MF@...M.@...M.A...M.B...MgB...MpB...M.B...M.B...M.B...M.C...MoC...MlD...M.D...M.D...M)E...MHE...MwE...M.E...M.E...M.E...M.F...M.F...M.F...M.F...M.F...M*G...MSG...M&H...MvH...M.H...M.H...M.H...M?I...M.I...M.J...M.K...M.L...M.L...M#M...MRM...M.M...M.N...M.P...M.P...M.Q...M.Q...M.R...M.S...M(T...MWT...M.T...M.V...M.W...M.X...MtY...M.Y...M.Y...M.Z...M.Z...MIZ...M.Z...Mh[...M.[...M.\...M.\...MB]...M.]...M.^...MW_...M$`...M.`...M.a...M.b...M&b...M5b...MAb...M.b...M.b...M.c...M.c...M7c...M:c...Myc...M.c...M<d...MYd...M.d...M.d...M.e...M"e...M9e...M.e

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ms.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):109253
                                                                                                                            Entropy (8bit):5.240377945558404
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:qPyfGs9Be0myfxd+pQkhKBSuYOYNjSshooah6Ko+8uaq:qPiGWBe09fxBkhKBSFZoj6KB8uaq
                                                                                                                            MD5:53E8B7262DB4C5B04BA5B39C07EDDB32
                                                                                                                            SHA1:9CB8946966547630CEE42DE04EB8604E6BB5AF86
                                                                                                                            SHA-256:45750905E13F94936534DCEC30CED984001CBBBA4F6FD4DB0D31D2F470ACDB2A
                                                                                                                            SHA-512:C71E2BD191C5EC6194E02F1C08AAE008C57B292405E4C291832BDFEDA656A5CB4A547F606D87D3F618AFCF731B4D6730F22C0E99093F312A0A004E5D9FEC7D11
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p..9..q.$9..r.39..s.D9..t.M9..v.b9..w.o9..y.u9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:....):....C:....Z:....\:....`:....i:....s:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;....#;....*;....?;..*.M;..+.P;..,.n;../..;..0..;..1..;..2..;..3..;..4..;..5..<..6.C<..7.Z<..>.v<..?.~<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M.>...M.>...M.>...M.>...M.>...M.?...M.?...M0?...M=?...Mt?...M.?...M.?...M.?...M.?...M.?...M.@...M%@...M1@...M9@...M@@...MY@...M.@...M.@...MKA...M.A...M.A...M.A...M.A...M.B...M.B...MBC...MQC...MaC...M.C...M.C...MSD...MgD...MuD...M.D...M.E...M.F...MtF...M.F...M.F...M.F...M.F...M.F...M.F...M.G...MaG...M.G...M.G...M.G...M.G...M*H...M.H...M.H...M#I...MEI...M.I...M.I...M.I...M.I...M.I...M.J...M*J...M+J...M9J...M<J...M`J...M.J...M.J...M.J...M.K...M.K...M*K...M.K...MAK...M[K...N.K

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\nb.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):107762
                                                                                                                            Entropy (8bit):5.393430072668215
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:2CEUCQlGnE+e4wF5iXRFqFbIm8VUvCA0hEYvOB:2CEFSGnl5K4FqFbIwCRo
                                                                                                                            MD5:BC1983B1C86BADB361FE07031A93FA48
                                                                                                                            SHA1:5BD14D7D7A335DD6457377FC0EAED07A56C369E6
                                                                                                                            SHA-256:229D8E46784F401EFF51E12B10DB88F4AA6ED62BC01271F830013B653807103D
                                                                                                                            SHA-512:FC9FCE048283F24B0EB8B37A4FA5F3223E927CD68568817E5561D9EF4224A35D899B5E0B8B311B57CD50922970C6CBAABD070377D704F65FB061463FFED6A765
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p. 9..q.&9..r.59..s.F9..t.O9..v.d9..w.q9..y.w9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:.....:.....:....E:....G:....K:....P:....W:....b:....o:....z:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:..*..;..+..;..,.&;../.7;..0.<;..1.k;..2.w;..3..;..4..;..5..;..6..;..7..<..>.!<..?.&<..N.2<..g.><..i.A<..j.E<..k.L<..l.Q<...MV<...M.<...M.<...ML=...MR=...Mr=...My=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M.>...M.>...M.>...M.?...M.?...M ?...M8?...ME?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M)@...M9@...MI@...MO@...Md@...M.@...M.A...MnA...M.A...M.A...M.B...M.B...M"B...M.B...M*C...M9C...MIC...MuC...M.C...M?D...MOD...M\D...MxD...MfE...M.E...MJF...M.F...M.F...M.F...M.F...M.F...M.F...M.F...M:G...MeG...M.G...M.H...M.H...MIH...M.H...M.H...M;I...MfI...M.J...M.J...M.J...M.J...M0J...MHJ...MYJ...MZJ...MiJ...MlJ...M.J...M.J...M.J...M.K...M#K...M+K...MIK...MNK...M\K...MwK...N.K

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\nl.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):111430
                                                                                                                            Entropy (8bit):5.343689316295051
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:PtYZYE5LkD7hpkQAEgH7IINe/oAiTielDo0ytWQ:tAEKyTaZycQ
                                                                                                                            MD5:F1210067DC72E8C82444B2AD9A3F7897
                                                                                                                            SHA1:3CF8C6FCB93A5F79FE6190AA0551D673887125DA
                                                                                                                            SHA-256:D26F3E7F39231A9ACD60285989AB5BDA54039611BA2AE04CA5F79BC3195D4AA9
                                                                                                                            SHA-512:9339A285FC7DB00B9A755D09A17B224EC15E3EDDCFA60C5EFBCEBE556AFF277CB6DAA23A346A50BD1FDCF274A172C985FD74DCD362D635738F1734FFB466C00D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o.!9..p..9..q.49..r.C9..s.T9..t.]9..v.r9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....":....2:....C:....U:....W:....[:....i:....v:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....&;....+;....2;....D;..*.L;..+.O;..,.m;../.~;..0..;..1..;..2..;..3..;..4..;..5..<..6.I<..7.a<..>.~<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M(>...M.>...M.>...M.>...M"?...M+?...ME?...MM?...Mc?...Mx?...M.?...M.?...M.?...M.?...M.?...M.?...M.?...M'@...ME@...MS@...Ma@...Mf@...M|@...M.@...M.A...MwA...M.A...M.A...M.B...M+B...M?B...M.B...MpC...M.C...M.C...M.C...M-D...M.D...M.D...M.D...M.D...M.E...MbF...M.F...M.G...M;G...MDG...MSG...M[G...MjG...M.G...M.G...M.H...M.H...M.H...M.H...M.H...M9I...M.I...M.I...M.I...M.J...M.J...M.J...M.J...M.J...M.J...M.J...M.J...M.J...M.J...M.J...M K...M@K...M.K...M.K...M.K...M.K...M.K...M.K...M.K...M.L

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\pl.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):121945
                                                                                                                            Entropy (8bit):5.734581366180721
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:PZ2qrqqaRMa8ocxIQCUCNuz/N7mOM4kNsNYThIiU3pnLGku:PZ210IQCxw/5O4XYFIiU3pE
                                                                                                                            MD5:31200D5726B3D1CFBE9AC3BC7138A389
                                                                                                                            SHA1:E82F0300046E7CC9FFA13223C11CBB94D62C0DC6
                                                                                                                            SHA-256:74C96E5308732E4CE800DE37CF677D16BA05385B2AF1C087819095C49B4074E3
                                                                                                                            SHA-512:8AD600725C9EB97A73293B63BF15A853D2E12BB6CEC638A6E0F4060610486D3EB9E9BD5C10E607E569E6B631AE09B8D9DF46CEBC8BB962CEC3ADC0D63DC2F48F
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o.#9..p.09..q.69..r.E9..s.V9..t._9..v.t9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....):....7:....L:....a:....c:....g:....m:....w:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.... ;....&;....+;....E;..*.P;..+.S;..,.q;../..;..0..;..1..;..2..;..3..;..4..<..5.*<..6.a<..7.z<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M8>...Mm>...M.>...M.?...M&?...MN?...M]?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M(@...M5@...M.@...M.@...M.@...M.@...M.@...M.@...M.A...M.A...M.A...MjB...M.B...M.B...M.B...M.B...M^C...M.D...M.D...M0D...MhD...M.D...M.E...M.E...M.E...M.E...M.G...M.H...MGI...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M;J...M_J...M.J...M.J...M.J...M.K...MmK...M.K...M.L...M*L...M.L...M.L...M.L...M.L...M.L...M.L...M.L...M.M...M.M...M-M...M0M...MXM...M|M...M.M...M.M...M.M...M.M...M.N...M.N...M.N...M?N...N.N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\pt-BR.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):115671
                                                                                                                            Entropy (8bit):5.40438339961319
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:4oRTQC+sJxlPPDjynx7W4QBv0Y044YhBc6x0xGUPRy5hMeTO5R:4CJxJbenxK4QgOaWMeKL
                                                                                                                            MD5:7F150A17A11D43E395F571DD23951D88
                                                                                                                            SHA1:F8B8D6F89F63D92F04156F2B44B36B6045FD3723
                                                                                                                            SHA-256:72E1D3120D5F52F8485EEB2F0BE4298D5AF4D6F62A4D14E7D6AE2B635D89C0D9
                                                                                                                            SHA-512:DE39BB0DD9C8F948A67B9397789989AA900FA90249854181993CEBEA00717D45BA29CE56EB48B996B396E2B2236B580509A4BA127A190ED10D9AC3B91011EE2F
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n. 9..o.%9..p.29..q.89..r.G9..s.X9..t.a9..v.v9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....&:....6:....X:....m:....o:....s:....{:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.... ;....&;.....;....I;..*.T;..+.W;..,.u;../..;..0..;..1..;..2..;..3..;..4..;..5..<..6.O<..7.c<..>.{<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M2>...M.>...M.>...M.>...M.>...M.>...M.?...M!?...M=?...MM?...MZ?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...M/@...M<@...MN@...MX@...Mz@...M.@...M.A...M.A...M.B...M.B...M=B...MKB...MdB...M.C...M.C...M.C...M.D...M3D...M.D...M.E...M5E...MAE...M_E...M.F...M.G...MfH...M.H...M.H...M.H...M.H...M.H...M.I...M#I...McI...M.I...M.I...M.J...M!J...MHJ...M.J...M.K...MbK...M.K...M(L...M1L...M5L...M8L...MNL...MhL...MyL...MzL...M.L...M.L...M.L...M.L...M)M...M;M...MUM...M_M...M|M...M.M...M.M...M.M...N)N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\pt-PT.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):116176
                                                                                                                            Entropy (8bit):5.391049239941995
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:NdcqTNx9awqsrXC2zP5xqViwdehrxz2qKHFrLKOh91GkR9n:Xv4srXjtEVibUKOhvGkzn
                                                                                                                            MD5:553594AB0E163C6375EBE75524095DEC
                                                                                                                            SHA1:199A9E040D884A443E0AC6A2C7ED3FE914DC3FA5
                                                                                                                            SHA-256:BF2CCCDD3FA33D8C3B0FD145DDA1D7F10D60645F0108E19F6220B43CE01D05DF
                                                                                                                            SHA-512:30CDB1401884BB87438D221834F70B384744BABC474BCCFFEFDB031808505B24ADAB34C039240B6CC8FA2A330613CCD32FFE1C28191C18C5EF402E86037A7EC0
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l. 9..n.(9..o.-9..p.:9..q.@9..r.O9..s.`9..t.i9..v.~9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....0:....A:....V:....h:....j:....n:....t:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....&;.....;....6;....T;..*.\;..+._;..,.};../..;..0..;..1..;..2..;..3..;..4..<..5.3<..6.z<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.=...M3=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M:>...Mj>...M.>...M.?...M"?...M>?...MK?...Mg?...Mp?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M2@...MA@...M.@...M.@...M.@...M.@...M.@...M.@...M3A...M.A...M.B...M.B...M.B...M.B...M.B...M.B...M.C...MyD...M.D...M.D...M.D...M`E...M.E...M.E...M.E...M!F...M<G...M.G...MCH...M.H...M.H...M.H...M.H...M.H...M.H...M.I...MfI...M.I...M.I...M'J...M7J...MwJ...M.J...M.K...MoK...M.K...M>L...MGL...MPL...MTL...MWL...MoL...M.L...M.L...M.L...M.L...M.L...M.L...M.M...MeM...M}M...M.M...M.M...M.M...M.M...M.M...M.N

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ro.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):118831
                                                                                                                            Entropy (8bit):5.433144860956476
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:fyszaVZGF0kBp46a3qv2mo+AyVw70le2cGpsPlJtWyhxXh6Mux8rs2B+s:EyNplIqRle2AP9xXh6Mux8Y8n
                                                                                                                            MD5:06A36FA95702B38E749568037634828E
                                                                                                                            SHA1:9C584A9B7A0446FBC44BF5FECAB71AB1312A592F
                                                                                                                            SHA-256:833F661F135311CE8187CBC487C55178872430C678148D4084893CC7BB95823B
                                                                                                                            SHA-512:33D24D85A4F4582676558AB049A6C1CABD482666C2847E941DD388B80B2EC62CE27175CD0E3EC176D1236A32E714E85138D3E6DA291172E62D18ACF3E3603076
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l..9..n.&9..o.+9..p.89..q.>9..r.M9..s.^9..t.g9..v.|9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....-:....<:....H:....V:....h:....j:....n:....w:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....';....0;....@;....G;....O;....m;..*.y;..+.|;..,..;../..;..0..;..1..;..2..<..3..<..4.)<..5.I<..6..<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.=...M8=...M.=...M.=...M.=...M.=...M.>...M.>...M.>...M@>...Mq>...M.>...M%?...M1?...MS?...Mi?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M'@...M0@...M?@...MO@...M.@...M.@...M.@...M.@...M.@...M.A...M.A...M.A...M.B...MxB...M.B...M.B...M.B...M.B...MXC...M.D...M.D...M.D...MZD...M.D...MdE...MoE...M.E...M.E...M.F...M.G...MJH...M.H...M.H...M.H...M.H...M.H...M.H...MJI...MvI...M.I...M.I...M.J...M5J...M.J...M.J...M+K...MRK...M.K...M.K...M.K...M.K...M.L...M.L...M.L...M/L...MCL...MFL...MnL...M.L...M.L...M.L...M.L...M.L...M.M...M$M...M2M...MYM...N.M...N.O

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ru.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):189163
                                                                                                                            Entropy (8bit):4.945937318562016
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:7/YoX1sFdP0oBV+TQy3EoHdOiOFQsxQgIvof9rRnKJa93PLypqa/BLut1LzLlX+F:rvX1kdsoXP+tHdO4sxQgIvIRia9/Ly75
                                                                                                                            MD5:12836EEB93367830B3B88B404449A3E7
                                                                                                                            SHA1:2E2F66213FCB0CE5DC170753B8C11F9D96917D1C
                                                                                                                            SHA-256:F815B9CDE0449C05949A9003F08254801CDCC8D9E5209D01AF3136009B0C0CAF
                                                                                                                            SHA-512:7F71BD8BA800029495279C199AA99B96F075CA95055D512486C27A4BB1728C7312EEEEBA09CF23259E7D6539F1C76467AC98E75B482DE764375DD639E95333A8
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..8..o..8..p..8..q..9..r..9..s."9..t.+9..v.@9..w.M9..y.S9..z.b9..|.h9..}.z9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:....+:....H:....`:.....:.....:.....:.....:.....:.....:.....:.....;....$;....F;....M;....P;....Q;....a;....u;.....;.....;.....;.....;.....;.....;.....<..*..<..+."<..,.@<../.]<..0.n<..1..<..2..<..3..<..4.(=..5._=..6..=..7..=..>.!>..?.0>..N.O>..g._>..i.b>..j.f>..k.o>..l.{>...M.>...M.>...M.?...M.?...M.@...MS@...Ma@...Mo@...M.@...M.@...M.@...M.A...M.A...M-B...M9B...M.B...M.B...M.B...M.B...M.C...M.C...MDC...M.C...M.C...M.C...M.C...M.D...M9D...M.D...M.D...M.D...M.E...M<E...M{E...M.F...M)G...M.G...M.H...M:H...MTH...M.H...M.I...M.J...M.J...M.J...MUK...M1L...MxM...M.M...M.M...M.M...M.Q...MIS...M.T...M.U...MLU...MaU...M.U...M.U...M.U...MtV...M.V...MTW...M{W...M.W...M.W...M.X...M.X...MzY...M.Y...M.Z...M.Z...M.Z...M.Z...M.Z...M.[...M@[...MA[...Mt[...Mw[...M.[...M.[...MF\...Ml\...M.\...M.\...M.\...M.\...M.]...N.^...N.d...N.d...N.d

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\sk.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):123606
                                                                                                                            Entropy (8bit):5.766690751886874
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:oXXNNmgUQHxkaQpKQukM+zBHCYh6Gsp2wLPa:ANmgCaQpnuGy2we
                                                                                                                            MD5:9CE4E3ABE9D948F6A89759D0AB188DBA
                                                                                                                            SHA1:447E5C8803D0284C69FFB990AC0060ADF93F4D25
                                                                                                                            SHA-256:5638F5285AE0C68E3A9EB09D6ADB6D2EB3F9E087CC149C4A247FB9765A8FF6E2
                                                                                                                            SHA-512:78970073EEE16097113F8F009ABB43D9317CF3096640077CF9EFB8139C92AEACBA8DDAB5DD948FF285732356625F3167D5C35701FF37B250FCE251BAA39569E0
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l..9..n.&9..o.+9..p.89..q.>9..r.M9..s.^9..t.g9..v.|9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....&:....::....B:....T:....i:....k:....o:....u:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;....);....0;....J;..*.T;..+.W;..,.u;../..;..0..;..1..;..2..;..3..;..4..<..5."<..6.Y<..7.n<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.=...M.=...M.=...M.>...M.>...M.>...M'>...M1>...MS>...M.>...M.?...M<?...MA?...Ml?...M|?...M.?...M.?...M.?...M.?...M.?...M,@...M9@...ML@...MT@...Mc@...Mq@...M.@...M.@...M.@...M.A...M.A...M!A...MPA...M.A...M6B...M.B...M.B...M.B...M.B...M.C...M.C...MZD...MiD...M~D...M.D...M9E...M.E...M.E...M.F...M/F...M.H...M.I...M.I...M(J...MIJ...MQJ...M`J...MiJ...MzJ...M.J...M.K...M4K...M.K...M.K...M.K...M.K...MRL...M.L...M.L...M.M...M.M...M.M...M.M...M.M...M.M...M.M...M.M...M.N...M.N...M.N...M.N...MYN...M}N...M.N...M.N...M.N...M.N...M.O...M$O...M9O...M^O...N.O

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\sl.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):117437
                                                                                                                            Entropy (8bit):5.459716843760084
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:H6zMyw7keTcTF6xuD5VGIqTCOfLi/fzeJcqu:Hp7kRzGIALi/fzeJcqu
                                                                                                                            MD5:7A75FA0FD3DDD471CDF9B15D3B3860CA
                                                                                                                            SHA1:F07E3E136768501E69E76529011003BD45FCC0A4
                                                                                                                            SHA-256:D34EEB1FF37CB90BF8C427B955F4349FBDC5EEE4879141058D8D7BC76185A959
                                                                                                                            SHA-512:E3F181728E9D925A826D3EEB275AD3F1AAFD3AA98072977B515E05671BC4703AABF7DBAC2E031201FE016D0024440D4D1D8C238B3F20C5F52B21E13DFCD5F620
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p..9..q. 9..r./9..s.@9..t.I9..v.^9..w.k9..y.q9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:.....:....A:....C:....G:....Q:....\:....f:....y:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;..*.#;..+.&;..,.D;../.h;..0.r;..1..;..2..;..3..;..4..;..5..;..6.*<..7.B<..>.]<..?.g<..N.u<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.=...M.>...MK>...M.>...M.?...M.?...MB?...MR?...Mv?...M.?...M.?...M.?...M.?...M.?...M.@...M.@...M&@...M4@...Mu@...M.@...M.@...M.@...M.@...M.@...M.A...M.A...M.A...M\B...MpB...M.B...M.B...M.B...M#C...M.C...M.C...M.C...M.D...M.D...M{E...M.E...M.E...M.E...MkH...MaI...MRJ...M.J...M.J...M.J...M.J...M.J...M.J...M.J...MGK...MoK...M.K...M.K...M.K...M.L...MqL...M.L...M.L...M.M...M.M...M.M...M.M...M.M...M.M...M.M...M.M...M.M...M.M...M.N...M.N...M3N...McN...M.N...M.N...M.N...M.N...M.O...M.O...M.O...M;O...N.O

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\sr.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):178509
                                                                                                                            Entropy (8bit):4.8828668882367845
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:QJTto7avbtjOFDq9auG3LFYJTlLv6EQw+f1bXfiDv37njNn0yh9KQY+NA3rGLuNf:QJTiS+DluW9Xqb37n5n597Ry/k/Zk
                                                                                                                            MD5:B2555A29076995CCF01580F0F1B2F766
                                                                                                                            SHA1:284ED665F078620AFDD6C7D074A6F9E26DBEF1DD
                                                                                                                            SHA-256:6EAB9BA7E66ED290369B2F5D7B1EFE7EF38FEA2063F7C939E983008EC2692BD0
                                                                                                                            SHA-512:A36E20BAB44400828F6769C178F6340A5F7EC8DCFF72A0EB513C9EFC257A715027E9D562A4AE3E68D8112D40F9ED8401C165AD205B1E9C4325077E5D1DF04FEB
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l.(9..n.09..o.59..p.B9..q.H9..r.W9..s.h9..t.q9..v..9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....K:....u:.....:.....:.....:.....:.....:.....;.....;....6;....W;....z;.....;.....;.....;.....;.....;.....;.....;.....;.....<.....<....%<..../<....?<....r<..*..<..+..<..,..<../..<..0..<..1.8=..2.O=..3.h=..4..=..5..=..6.A>..7.i>..>..>..?..>..N..>..g..>..i..>..j..>..k..>..l..>...M.>...ML?...M.?...M.@...M.@...M.@...M.@...M.@...M$A...M8A...MeA...M.A...M.B...M.C...M.C...MqC...M.C...M.C...M.C...M.D...MRD...MiD...M.D...M.D...M.D...M.E...M8E...MUE...M.E...M!F...MEF...MlF...MxF...M.F...M.F...M.G...MIH...M.H...M.I...MII...MbI...M.I...MGJ...MRK...MkK...M.K...M.K...M.L...M.M...M.M...M.N...M<N...MeQ...M.R...M.S...MyT...M.T...M.T...M.T...M.T...M.U...M;U...M.U...M.U...M.V...M.V...M.V...M*W...M.W...M8X...M.X...M.X...M.Y...M.Y...M.Y...M.Y...M.Y...M.Z...MDZ...MfZ...MgZ...M.Z...M.Z...M.Z...M [...Mm[...M.[...M.[...M.[...M.[...M.\...M.\...MR\

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\sv.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):108073
                                                                                                                            Entropy (8bit):5.492417154067754
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:A4H8VlM9zUggaZtgKqrAuxHcDhUprtiSbU+y+:AM9wbQ+
                                                                                                                            MD5:03154D7A3C69EC91714C799B86267A1D
                                                                                                                            SHA1:8671E9672002C58581488416F2320005140ADEDF
                                                                                                                            SHA-256:3FBA4E60D606C0F466DF1CD2736FF51D7F882505FB21880A396DEEC06CDD945B
                                                                                                                            SHA-512:0AC0D61F593F47597880D327D8DCCBC00E8E5EDDEB8BEB8945628B7E91CB0B2496BBB68FF7F11E677CEC479F41A4E8C4D2FD66301D5F6E5245DBDE49B39EB4D9
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p..9..q."9..r.19..s.B9..t.K9..v.`9..w.m9..y.s9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:....#:....7:....K:....M:....Q:....W:....^:....f:....t:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;..*..;..+..;..,..;../.:;..0.T;..1..;..2..;..3..;..4..;..5..;..6..<..7..<..>.+<..?.4<..N.D<..g.P<..i.S<..j.W<..k.\<..l.a<...Mf<...M.<...M.<...MM=...MT=...Mx=...M}=...M.=...M.=...M.=...M.=...M.>...M.>...M.>...M.>...M.>...M.>...M.>...M.?...M.?...M-?...M;?...Mv?...M~?...M.?...M.?...M.?...M.?...M.?...M"@...M4@...M@@...ME@...Mc@...M.@...M.@...MWA...M.A...M.A...M.B...M.B...M5B...M.B...M^C...MpC...M.C...M.C...M$D...M{D...M.D...M.D...M.D...M.E...M.F...M.F...M.F...M.F...M.G...M.G...M.G...M"G...MIG...M.G...M.G...M.H...M-H...M=H...McH...M.H...M.H...MDI...MkI...M.I...M.I...M.I...M.I...M.J...M.J...M/J...MJJ...MKJ...M[J...M^J...M.J...M.J...M.K...M.K...M1K...M8K...MTK...M\K...MlK...M.K

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\sw.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):110171
                                                                                                                            Entropy (8bit):5.342565802951895
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:pN7u6lYcedC9EDiPj6sZPX1tVPGZHLeE+j8Hwj3:Lu6EDiOsj+aE+j8Hwj3
                                                                                                                            MD5:0DAD65BD01E92EC4001C8377A3F6900A
                                                                                                                            SHA1:91353A816B6B1D0AA5BF5342B8F2BD430DA57286
                                                                                                                            SHA-256:702D3D102308BD1E50698578E09ECAC7FE33D625AFAC04DB88905F83BAF10892
                                                                                                                            SHA-512:98A9C3DCB03627E8E7CF7EDBB41078D9C53E9787F28208FE3640805FDCC2BC751B5CDDA00C2D796D6C947E26F7C3A401FC5506EE8648346F28227442CA831949
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..9..o..9..p..9..q..9..r.)9..s.:9..t.C9..v.X9..w.e9..y.k9..z.z9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:....(:....?:....A:....E:....K:....X:....j:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;....";..*.-;..+.0;..,.N;../.n;..0.q;..1..;..2..;..3..;..4..;..5..<..6.8<..7.O<..>.k<..?.t<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.<...M.=...M.=...M.=...M.=...M.=...M.=...M.>...M.>...M(>...M\>...M.>...M.?...M.?...M6?...MH?...M}?...M.?...M.?...M.?...M.?...M.@...M.@...M$@...M+@...MD@...MP@...M.@...M.@...M.@...M.@...M.@...M.A...MGA...M.A...M.B...M.B...M.B...M.B...M.B...M.C...M.C...MnD...M.D...M.D...M.D...M(E...M.E...M.E...M.E...M.E...M.F...MxG...M.G...M%H...MAH...MGH...MSH...McH...MmH...M.H...M.H...M.I...MpI...M~I...M.I...M.I...M!J...MiJ...M.J...M.J...MeK...MoK...MtK...MyK...M.K...M.K...M.K...M.K...M.K...M.K...M.L...M$L...MmL...M.L...M.L...M.L...M.L...M.L...M.L...M.L...NDM

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\ta.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):277544
                                                                                                                            Entropy (8bit):4.168645710530278
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:ODolTuEZ6tiKYpwfw+z0RpE2k4ca6QVW640U+PeJI/1okxXP2UtRGB+EG5aIAuwd:sSTzy1etRti
                                                                                                                            MD5:7503D3994D48911A38370095F5C83EC8
                                                                                                                            SHA1:A98917D5DE0CC237D226AD64792FC9840BEC0A0A
                                                                                                                            SHA-256:5EECB28F30FC5C08B5878EBEC2EE565A73C91EA0198ED85A622A0D7C58A3AD33
                                                                                                                            SHA-512:D0D3E085CFD8F8F1CA776597D209C5D3DCBFB81297EC79201DEF4DC395526954103DA7E8E8B3A4335490B3FADF1063F29D552843EAC0933A9F1AB050C8EB2AB0
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..9..o..9..p..9..q..9..r.+9..s.<9..t.E9..v.Z9..w.g9..y.m9..z.|9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....j:.....:.....:.....;....g;....i;....m;.....;.....;.....;.....<....L<.....<.....<.....<.....<.....<.....<.....<.....=.....=....0=....q=.....=.....=.....=..*..>..+..>..,.<>../.s>..0..>..1."?..2.Q?..3.y?..4..?..5.X@..6..@..7.2A..>..A..?..A..N..A..g..A..i..A..j..A..k..A..l..B...M.B...M.B...M.B...M.D...M.D...M.D...M.E...M(E...MYE...MwE...M.E...MWF...M.G...M.H...M/H...M.H...M.H...M.H...M.I...MAI...MvI...M.I...M>J...MVJ...M.J...M.J...M.J...M.J...M.K...M.L...MJL...M{L...M.L...M.L...M.M...M.O...M!P...M\Q...M.Q...M2R...MuR...M.R...M'T...MWV...MnV...M.V...M_W...M.X...M.Y...M.Z...MkZ...M.Z...Ms]...M.^...M._...M.`...M.a...M$a...MXa...Mma...M.a...M.b...M.b...MIc...M8d...Mwd...M.d...Mne...M.f...Mig...M?h...M.h...M]j...M.j...M.j...M.j...M.j...M.j...MCk...Mzk...M{k...M.k...M.k...M.l...Mhl...Mcm...M.m...M.m...M.n...Mon...M.n...M.n...M.o

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\te.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):258117
                                                                                                                            Entropy (8bit):4.382306399057541
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:uT+0JA9+fbDW3SanHUXvQBgpiCGvPSRr0/diV51NwfUd:uT+0JA9+fbDW3SanHUXvQBgpiCGvPSRX
                                                                                                                            MD5:B5E9289D02B4963D292BBB4210E9AB5D
                                                                                                                            SHA1:48382AB36B77CBEC280833F587450270B5080A85
                                                                                                                            SHA-256:6CBA41EDF887A8A2D84C2C1C696C562AD63CE8A105EF8574A1A27B294A211DC9
                                                                                                                            SHA-512:EAF3889B21CC73BA3913448EF10765611E91325DDC781216769B4F8C4486897AA8429DCFE511B7505A17877012063EBD41FB4645102448FDBBED834D001F0912
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..9..k..9..l.$9..n.,9..o.19..p.>9..q.D9..r.S9..s.d9..t.m9..v..9..w..9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....x:.....:.....:.... ;....r;....t;.....;.....;.....;.....;.....<....3<....c<.....<.....<.....<.....<.....<.....<.....=....5=....B=....n=.....=.....=.....=..*..>..+..>..,.*>../.a>..0..>..1..?..2.3?..3.\?..4..?..5..?..6.e@..7..@..>..A..?..A..N.VA..g.uA..i.xA..j.|A..k..A..l..A...M.A...M.B...MmB...M D...M;D...M.D...M.D...M.D...M.D...M.E...MmE...M.E...M0G...M.G...M.G...M.H...M'H...M.H...M.H...M.I...M_I...M.I...M@J...MpJ...M.J...M.J...M.J...M1K...M.K...MCL...M~L...M.L...M.L...M/M...M.M...M.N...M.O...M.P...M.Q...MSQ...M.Q...M.Q...M.S...M.U...M.U...M.V...M.V...M.W...M.X...M.X...M(Y...M.Y...M.[...M.\...M.]...Mg^...M.^...M.^...M._...M%_...M__...M._...M.`...M.a...M+b...Mmb...M.b...M&c...M.d...M.d...M.e...M.e...M.g...M3g...MQg...MZg...Mrg...M.g...M.h...MVh...MWh...M.h...M.h...M.h...MOi...M.i...M1j...M.j...M.j...M.k...M.k...M/k...M.k

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\th.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):219204
                                                                                                                            Entropy (8bit):4.456444700680983
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:OO2wWCJFkcSCkIO+rQ/HIqXPhrObZK8QZw1p7H0BtwDIZZFv3bhiePt8WoC5/x:fPWsFkcSCkIO+rQ/HIqXPhrObZK8QZwU
                                                                                                                            MD5:687A80E1CB637003C3E5F05D3F4B89B4
                                                                                                                            SHA1:1DFDC6CFA02FD1671CF39094AD4B93109BEF48F6
                                                                                                                            SHA-256:DAABEC4C467127FAAB67C690F9DD11BEB0E2C432434A20F2F79318816ECC7654
                                                                                                                            SHA-512:30FC3CBFE3DAF369F9BAF7FA4C287F62FDD6EF3B6363CF2DD88E45667313CC00317B1A52F77E904381EE4BE1F7F5C2F73C2A6467C116A1210B36F8287BEEE99D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:..........'.j..8..k..8..l..8..o..8..p..8..q..8..r..8..s..8..t..9..v..9..w.%9..y.+9..z.:9..|.@9..}.R9....Z9...._9....g9....r9....z9.....9.....9.....9.....9.....9.....9.....9.....:....7:.....:.....:.....:.....:.....:.....;....3;....T;....u;.....;.....;.....;.....;.....;.....;.....<.....<....&<....K<....W<....i<.....<..*..<..+..<..,..<../..=..0..=..1..=..2..=..3..=..4..>..5.e>..6..>..7..?..>.I?..?.z?..N..?..g..?..i..?..j..?..k..?..l..?...M.?...M3@...Mo@...M.A...M.A...M.A...M.A...M.B...M2B...MPB...M.B...M.C...M.D...MLD...M^D...M.D...M.D...M.E...M.E...M3E...MyE...M.E...M)F...MEF...M.F...M.F...M.F...M.F...M.G...M.G...M.H...M)H...MDH...MtH...M.H...M.I...M.J...M.L...M<L...M.L...M.L...M.L...M%N...M.O...M.O...M.P...M.P...MVQ...M.R...M@R...MjR...M.R...M1U...M/V...M.V...M.W...M.W...M.W...M.W...M.X...M(X...MlX...M.X...MIY...M7Z...M]Z...M{Z...M.Z...M.[...M:\...M.\...M+]...MJ^...M\^...Mk^...Mq^...M.^...M.^...M._...M._...M8_...M;_...Mj_...M._...M.`...M#`...Mn`...M.`...M.`...M.`...M.`...M9a...N.a...NDe

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\tr.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):113247
                                                                                                                            Entropy (8bit):5.617756144726575
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:Z1/PsRUiMbA2sPnaesxNtOLlh74OfkiO8ru0jY1914juOhI9aEiQwi1PFpskBa5U:jHfAzubaEvwiBFpsvg
                                                                                                                            MD5:A38EEA92C514716B8AB019AB792BF541
                                                                                                                            SHA1:CAE203C3ED63807D4F2D89333540556B5E92E161
                                                                                                                            SHA-256:54BC687A851CB3227CC3A937B229009C0AF8FB25A1900B7FE71F6E6D58111FFD
                                                                                                                            SHA-512:835E47D550097EA4AE3717C0CC5023BA14BFA7524ED5CF361E21011976AFBCAE1410061E46089E25BCA467C63D9B0208CD18BA1EC606DA02C5B430FB1ABA409D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..9..l..9..n..9..o..9..p.,9..q.29..r.A9..s.R9..t.[9..v.p9..w.}9..y..9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....!:....9:....O:....d:....~:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;.....;.....;.....;....";....*;....9;....=;....C;....Z;..*.`;..+.c;..,..;../..;..0..;..1..;..2..;..3..;..4..<..5.*<..6.e<..7..<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M.=...M8=...M.=...M.=...M.>...M.>...M.>...M3>...M:>...Mg>...M.>...M??...Mg?...Ms?...M.?...M.?...M.?...M.?...M.?...M.?...M.@...MT@...Mi@...Mv@...M|@...M.@...M.@...M.@...M.A...M.A...M'A...M,A...M?A...MaA...M.A...MTB...MgB...M.B...M.B...M.B...MIC...M.D...M.D...M.D...MnD...M.D...MFE...M[E...MmE...M.E...M.F...M3G...M.G...M.G...M.G...M.G...M.H...M.H...M H...MGH...M.H...M.H...M.I...M<I...MUI...M.I...M.I...M3J...M.J...M.J...M6K...M<K...MDK...MFK...MJK...M^K...MsK...M.K...M.K...M.K...M.K...M.K...M.K...M?L...MVL...M}L...M.L...M.L...M.L...M.L...M.L...N0M

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\uk.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):189921
                                                                                                                            Entropy (8bit):4.989139567404622
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:oKmgB3IjxdDCjqC/JYnpe+5LNiXEMQOCq/CEb4UHk/h:oKPB3IjxRLj5LNiXEoCq/G5
                                                                                                                            MD5:6F2F1B073CCEF426C7EB49362123F2D0
                                                                                                                            SHA1:048921AD0CBA17256E9838257D9F47969CDF6172
                                                                                                                            SHA-256:57D93D9ED2974F7F0995E63F4C7AF361C05A8EC3E9E25B796328D3E0B2A5545F
                                                                                                                            SHA-512:CC0E5A7098EB0B590F4D4A6FFA531250AF9A2C6C6C25765F572F3130B7BB7D669F2737D7D8B70DE48293EC1FF9C5DC5DAC94058F3D8E431A7C24A5795906E5B0
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..9..n..9..o..9..p."9..q.(9..r.79..s.H9..t.Q9..v.f9..w.s9..y.y9..z..9..|..9..}..9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....B:...._:....x:.....:.....:.....:.....:.....:.....;....';....J;....s;.....;.....;.....;.....;.....;.....;.....;.....;.....<.....<....+<....5<....G<....w<..*..<..+..<..,..<../..<..0..<..1.`=..2.y=..3..=..4..=..5..>..6.W>..7.z>..>..>..?..>..N..>..g..>..i..>..j..>..k..>..l..?...M.?...MZ?...M.?...M.@...M.@...M.A...M$A...M2A...M\A...MtA...M.A...M.A...M.B...M9C...MIC...M.C...M.C...M.C...M.C...M.D...M*D...MJD...M.D...M.D...M.D...M.D...M.E...M"E...M.E...M.E...M.F...M0F...M<F...MoF...M.G...M.G...M.H...M.H...M.I...M8I...MzI...MUJ...M.K...M.K...M.K...M*L...M.L...M.N...M.N...M.N...M.O...M)S...M)U...M.V...M.W...M.W...M@W...McW...M|W...M.W...M.W...McX...M.X...MJY...MqY...M.Y...M.Y...M.Z...M.[...M.[...M.[...M.\...M.\...M.]...M.]...M>]...Ml]...M.]...M.]...M.]...M.]...M.]...M9^...M.^...M.^...M._...M!_...MT_...Mh_...Mu_...M._...N.`...N.f

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\vi.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):134346
                                                                                                                            Entropy (8bit):5.7926454159227685
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:/8kDPg37+KMPn72Piz+sTqOa296scT9QOa1bHNgqyzi53ZIW8LTtdLpFeSNTmN5Z:/7g3kLJFJbtCziVZihM
                                                                                                                            MD5:A01C81F3BD56D52C205CE6742DFE52C7
                                                                                                                            SHA1:3D325A2885CA11CDF69D17D66FE5048BB0C8BF25
                                                                                                                            SHA-256:8A44B3AFD24CF18FF88CA06A33ED8ACCF548692B457B013E20F49AC5045AA96F
                                                                                                                            SHA-512:E348D9B1FD0DF16F711A76DE1DACCF8425529787E5160C61207AFF903CA3389F0C56B185283452D0AF36EAD503322B93B02DEB28B9F72ED85D157ADCAEEDC503
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............j..8..k..8..l..8..n..8..o..8..p..8..q..9..r..9..s.$9..t.-9..v.B9..w.O9..y.U9..z.d9..|.j9..}.|9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9....&:....E:....G:....K:....U:....`:....q:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....:.....;.....;....";....1;....P;..*.[;..+.^;..,.|;../..;..0..;..1..;..2..;..3..;..4..<..5."<..6.\<..7.y<..>..<..?..<..N..<..g..<..i..<..j..<..k..<..l..<...M.<...M$=...MI=...M.>...M.>...MH>...MX>...Mi>...M.>...M.>...M.>...M.?...M.?...M.?...M.?...M9@...MU@...M}@...M.@...M.@...M.@...M.@...M8A...MIA...MaA...MeA...MpA...MzA...M.A...M.B...M.B...M>B...MBB...MYB...M.B...M.C...M.C...M,D...M<D...MpD...M.D...M.D...MHE...M8F...MVF...MiF...M.F...M$G...M.G...M.G...M.G...M.G...M.I...M.I...M J...MiJ...M.J...M.J...M.J...M.J...M.J...M.J...M;K...McK...M.K...M.K...M.L...M2L...M.L...M!M...M~M...M.M...M.N...M.N...M.N...M.N...M.N...M.N...M.N...M.O...M.O...M.O...M!O...MHO...MhO...M.O...M.O...M.P...M!P...MJP...MWP...MfP...M~P

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\zh-CN.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):99550
                                                                                                                            Entropy (8bit):6.688555715919557
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:RYHdLazX2itf1VmHcCiaNFWIfVnkHhE9QVJl+clS:RiyX3tf1VmHxiMMzB8QlfS
                                                                                                                            MD5:376EF5A6F076A9757F58D7B10526EB73
                                                                                                                            SHA1:9B5D3F5084990D67C8A8541CD8D7FD15EC424E0E
                                                                                                                            SHA-256:F720BADDBFFA45C3A0852DE11C5049EC95A3B841DB45C91362064C80E7D6AAA6
                                                                                                                            SHA-512:E089213CAC8EAD755C938069A1F00CF2A8467DB8F809B50A6933EFF9825A9F1CFD775186C8B5C9B1F598813C9EEE654036B47B6814BA1F58D7E447A87511B21C
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:..........*.j..8..k..8..l..8..m..8..o..8..p..8..q..8..r..8..s..8..t..8..v..9..w..9..|.$9..}.69....>9....F9....Q9....Y9....h9....m9....u9....|9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:.....:.....:....B:....V:....]:....`:....b:....k:....t:....z:.....:.....:.....:.....:.....:.....:..*..:..+..:..,..:../..;..0..;..1.;;..2.L;..3.X;..4.m;..5..;..6..;..7..;..>..;..?..;..N..<..g.#<..i.&<..j.*<..k./<..l.8<...M=<...M[<...Mp<...M.<...M.<...M.=...M.=...M.=...M-=...M3=...MQ=...Mx=...M.=...M.>...M.>...M1>...M=>...M[>...Ma>...Mm>...M.>...M.>...M.>...M.>...M.>...M.?...M.?...M.?...Me?...M.?...M.?...M.?...M.?...M.?...M.?...Me@...M.@...MqA...M.A...M.A...M.A...M.A...MNB...M.B...M.C...M.C...MIC...M.C...M#D...M/D...M;D...MVD...M.E...M.E...M.E...M!F...M9F...M?F...MNF...MTF...M]F...M.F...M.F...M.F...MTG...M}G...M.G...M.G...M/H...M.H...M.H...M.H...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.J...M.J...MDJ...M^J...M.J...M.J...M.J...M.J...M.J...M.J...M.K...M%K...NqK...N.M

                                                                                                                            C:\Program Files\RAVAntivirus\ui\locales\zh-TW.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):99173
                                                                                                                            Entropy (8bit):6.69661592674328
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:NYNn0Iagmf7hdmj3j+oDG/N/9XiPM45/cUT2:aNwNn/9ykGT2
                                                                                                                            MD5:3D230011248333ED6CEE72F667C8DF45
                                                                                                                            SHA1:4114F307A31516BB6309FA9FC2572722B8D93D24
                                                                                                                            SHA-256:B1A56725808412E48A499A534CCFD7E02C361F007A5B1CF063A11D6A308CC9E1
                                                                                                                            SHA-512:442F56C0DF77CFDD730B89B9C1E086F17665AAE0C222A7FFDA418BCDDD18F9AB96236FE7CC558AB9F87C31A50D78D50157B1E2D3B4C175B6C8AC85E053157F9C
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:..........+.j..8..k..8..l..8..n..8..o..8..p..8..q..8..r..8..s..8..t..9..v..9..w."9..y.(9..z.79..|.=9..}.O9....W9....\9....d9....l9....s9....z9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....9.....:.....:....#:....5:....I:....]:....d:....g:....i:....r:....~:.....:.....:.....:.....:.....:.....:.....:..*..:..+..:..,..;../..;..0..;..1.B;..2.S;..3._;..4.w;..5..;..6..;..7..;..>..;..?..<..N..<..g.)<..i.,<..j.0<..k.7<..l.?<...MD<...Mk<...M.<...M.=...M.=...MR=...MX=...Md=...Ms=...My=...M.=...M.=...M)>...MP>...M\>...M.>...M.>...M.>...M.>...M.>...M.>...M.>...M.?...M@?...ML?...MR?...Mg?...Ms?...M.?...M.?...M.@...M.@...M.@...M+@...ML@...M.@...M=A...M.A...M.A...M.A...M.B...M.B...M.B...M>C...MOC...MdC...M.C...M.C...M]D...MlD...MxD...M.D...MYE...M.E...M+F...M[F...MsF...MyF...M.F...M.F...M.F...M.F...M.G...M0G...M.G...M.G...M.G...M.G...M?H...M.H...M.H...M.H...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M.I...M1J...MKJ...M.J...M.J...M.J...M.J...M.J...M.J...M.J...M.J...NNK...N.L

                                                                                                                            C:\Program Files\RAVAntivirus\ui\resources.pak

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5870285
                                                                                                                            Entropy (8bit):7.997375286978234
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:98304:EWouwa+3ikXfNHTn5cD+3H/PD1h1L/rwrIDH3cOg9TqFfgVSD6lM1LBd:vwV3iqBqGHD1h1/krIDXZg9sgy6lQd
                                                                                                                            MD5:1F46000D6AE1277EE4E97BFE4F457A89
                                                                                                                            SHA1:6597E91194F785E117B15DD8E6538FEF75D9B7DB
                                                                                                                            SHA-256:6251353228A758CD9E747492A38B302ACB9F16C80B234C6E5A79B23D0B369F92
                                                                                                                            SHA-512:1049B09E600157226EC232C610D150A7A414C99623CC4E3AE112543C39315A7C2D56E47932714A1280420DF2DBBFAFD3BA50961E79A8B01B73D3C20234155323
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............f.....h..%.....%.....%.....(.....(.....(.....)...,.)...,.1...,X4...,.E...,.O...,nV...,.X...,D_...,.a...,.c...,.d...,.e...,.f...,.h...,.m...,.r...,z|...,7....,.....,.....-S....-.....->....-i....-.....-.....-.....-.....-.....-.....-=....-[....-.....-.....-)....-I....-F....-.....-.....-.,...2./...2.:...2|;...2z>...2.C...2.L...28N...2^P...2.d...26|...2....2.....2d....2$....2V....2x....2.....2B....2.....2.....2.....2.....2.....2S....2.....2.....2e....2.....2.....2S....2.....2.....2.....2.....2.....2b....2.....2Q'...2.T...2.[...2.r...2.....2 ....2....2H....2.....2.....2{....2 ....2....2X....2{....2R....2A....2r....2.....2.....2.....2....5.....5....5.....5.....5.....6.....6n....6.....6.....6.....6I....6.....6.....6.....6.....6.....6t....6.8...6.<...6wD...6.M...6.O...6.R...6.V...6.\...6.e...6ot...6.v...C.....Co....CU....C|....CV....Cs....C.....C....&C....'C....(Ce...)CG$..*C.*..+C.=..,C.O..-C.V...C.[../C.n..0Cft..1C.w..DC....EC...FCG...GC....HCW...IC...JC;...KCT...LC....MC9.

                                                                                                                            C:\Program Files\RAVAntivirus\ui\resources\app.asar

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):10521824
                                                                                                                            Entropy (8bit):6.910111827817233
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:98304:wsV/VSRmkPF6F5iyNbQ0/y4+O+FlE394joZSSgLkR9e+ISps4slBnaSFJ4:LPSLP0IIKF29QoZS3R+ISps4slBnam4
                                                                                                                            MD5:155BD084F6DA9A6D80F0F4D733C48A3A
                                                                                                                            SHA1:EC8ED2DCFDE889089D7845646A4C6E29295EB7F8
                                                                                                                            SHA-256:BE718F2D8F72F9F4E2B7F700C19BA98141375119E3FB35795E0F774487B311BE
                                                                                                                            SHA-512:BCEF1ACF9DD5FF37257956DE85A72332F8F71FDDDE2019AF4514FA0B792666BFA7BBE70CD9E8161584B03EB92464FB86E2B061D9B52636D9707505AA15B58861
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.....+...+...+..{"files":{"electron-bundle.js":{"size":1120993,"offset":"0"},"package.json":{"size":1218,"offset":"1120993"},"electron":{"files":{"preload-pp.js":{"size":1255,"offset":"1122211"},"preload-prod.js":{"size":1144,"offset":"1123466"},"devtools":{"files":{"redux":{"files":{"2.17.0_0":{"files":{"img":{"files":{"loading.svg":{"size":1825,"offset":"1124610"},"logo":{"files":{"128x128.png":{"size":11280,"offset":"1126435"},"16x16.png":{"size":924,"offset":"1137715"},"38x38.png":{"size":4877,"offset":"1138639"},"48x48.png":{"size":4051,"offset":"1143516"},"error.png":{"size":1751,"offset":"1147567"},"gray.png":{"size":2771,"offset":"1149318"},"scalable.png":{"size":12915,"offset":"1152089"}}}}}}}}},"react":{"files":{"4.4.0_1":{"files":{"icons":{"files":{"128-deadcode.png":{"size":5201,"offset":"1165004"},"128-development.png":{"size":5201,"offset":"1170205"},"128-disabled.png":{"size":5853,"offset":"1175406"},"128-outdated.png":{"size":4162,"offset":"1181259"},"128-production.png

                                                                                                                            C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\rsbridgenapi\prebuilds\win32-x64\rsBridgeNapi.node

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):204184
                                                                                                                            Entropy (8bit):6.445113250101783
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:UT38IY9c+JC2omioiOZ8+vmcEZv85AX2RNEoevC4E:UxY9c+JC2salvIZv85MoeaZ
                                                                                                                            MD5:B1D8BC1D58558376561C9BA9AE0DA62C
                                                                                                                            SHA1:C4EC71184169AC16C853531D29AAD909E32EA793
                                                                                                                            SHA-256:1568A2A158F6001CEA11F974983B18F23228FD8F9D336652A1D75283AA3C51E6
                                                                                                                            SHA-512:C4D8FC0D92CA9C5B6DC44D7BB673F9E96440033658D033386018D670EEFA2FF42083B5A05CED35F8145B25B857A293029535E16DCB4E1BCC2F35170DD5026CCD
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A... .. .. ..lP.. ..lP... ..lP.. ...U.. ...U.. ...U.. ..lP.. .. ... ..1U.. ..1U.. ..1U1. ..1U.. ..Rich. ..................PE..d...j..a.........." ................@}.......................................0......T.....`.........................................`...D.......<........................O... .......n..p............................f..8.......................@....................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................

                                                                                                                            C:\Program Files\RAVAntivirus\ui\resources\app.asar.unpacked\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.node

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):128928
                                                                                                                            Entropy (8bit):6.32418418650106
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:q+rSugvaDzJGezUUSBxlezTESfWwjbE42qyGHzdHKcQsWydp9dlsc9SPtscZPtg:q+rSu15XslsTEMPs42qyqKaB+c9sc
                                                                                                                            MD5:C1924F4F14E2E6AD079DE7054C07066D
                                                                                                                            SHA1:DE7FF9AD26DAEC4D21569A777F750BE51F707AE3
                                                                                                                            SHA-256:D0072D13434841586D5252FF33D0BA7B56005D414D7E4B0AF892012CA5BC627D
                                                                                                                            SHA-512:556489DFFA30700304D34B13A15BBA0FE90AE6636451ECBC36363C8C161BF92EDE399F4541815AC93DB768CDEF16DC609CCFD4B3AD7B39B99F99F1175FC46EC0
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............N..N..N...O..N...Ol.N...O..N...O..N...O..N...O..N...O..N..N..NS..O..NS..O..NS.eN..NS..O..NRich..N................PE..d.....a.........." .................................................................}....`.............................................h.......<........................K......d...P{..p...........................0x..8...................T...@....................text...@........................... ..`.rdata..z...........................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................

                                                                                                                            C:\Program Files\RAVAntivirus\ui\snapshot_blob.bin

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):49266
                                                                                                                            Entropy (8bit):7.989208842214003
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:RjtsHP/4JMwXy5lmnUMgLV0WGpcUf5chJ/t1ymAz:R5sHPwJM4U6azUfA/jy5z
                                                                                                                            MD5:B2E7FC020540C428C7D087F485C3CFAA
                                                                                                                            SHA1:6E0C841239D468F7C4E64928F69ADAB744FA58F4
                                                                                                                            SHA-256:A137E8527F1DB6BEAE7E6A135859DCBD4C8D2C8789BC3BBF47662627A3E537DB
                                                                                                                            SHA-512:C09605A0E1A0573FD2C249649C2F3E4463C7BE6E0E9193804F351C012F34C4837DDD5F404A862AF80DFD674C8E4EF3D4E100640151FCD98DFCCE584C2EAD2BA8
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:........P0..9.4.146.21-electron.0...........................................xY..............{\\....3{>.K.4...+V<.%.[Z..36...[L&d..r.XIK..X1b..+.x....[<b.-V.Xi..k.x.G.Xc..+...^....k.. ....qf..z.g...9A}....)qA5....q..".V[...*....F+vh6.M...........;.1...9...........=.u..I../...-~|.c.K...n.<...)../=NS........f.....=....._.../........f.+t.....S..m....8.q.q.l.\.S.G...A....L.r.V.9H..%....r....l.{q.v..Z.>......fC...~.a...lS......_(.....7..w...M...J.n`w.6....._.............._.......\zA.....C.Va5.`-N.i8.g.l|..b.6a3.b.....{..e.B...Wq......p...wp7....^..'x....x...x...x./.e....&.......E.M......$+HQ.. MA........d+.Q.. OA...........+(Q.T.R.VP..ZA........4+hQ..MA........t+8..GA..>.G..+.P0.`H.....G..*.S0.`B...c...L+.Q0.@..f.,p[. ...R-H. ...2-. ...r-. ......ZPdA..%..-.Y....j..-h...&..-h...6..-.....-8lA.....Yp.~..,..`.a.F,8j...c..[0a....,..`...f-P..Y.+.V..H.".T+.H.".L+...".\+.."`E...V.YQlE..A+BV..(...z+..h...f+Z.h...v+:...n+.[.cE..}V.....+....b.

                                                                                                                            C:\Program Files\RAVAntivirus\ui\v8_context_snapshot.bin

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):164467
                                                                                                                            Entropy (8bit):7.995014054175899
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:3072:6nWjPrS28XDh2UZCWfuVa2VGQsAT73OuHWJWK5YHQjppBu7c1gY:6Wz6g4CFMzAT7+JkObu7cR
                                                                                                                            MD5:0F913247501A017FDF0B1F640A793D34
                                                                                                                            SHA1:DAF26456A8045FA1080074E992EF43690604FB68
                                                                                                                            SHA-256:9CC3C86088867F6E822C370439E7C7707E0429A82007D1B1440BCABC229E717A
                                                                                                                            SHA-512:9D9837E9A9979F9C73ED71DCC9BCA88494E733028157F6D122250A3DEE8C0A2199F2860FCA1799E3C0B565181B52293F14BC019706BA96FA6DA391827B428317
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:........%S.u9.4.146.21-electron.0...........................................f...{X..I...........`3........?..k~..].v..J.(N....?.....k..Y.cY..T..].Eq.(Nt(..(.9.EqRQ.E.......{.3{...~...<....y...z......x..a...y.......K...K....$./..?Y.V.2.).<...Q#.c.........c....N~>...?..v.......:....RF>I.v...;....r..@..t..........9.U.fx$.})......<..".=I...'''..66...tO.).#L...<d$G.h$v9~.f.e..#f.9..O.=............sF:9.....L.zF...\.......A.cs.?./d.0........%y..IM6..............7...........i...6n @FdF6.D.QS..Z......uA..;.]...A...T...a.!4.U.Q.jQ..G.....z.=....9..z...^E..F.M....z...>D..O.~......}..E?.../.7......%3.1.. .....AY.j.v..............aP....T.b..aP...3.. .A>..0h,....g.$.Me.t..`.,..e.B.-f.R.-g.J..f.Z..g.F.mf.V.mg.N..f.^..`.!..a.1..`.)..f.Y..g.E.]f.5.1..l@....2.t.jf@Y.....PG..l@].....4....c@y.T`@..Tl@C.......X...P...5......$..j@..h...2........R.Zn@+.h...5.....6..V..n@;.h...5...t....1.:a@.....5...t....5.b.Pr.BI..\I(=.5KBYI.u.j..:&..I.k..z&..I('..%..$T.....$T..

                                                                                                                            C:\Program Files\RAVAntivirus\ui\vk_swiftshader_icd.json

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):106
                                                                                                                            Entropy (8bit):4.724752649036734
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                            MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                            SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                            SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                            SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                            C:\Program Files\RAVAntivirus\x64\ReasonCamFilter.inf

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2533
                                                                                                                            Entropy (8bit):5.0246733326971444
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:uNQNQB7yAJM7a/JhtFvqy3Iotk8ld2dYgP5Vt2oXFRQ:ueNQB7yA27aLtlx3I4kVYgP5Vt2oTQ
                                                                                                                            MD5:671D2B0B6D1E4445AF839CC7614B6443
                                                                                                                            SHA1:8BEA8B73D4642CF690DDE383F373F93F006F117A
                                                                                                                            SHA-256:CDFCE386993E048DB4D029F797461C0E4EBE820B6C7C12791B096DD87212A5D6
                                                                                                                            SHA-512:05A94E61F9901C4ACF342E117BCBCF10071D1277F82842777BADACA32C9B78D94624513A20459128A68D611689354DA0048733290739F257F7605C6C8DB08782
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:;;;..;;; ReasonCamFilter..;;;....[Version]..Signature = "$Windows NT$"..Class = "ActivityMonitor" ;This is determined by the work this filter driver does..ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Class..Provider = %ProviderString%..DriverVer = 04/14/2021,9.7.39.658..CatalogFile = ReasonCamFilter.cat......[DestinationDirs]..DefaultDestDir = 12..ReasonCamFilter.DriverFiles = 12 ;%windir%\system32\drivers....;;..;; Default install sections..;;....[DefaultInstall]..OptionDesc = %ServiceDescription%..;CopyFiles = ReasonCamFilter.DriverFiles....[DefaultInstall.Services]..AddService = %ServiceName%,,ReasonCamFilter.Service....;;..;; Default uninstall sections..;;....[DefaultUninstall]..DelFiles = ReasonCamFilter.DriverFiles....[DefaultUninstall.Services]..DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting....;..; Services Section..;....[ReasonCamFilter.Service].

                                                                                                                            C:\Program Files\RAVAntivirus\x64\reasoncamfilter.cat

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):10693
                                                                                                                            Entropy (8bit):7.226971775283064
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:KYWOW9OWmW1XJCE9JDR8DUzsn2hsmk4NOk4wKmJPgX3DD0NDR3py7m2grP3DRpF+:h9D9EJCBngEw9JPgXkhYC5OCqqnajlg8
                                                                                                                            MD5:A9B6BD330F597D2E1EC1F03EE3ACFED6
                                                                                                                            SHA1:4EC8EDB6593276330BDCA67746A3403849198C5D
                                                                                                                            SHA-256:BE6AD0EE66B4D21CCCCF4AAF1AC600AAED8C070D78900539761D7D75055113D4
                                                                                                                            SHA-512:7838529F5D9535D08FB455A2F3C4E26AC7A1136525D513FDE59592A9109664CE78AD3DA237ADEC515A93DC1109D99B9F8432985C055F63E52406F94F30CC87F3
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:0.)...*.H........).0.)....1.0...`.H.e......0..)..+.....7......0...0...+.....7.....,.|....J.C..! A2..210414112022Z0...+.....7.....0...0.....a.7....%...v*...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0J..+.....7...1<0:...F.i.l.e.......(r.e.a.s.o.n.c.a.m.f.i.l.t.e.r...s.y.s...0.... #^..v"..r v...j..]pQ...:....#..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0J..+.....7...1<0:...F.i.l.e.......(r.e.a.s.o.n.c.a.m.f.i.l.t.e.r...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... #^..v"..r v...j..]pQ...:....#..0....{..Z...........5!o.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0J..+.....7...1<0:...F.i.l.e.......(r.e.a.s.o.n.c.a.m.f.i.l.t.e.r...i.n.f...0.... ..-.h.Yr....V>.E.Y\sF...u.A_..K1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0J..+.....7...1<0:...F.i.l.e.......(r.e.a.s.o.n.c.a.m.f.i.l.t.e.r...i.n.f...0U..+.....7...1G0E0...+.....7.......010...

                                                                                                                            C:\Program Files\RAVAntivirus\x64\rsKernelEngine.inf

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):3062
                                                                                                                            Entropy (8bit):5.0138766439655535
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:utXfcDLNthOyA9Bd8WMNI/EhtF/qi/Oaucosld2dVBBiBklmP55I4kYlIRF7osFf:uNfcDLNPOyALd81NI+tVR/qlPsBklA5E
                                                                                                                            MD5:986C843DA25526D86545FD3BD30DBFEE
                                                                                                                            SHA1:83F12FB56C8A0230B617DFE121C400CEFFF1C582
                                                                                                                            SHA-256:1C663536F2A9253F78C81B7B58AD0D498F195D8E399EC25C602E8FCF110DB344
                                                                                                                            SHA-512:287E9099378230ADAFDE64300EAF51ECB28046AFD5619596CE61DF01DAF49E98934607C4D0B3642113AFC54E7868FD1CE5B56C16E1912949D54B8055DB5136C3
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:;;;..;;; rsKernelEngine..;;;..;;;..;;; Copyright (c) Microsoft Corporation..;;;....[Version]..Signature = "$Windows NT$"..Class = "ContentScreener" ;This is determined by the work this filter driver does..ClassGuid = {3e3f0674-c83c-4558-bb26-9820e1eba5c5} ;This value is determined by the Class..Provider = %ProviderString%..DriverVer = 03/25/2021,1.0.0.2..CatalogFile = rsKernelEngine.cat......[DestinationDirs]..DefaultDestDir = 12..rsKernelEngine.DriverFiles = 12 ;%windir%\system32\drivers..rsKernelEngine.UserFiles = 10,FltMgr ;%windir%\FltMgr....;;..;; Default install sections..;;....[DefaultInstall]..OptionDesc = %ServiceDescription%..;CopyFiles = rsKernelEngine.DriverFiles..;, rsKernelEngine.UserFiles....[DefaultInstall.Services]..AddService = %ServiceName%,,rsKernelEngine.Service....;;..;; Default uninstall sections..;;....[DefaultUninstall]..DelFiles = rsKernelEngine.DriverFi

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Opera_83.0.4254.54_Autoupdate_x64[1].exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1572864:YMvlEg2OQg0Z2ksCCvfGPJywM27X8kpmDiRZIpm74HdAJ5ZvBjFmNLrkcQsT6oZ8:Hl2OQnnsCCGGqX8UYiR2pm7SA3njFgF2
                                                                                                                            MD5:765DC39F8B54DB7060500267059D4F2D
                                                                                                                            SHA1:10F747EA35F1340C182E1C7165DFFFCA5ECDA4EB
                                                                                                                            SHA-256:A672633E3391148538C45254CBAD3CCC7617ADC60A28F1C2A6B483DB2FAAD2D0
                                                                                                                            SHA-512:6B5E516A5BB1B017DF699EAF538B749F80B4430A1AFC3584BE76BBE9F40436414BBEC503E20121C42B65285AD4AF2A214F5DCC5E352896500F6130A307164A52
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..................................L.......................................b.......................}...............................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\features[1].json

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text, with very long lines
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:Y7PuRPRYDRTRNRSDRbRMDR/RQOjR7SJslnIsSBpJR1IXRbGRZGRRRZDRm:Y72RPRYDRTRNRSDRbRyR/RZjRuAcBpJX
                                                                                                                            MD5:2F4F06AEB53B6C4B14A6646C8C6299C2
                                                                                                                            SHA1:1A6C11FBD05B5A53B1590B10C7165E565A9C361E
                                                                                                                            SHA-256:D3D5514EF4D30164D8418429C52CF68ACC6C6F552DAB004492CC4A066EDBF7D6
                                                                                                                            SHA-512:5ABB281031042D26DE0F0F48E7729A7740DCA8F215628C6849CDA6DF7F0A65CB5509A6DA30B19F56240596CF690002FE0502B658F1B2F3858A727F1B4C8062B5
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{"features":{"112833e0e686":{"state":"disabled"},"1d24dceb937a":{"state":"enabled"},"2b6795f78180":{"state":"disabled"},"4b1a01cc7e97":{"state":"enabled"},"4ce5951bc434":{"state":"enabled"},"51e2eff0626c":{"state":"disabled"},"603cade21cf7":{"state":"enabled"},"79b4f892c4fe":{"state":"disabled"},"7d2b9cb259c5":{"state":"disabled"},"818c3ef12d0b":{"state":"enabled","dna_filter":{"required_dna":["64336fb81a04836eb8108d24fbca3aa3682db0a5"],"forbidden_dna":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"]}},"b6023ede83bb":{"state":"disabled"},"b9677b166709":{"state":"disabled"},"c9a44eaecc11":{"state":"enabled"},"cc6fe6454aa9":{"state":"enabled"},"d144067b33ec":{"state":"enabled"},"f3834d6657d8":{"state":"enabled"}}}.

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Assistant_80.0.4170.40_Setup[1].exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:DpKg6tyo71Zbqt5Ej7LTaWRh+JI/js4hw6:DUcuZbqt5Ej7LOWvq+jV
                                                                                                                            MD5:89BB73A328BD405B08B7D21A0D7A391D
                                                                                                                            SHA1:95A4919AB65B6F433F12BEFEB575B488A1AEB30D
                                                                                                                            SHA-256:56504DEA4C5371C211E631496A25EF1FFD0E012574A5D9C9A0032A3920469A26
                                                                                                                            SHA-512:DEFFFA87559386EB7E9168DCAE3F648BFF49D7E202663605A2C3C57CF7AF7592A1F82873C796BB0EC04FDB3F5FD1C68176420BC5ADA17A43D03ABF535EAA29BA
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..........................................................................b......................8D...............................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):91
                                                                                                                            Entropy (8bit):3.964980110923723
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:ApEeKm8RKQB2LI/cAtAFqyLAIRlKFvBFGmWLn:ApEVNB2LI/xyFqyLbgzGdn
                                                                                                                            MD5:99BDE3452748E34D6C50275110A6A8D4
                                                                                                                            SHA1:E79CB2A8DB7D8490523529D3861F95BA73A20C23
                                                                                                                            SHA-256:D07311ACF641866E7E84823D2962F593BB655792301DC61AD6F0C6869D9C5937
                                                                                                                            SHA-512:19FD529C6FE60BBBE3710FED93F14D723A13AD427431F855ED84F5E5E496B9F3EB8A6E8C31D740239EB225753D52A4F464B489FDBDEFF4477480026263D0F691
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:Cookies are no longer stored in files. Please use Internet*Cookie* APIs to access cookies.

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:9d3e52OJVEfaOEMhbJe9mOxPdrwKPUa/GV1ztyQQXRbh0uNkQAYGvlzCJUu:fUHEf/zJcU+5wKPUauV1z0QQhb+uyQAy
                                                                                                                            MD5:4310BBB114DF4AACE5DF0A08B6A82B92
                                                                                                                            SHA1:02F4597B35D9AEF5A08AECAA79BA184BE232BD78
                                                                                                                            SHA-256:257CEDAE2D29DBA089FB21B95543D146D45D2D653A6A6FF4CE7A33C6B7328DC5
                                                                                                                            SHA-512:151C21AF8E3ED9A926C421E4BE4FA2FA1C3EE9E63EAE05187E86AC287689FB07B004C5C0864E3E50D04D9A6FB866F0D1C2A2AFE7B6523642A9C20439C269BC89
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...{.._..........".......$...........@.......@...@...........................A.....m.$...@.................................\qA.......@.\.............$.. ..XrA.$...........................t.@.......@.............................................UPX0....................................UPX1......$.......$.................@....rsrc.........@.......$.............@...3.96.UPX!......:...~.@...$..<@.&.......U..SWV.............1.$.......t$|h..j.V....\....F........xV....j,..t .D$|...s........ww. ..$.......1..|$H.....LPf.v.f..D$0j.h....WIi..........3..Pj..jl0@...v..V..d.6....jp..f....D$`T..H.|$x..1.....PS...'.L$`......6.....~..l(`.8.uh-..eG.......G.-H......y.....!..M.21.B..DY.9.Het.9g.}.?.>...m...T0.T$`}.........l.|$0....c.i.X........F..~..~..~.-H..8p/.t.~....mQ1.L..E.D$x....3\.|.@...iX1.Ph..v.....P.P..'F...w....%F.F..G..]...i...../....`u.....u`..F..F..F.1.....H

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\465d0daf-df98-41ea-af9f-6acad900aa25.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:YGKe2c8pskBpVln+6/HXigAJCVszfGKjD/Ap72EI2DKrlZDmqNkI8husG1bSE8mj:Ydm8PBpn+6qFjGCLEICKZZbmdoZ1z
                                                                                                                            MD5:2A3CD820731CA052410C1512252F45EB
                                                                                                                            SHA1:3F34D0396AD189060B47BEE9AE857F4E8EB7CAFF
                                                                                                                            SHA-256:EB6F7C936CC7CE09EF2E377F86AA10A5FB2F20AFC609AB0F6DA0C8B28836C2FE
                                                                                                                            SHA-512:D44EAC4DA60ADF9E3680A4AF62106955A9C58E1D5041BFF8EE7981E05316F1911D71FD031EE6C36BE028ABE1F844474256B03F09FBBA77000FE816E1EEEE4233
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{"country":"CH","features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"112833e0e686:disabled,1d24dceb937a,2b6795f78180:disabled,4b1a01cc7e97,4ce5951bc434,51e2eff0626c:disabled,603cade21cf7,79b4f892c4fe:disabled,7d2b9cb259c5:disabled,818c3ef12d0b,b6023ede83bb:disabled,b9677b166709:disabled,c9a44eaecc11,cc6fe6454aa9,d144067b33ec,f3834d6657d8","remote-features-guid":"5688c053-0064-4a2c-9586-c7912e9073a0","welcome-url":"https://redir.opera.com/www.opera.com/firstrun/?utm_campaign=opera_new&utm_medium=pb&utm_source=ais&http_referrer=https://jira.ironsrc.com/&query=/opera/stable/windows?utm_source=IS%26utm_medium=pb%26utm_campaign="}

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\8643faa0-6114-4a59-bdc1-6cbe6e473a4c.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:YSAILzPlouBDmqwSNkNW78hrQG8XsOJB1RINWZyoSbDs8mj:YSLrlZDmqNkI8husG1bSE8mj
                                                                                                                            MD5:C7BF2E3A2BE1D929DE361A9C58033709
                                                                                                                            SHA1:63A57CA64A41ECDFEAE619A50D42FCF46460DCF8
                                                                                                                            SHA-256:978506B54B23D7ACC0DB09D2192DEDA00B54AB9C4A219BC22C9B849D5F6E5A80
                                                                                                                            SHA-512:CB350B91EC798EE55EC7C38D5940CAD3EF60B2B98C00318166F194F2E327A75DCDAFBFBC37E5858DA002E8A186B4738F4228CD12DE94DF61CF9F82C9D660C6FF
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/firstrun/?utm_campaign=opera_new&utm_medium=pb&utm_source=ais&http_referrer=https://jira.ironsrc.com/&query=/opera/stable/windows?utm_source=IS%26utm_medium=pb%26utm_campaign="}

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\a5214798-6031-4303-a54b-0a6901daf3f0.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:YGKeLyzPlouBDmqwSNkNW78hrQG8XsOJB1RINWZyoSbDs8mj:YGKeurlZDmqNkI8husG1bSE8mj
                                                                                                                            MD5:FAA876E46E7BD91E0887B1C89AA35007
                                                                                                                            SHA1:105F803F671A4154C05FE71E6B3C111E964BE17E
                                                                                                                            SHA-256:8FCDA81769FA7BCC759C9224CBB7C6AECFD9709D55BF081CC1A9E1987AF3CD68
                                                                                                                            SHA-512:BD9CF5DAD85B316D722CA07922086586568A893569AFB28439CBDB8EB9FE87D6F057180808A8DF266822DD10ADF06A77A0C4BBD85B869A4D853E60DF86FEBC9E
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{"country":"CH","welcome-url":"https://redir.opera.com/www.opera.com/firstrun/?utm_campaign=opera_new&utm_medium=pb&utm_source=ais&http_referrer=https://jira.ironsrc.com/&query=/opera/stable/windows?utm_source=IS%26utm_medium=pb%26utm_campaign="}

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\additional_file0.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:DpKg6tyo71Zbqt5Ej7LTaWRh+JI/js4hw6:DUcuZbqt5Ej7LOWvq+jV
                                                                                                                            MD5:89BB73A328BD405B08B7D21A0D7A391D
                                                                                                                            SHA1:95A4919AB65B6F433F12BEFEB575B488A1AEB30D
                                                                                                                            SHA-256:56504DEA4C5371C211E631496A25EF1FFD0E012574A5D9C9A0032A3920469A26
                                                                                                                            SHA-512:DEFFFA87559386EB7E9168DCAE3F648BFF49D7E202663605A2C3C57CF7AF7592A1F82873C796BB0EC04FDB3F5FD1C68176420BC5ADA17A43D03ABF535EAA29BA
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..........................................................................b......................8D...............................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\extra_apps

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:/WBElmMWRElyn:aEl7WRElyn
                                                                                                                            MD5:922927F22EF5189300DB689F0C9EF022
                                                                                                                            SHA1:359AB18960786773969268AA8920ED284C136DA0
                                                                                                                            SHA-256:7FFF1AE3A38ACEED8DE26FE3DE3C43FDC2526210C3F225557EE3C8411175882D
                                                                                                                            SHA-512:015B3384CF3CF62CACCD1F1B6DB04298BBE2E72DDE2618AD66F151EFFD3BFE8B062F24AA99E6F0ACBA57120E43B811CF782860FAD5FF46B391CC57A006C39FFB
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:assistant:assistant..

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\installer_prefs_include.json (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:YSAILzPlouBDmqwSNkNW78hrQG8XsOJB1RINWZyoSbDs8mj:YSLrlZDmqNkI8husG1bSE8mj
                                                                                                                            MD5:C7BF2E3A2BE1D929DE361A9C58033709
                                                                                                                            SHA1:63A57CA64A41ECDFEAE619A50D42FCF46460DCF8
                                                                                                                            SHA-256:978506B54B23D7ACC0DB09D2192DEDA00B54AB9C4A219BC22C9B849D5F6E5A80
                                                                                                                            SHA-512:CB350B91EC798EE55EC7C38D5940CAD3EF60B2B98C00318166F194F2E327A75DCDAFBFBC37E5858DA002E8A186B4738F4228CD12DE94DF61CF9F82C9D660C6FF
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/firstrun/?utm_campaign=opera_new&utm_medium=pb&utm_source=ais&http_referrer=https://jira.ironsrc.com/&query=/opera/stable/windows?utm_source=IS%26utm_medium=pb%26utm_campaign="}

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\installer_prefs_include.json.backup

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:YSAILzPlouBDmqwSNkNW78hrQG8XsOJB1RINWZyoSbDs8mj:YSLrlZDmqNkI8husG1bSE8mj
                                                                                                                            MD5:C7BF2E3A2BE1D929DE361A9C58033709
                                                                                                                            SHA1:63A57CA64A41ECDFEAE619A50D42FCF46460DCF8
                                                                                                                            SHA-256:978506B54B23D7ACC0DB09D2192DEDA00B54AB9C4A219BC22C9B849D5F6E5A80
                                                                                                                            SHA-512:CB350B91EC798EE55EC7C38D5940CAD3EF60B2B98C00318166F194F2E327A75DCDAFBFBC37E5858DA002E8A186B4738F4228CD12DE94DF61CF9F82C9D660C6FF
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/firstrun/?utm_campaign=opera_new&utm_medium=pb&utm_source=ais&http_referrer=https://jira.ironsrc.com/&query=/opera/stable/windows?utm_source=IS%26utm_medium=pb%26utm_campaign="}

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\opera_package

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1572864:YMvlEg2OQg0Z2ksCCvfGPJywM27X8kpmDiRZIpm74HdAJ5ZvBjFmNLrkcQsT6oZ8:Hl2OQnnsCCGGqX8UYiR2pm7SA3njFgF2
                                                                                                                            MD5:765DC39F8B54DB7060500267059D4F2D
                                                                                                                            SHA1:10F747EA35F1340C182E1C7165DFFFCA5ECDA4EB
                                                                                                                            SHA-256:A672633E3391148538C45254CBAD3CCC7617ADC60A28F1C2A6B483DB2FAAD2D0
                                                                                                                            SHA-512:6B5E516A5BB1B017DF699EAF538B749F80B4430A1AFC3584BE76BBE9F40436414BBEC503E20121C42B65285AD4AF2A214F5DCC5E352896500F6130A307164A52
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..................................L.......................................b.......................}...............................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\pref_default_overrides

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:FmuGAW/FeHHQKkXGaG6AwHOZaHb:F7GLWVkXBG6LuZa7
                                                                                                                            MD5:F488C9F9D9D5E631484D4BF155F45442
                                                                                                                            SHA1:0F0E624770E47BEA5186748A9DE85C677DD84FA7
                                                                                                                            SHA-256:E6F214FF5CCBBE6E7ABCF309138CDCB46D3FE3915E9BBBE8DD3C15AFB439F708
                                                                                                                            SHA-512:D72D1DAA86E650A0589F6991F7A7BB3B7CA3484D49BC0D0D703B28B8F399F3123DF2BF3C949A899FAB55BDE7D888736F655E462E2CD02ADE59BBF9E67DF54064
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{. "Preferences": {. "ui.search_box_enabled": false. }.}

                                                                                                                            C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202202101926001\server_tracking_data

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:zFZBjHage4+e3bb+/bvQsJ1VpvI5m4AeUP41ruXr13H37otCFpyfoFbIlya99zGL:zdHze4+mmLQsXvrTnXXr1X3stMpyJlVS
                                                                                                                            MD5:AB1231D4A4886CECBC00CAA0E25D23A6
                                                                                                                            SHA1:F4DAC1C60297D03CB2177356D189B7488EBB11D9
                                                                                                                            SHA-256:8D2042B4B6B038C2E0EFBED49AA24E95350F3409337F12B3B5E45F54D11019E2
                                                                                                                            SHA-512:F3DD75980764B0BA35B5B78BEED1878BA9B632A2A30A6FF0C5571C72D3A7B1386A6545358958FC44762FCB9B2CEDEAA959DDB25D915BDB6548BB554ACBE9E84E
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:YjFmY2FlNTY4ZGM2MzlhMGJiZTVmYWM4MTUyZWMyMzg0MWQ4YzNkNWYyNGFlZGQ5NThiYjc3OGY3YzkwYmVjNzp7ImNvdW50cnkiOiJJTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2ppcmEuaXJvbnNyYy5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9SVMmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249IiwidGltZXN0YW1wIjoiMTYwNzYwMDA0NC45NTQ2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzg3LjAuNDI4MC44OCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3IiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6IjNlOWVmZDhkLTIzYjctNDUxZS04ZGJjLWFkOWI3NzI0NzkzOSJ9

                                                                                                                            C:\Users\user\AppData\Local\Temp\Opera_installer_2202101825436176496.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):0
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:xEJ4JOEOHb10m/hDZacn2zTtjPzQSKsVy1Q+XbJdKSmYptTSEFt:O71VDZJSjPzQOVyi6brKHE/
                                                                                                                            MD5:9B3D4EBD473A77EFE7EBFDA7E6F1F96B
                                                                                                                            SHA1:8782257E515C330B1C04927FCCFA7786E4FD5785
                                                                                                                            SHA-256:69841379571ABCA36A6C8DE12EB3FFB17048663303DB5DFFCB159826E9F53F8C
                                                                                                                            SHA-512:56A1BAD26BE1946C7623E7FA54A60ED195E5379945720B84CEE8768E563BBFB001B387B698BFBDD7578FFE9C9F17315FEFF8AEB87DF4635CB4E02AA74B00FF84
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...{.._.........."!......%..Z......P.".......................................:......:...@A........................W9..q....9.......p/.8.............9......p9.@+...................................+.............hC.......8..@....................text.....%.......%................. ..`.rdata..4.....%.......%.............@..@.data...t........2..................@....00cfg.......0/.....................@..@.tls.........@/.....................@....voltbl.\....P/.........................CPADinfo0....`/.....................@....rsrc...8....p/.....................@..@.reloc..@+...p9..,....8.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\Opera_new.png (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):63382
                                                                                                                            Entropy (8bit):7.978785864073588
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:zlMMJjVhJxZPyOFSX2r8v2NBo0F9TPCii6D5Abf:ykVzyRXe8ao0FdPC9j
                                                                                                                            MD5:0C4E00C3E5A231A0A3769E1B958ADBAC
                                                                                                                            SHA1:C85E3B37DD1B7AF7B2385191D5E3586AD1FDF6BB
                                                                                                                            SHA-256:F6E28137558F4DAE882D92C45CC2EBA35602FF6EDD6A8FB16558B5950FF0FD25
                                                                                                                            SHA-512:E8F5394D5BD8DCD67BBFF212F2627473D75C4E095A53F549AE5E8FE09ABA440A106C374D8239CE60AFA6869D9503566721F92B5E9EE463CBDC0903BA5A483C18
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a....+IDATx.....]Iz..~q..RJ.JR.^..Vw..+.e..U.<...C50.....n<..f.;.(sgYv..I...1 .~,...$.x.6J...re.....U+U.V..R..{c....s....{..).../.<.xG...../.......................................................................................................................................................................................................................................................................................................................................................................V............0.G.'..#.~...s.>.z....C....[.M...I...|..c....B.........>.../......8........S|....|.....}..q>...]...A8....W...|.[........|..M..._..`.[|..}.....g.|...x\......M.+.s........y>~....`.>G...........5>^.....7)&..)&..#...w?........qL.s.R).a.........T......s..].5*.o...C6.Qz@.( @..l...u.>.#mE..T...>Ny.!.<d.!==M.......z..(O...;..aK..#-.....P..............9..f.A:..k<;N.PD..).

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\RAV_antivirus.png (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):25985
                                                                                                                            Entropy (8bit):7.872212470327225
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:Csdk4oXIOi9d/+ZqTIGY6N8IHkTk9EALvAqbgbiCMTxTgWMruGFLRA6XJvZvBZRR:zdk441ZAhYq8IHL9qipxkhrLR15vR
                                                                                                                            MD5:2ABAF83D2AC789BFFF96213044C33832
                                                                                                                            SHA1:4163DFA4E5B444F808967BC7FFB2A53F5DF05CCD
                                                                                                                            SHA-256:8F8511F9A72FC0033270AAED689B76D3ECA3AEFF0B5B4159D7E94F928D155175
                                                                                                                            SHA-512:CBC497A607FCF6559806C23F1A0CEE02F7EEA187553F3843758FFBCD33AF13447D5212840E6153E3B80CB5FBDFBCF7EE2B1EF20E2DA86D2D2263EC14A695D804
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a...e.IDATx...u.......?=...........9..g.....Z......@t..D.t......>..h.@........v......".d...B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!....p:.......Xu{.;...8K..BZSTF.\<.;|....K........^..[.8E..b37.?...F..8.mQhp.|...B.rJ......#../..p_..q..I.vX.8..p....6.....k.jw\&a...z;.&...;.'....oYJ.1..R.F.=...a..........oL.....IY~.!d..f.....Y.x.;;.. .p.}....?......1......4..;...u.;.@N.]a.I.L.m&.Y&|5...as+...c..5z.w.U&.mH.....c.<C..[.a.gB&.9.n..^...+.......?........=..6X.._.Z....].........f...].t .._.k..Rc\...qa......|.....].3.]....RB..M,=<.q3iM.qe...-.;!.......s......A.c.6[i.<3~..#N.T.ypb8%.U._3...{5_g.WF<YY.].....3.....Q....f..v...Il.%a..|.!&.L.V...J.o....o..{BH{|...7i....>5..Wqh.....VxWFZ........^,.

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\_isetup\_setup64.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):6144
                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\botva2.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):37888
                                                                                                                            Entropy (8bit):6.216405702855349
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:kyNq+QWR4gxSUzF08/zFlKcLdQxNld36fJPHw5g4wT1C:jNq+Qw0+JLAqf9Hw5C1C
                                                                                                                            MD5:67965A5957A61867D661F05AE1F4773E
                                                                                                                            SHA1:F14C0A4F154DC685BB7C65B2D804A02A0FB2360D
                                                                                                                            SHA-256:450B9B0BA25BF068AFBC2B23D252585A19E282939BF38326384EA9112DFD0105
                                                                                                                            SHA-512:C6942818B9026DC5DB2D62999D32CF99FE7289F79A28B8345AF17ACF9D13B2229A5E917A48FF1F6D59715BDBCB00C1625E0302ABCFE10CA7E0475762E0A3F41B
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................r........................@.................................................................................................................................................................................................CODE.....p.......r.................. ..`DATA.................v..............@...BSS..................x...................idata...............x..............@....edata..............................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\fail.png

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1264
                                                                                                                            Entropy (8bit):7.751631265718237
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:QVMiA9E3i5Vb2byQrRZWmMITKqHW8seN63WIEi5KR/n:wW98iri/WsKqHWNzWHi8Rv
                                                                                                                            MD5:E473525D62BD16A62C734D3EA62AB2E5
                                                                                                                            SHA1:9E45D87FF631F6BC7521B3FB7F4E0C6C9D70DECF
                                                                                                                            SHA-256:17F19ED0D114A60342158E117D4FE76DB1F5B96B239987F623598C681EB797B0
                                                                                                                            SHA-512:85F84E5DA4C08EB130B47D775BB92518C3A7713E30619BEA1B32B6BF6BB263AAEC81AD6D5903781E695575726820E98FE3A75FE9DD989981B31D8DD6E91290CA
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.173n.c...`IDATx^.M..1..?DD\{....s....D\.."""""".EDDDD.x.W.@\.r%.J.'....j:.d..y.a:?U.tR..Ag..g.yqG.._.w.[......g..,u.K.;%.>'...";Y.m..m.z0N....i.m..}-F.sW....=./...@.....a.......e.:+>..m.-..]...e.6.&l.&..#au.$...+qJ..V.K.[...h.:Z2.........c.=.:..;_....j5......S..../.8.wfIAN+....ZZ.....8\Dc....yI<.}7.|.<@q.*z.'8....p..vt....#.9.f.N...*;.+b.. .9.H4X.<...b......l....#..`m&g..Y.BM4yML)2...b3.6...u..P'..N....QRtv..H:Z...~-. ..V.!...B..=..s.....^.%a.+a........|N}.{.....-9@4.B..=y..#.uk..t.a=..3....".)-...........g*3.O......SK..Z.O.\oy..y).>..{......3.....z..|O....V..5....u....rK...{>..>Xm.....= ....e6.|.......lI..3.j...y.x.=.g1.,.V[-I.@.E.U|..Y.B..eHZ.{n../5.g1..UV.-H.`.@....uJ8.S..Ma..%.B=...{.gg`./...r....B..!....+.w. .0.+J:..<...!S3%.':........t.....2...7.A..?......<w.t...?...g.........$E?...s.3...:..0..{XI.b`mZ.t...Y"....m.v...n.#iq.Y\....

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\is-12IP0.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):63382
                                                                                                                            Entropy (8bit):7.978785864073588
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:zlMMJjVhJxZPyOFSX2r8v2NBo0F9TPCii6D5Abf:ykVzyRXe8ao0FdPC9j
                                                                                                                            MD5:0C4E00C3E5A231A0A3769E1B958ADBAC
                                                                                                                            SHA1:C85E3B37DD1B7AF7B2385191D5E3586AD1FDF6BB
                                                                                                                            SHA-256:F6E28137558F4DAE882D92C45CC2EBA35602FF6EDD6A8FB16558B5950FF0FD25
                                                                                                                            SHA-512:E8F5394D5BD8DCD67BBFF212F2627473D75C4E095A53F549AE5E8FE09ABA440A106C374D8239CE60AFA6869D9503566721F92B5E9EE463CBDC0903BA5A483C18
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a....+IDATx.....]Iz..~q..RJ.JR.^..Vw..+.e..U.<...C50.....n<..f.;.(sgYv..I...1 .~,...$.x.6J...re.....U+U.V..R..{c....s....{..).../.<.xG...../.......................................................................................................................................................................................................................................................................................................................................................................V............0.G.'..#.~...s.>.z....C....[.M...I...|..c....B.........>.../......8........S|....|.....}..q>...]...A8....W...|.[........|..M..._..`.[|..}.....g.|...x\......M.+.s........y>~....`.>G...........5>^.....7)&..)&..#...w?........qL.s.R).a.........T......s..].5*.o...C6.Qz@.( @..l...u.>.#mE..T...>Ny.!.<d.!==M.......z..(O...;..aK..#-.....P..............9..f.A:..k<;N.PD..).

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\is-8MDKK.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):540312
                                                                                                                            Entropy (8bit):7.151197745087488
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:yNeZNQ3blltlXos+PrVGwTtCCyajLiBNAVPzH94q4XuR9wK3YPJk:yNcQL7tl6TVGmcojLiBUzHZwK3Yxk
                                                                                                                            MD5:BF8C3713C265A55043C2C4B1563786A8
                                                                                                                            SHA1:1B74CC4F7532A627FD0E5976DA91DFB5F056E571
                                                                                                                            SHA-256:A431879637425B7A833F683EEE41567E7D089FC526F05BA00DEE2A34EB487151
                                                                                                                            SHA-512:0ECE86BBC6A9C7260008B39B00BA1FE89ECDA3A58130710333CBAB98E31C3A610F7014D906865245C603DC7D15A037959E2208C8A044FDC31325DCF9F1A58E9C
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L....Oa.................f...*.......4............@.................................."....@..............................................................e...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata... ...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\is-LK7EJ.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:Zip archive data, at least v2.0 to extract
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2292510
                                                                                                                            Entropy (8bit):7.9988306152958195
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:49152:3J0r9l+Hlfb2sG0zzdg1QmA0+XLu0H0f9mDdp4yhRgLqEVgvJ1C:3g36m1TA0kLu0As5pthRgLwJI
                                                                                                                            MD5:A449A769F3D319F6EE2DBDEA3181C27E
                                                                                                                            SHA1:3E1BC9D7E750F5EF74EFDDEC4082B298F165AE3D
                                                                                                                            SHA-256:BDDEBEEFBEE71D61FEC0E9BFC8A441392C17037D3E7F22813F5289965B7DC374
                                                                                                                            SHA-512:0F5623B8B3F19FCBF6A02CAB7954094E1DF3128A9F469CDB0F1E95846CAB237138241DFFD9B80D8B30C47ECFE4D600FCB322929705E807F6A6653D7C8ED49F3C
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:PK........Gl.Q./...."..$.....OperaSetup.exe...X.....I.. ..........x..j..b%.nA+ *"R....J.. ...Vm..Zm...............*.......{..;...s...3.;.dfv..y....y..A..._....Oy.......]......i...Y.[.6..n.sg...i.7K...m'7lM.wGF.........A.!{..n.?>...I...!...PF^huC._...7.1...V... ..m...#..........|..?..d.M..B......&.._...f.....Ax..{R......%......)N......o.. ..ZGK...'.......&..QOD..gegm.xR...cTH.v.k......%.....J...t....fu..9A'+...o{.]..0..........O.C{.A.;....w...k...i.F:...'.......$...y.8.A....J....3..tfK...Pnn7Ww..E..Pg+.`/OJ...D.<...b.0.?.:... ....../.c....&y:../.x......)MK..q....R.a=..K.E.Rb//.|....C..J.j6..K.c.......rxR]I...DTi...-..5g..`.pt....V.......j/zZ........C._...-....'..+t.... .K,...%..2.w.S..v|/.?`.P7.........K.n...L.f.5k......U.R_...{tG..Fx..0^....,L...x.......i.-g....A.r...6[bQ......%...Vx...L..rq.{..|+....U.~....@........m.`...( ..!.-..<.Q8l..J.....c........51.....Y....t.t.".g.=..b`....rA...1..../..7.|.Y.>8=u...q)..pz...T.M....q..@..)..

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\is-OO32S.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2134792
                                                                                                                            Entropy (8bit):7.9852355538797095
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:Z5cNqvW8vJASZ9gapxjW2eCmnT7aWMvd/HTXZS:gqvWGJASw6SQI7aWeR4
                                                                                                                            MD5:8972ADD33EF8423C9C13BCEFBC97616E
                                                                                                                            SHA1:6678EB276AA4516E4E508F109F92DE55C791F928
                                                                                                                            SHA-256:78568F8F3297E15FC90CAFA40E0A7647E2FF0F88426FDDEEAAEB9FC5AD2BCBCC
                                                                                                                            SHA-512:EDDC2F68A69B9B569FF4C48342B4B0EBE20ECE2BBDC0A166EB4088C5D70F8517BA3C47D415C969C27180B6197DDAC9CF90FD64E014BC6D87AF340B84354BD31A
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......... ...s...s...s.6Fs...s.6Dsf..s.6Es...sE.r...s>.ps...s...r...s...r..s...r...sH..s...s#..s...s7..r...s7..rk..s..4s...s..3s...s..$s...s...sV..s7..r!..s2.Hs...s.. s...s7..r...sRich...s........................PE..L......a......................... 7..U..07...U...@...........................W.....d. ......................................W.......U..............h ..+..................................l.U.......U.\...........................................UPX0..... 7.............................UPX1.........07..t..................@....rsrc.........U......x..............@..............................................................................................................................................................................................................................................................................................3.00.UPX!....

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\is-S5K18.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):25985
                                                                                                                            Entropy (8bit):7.872212470327225
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:Csdk4oXIOi9d/+ZqTIGY6N8IHkTk9EALvAqbgbiCMTxTgWMruGFLRA6XJvZvBZRR:zdk441ZAhYq8IHL9qipxkhrLR15vR
                                                                                                                            MD5:2ABAF83D2AC789BFFF96213044C33832
                                                                                                                            SHA1:4163DFA4E5B444F808967BC7FFB2A53F5DF05CCD
                                                                                                                            SHA-256:8F8511F9A72FC0033270AAED689B76D3ECA3AEFF0B5B4159D7E94F928D155175
                                                                                                                            SHA-512:CBC497A607FCF6559806C23F1A0CEE02F7EEA187553F3843758FFBCD33AF13447D5212840E6153E3B80CB5FBDFBCF7EE2B1EF20E2DA86D2D2263EC14A695D804
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a...e.IDATx...u.......?=...........9..g.....Z......@t..D.t......>..h.@........v......".d...B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!....p:.......Xu{.;...8K..BZSTF.\<.;|....K........^..[.8E..b37.?...F..8.mQhp.|...B.rJ......#../..p_..q..I.vX.8..p....6.....k.jw\&a...z;.&...;.'....oYJ.1..R.F.=...a..........oL.....IY~.!d..f.....Y.x.;;.. .p.}....?......1......4..;...u.;.@N.]a.I.L.m&.Y&|5...as+...c..5z.w.U&.mH.....c.<C..[.a.gB&.9.n..^...+.......?........=..6X.._.Z....].........f...].t .._.k..Rc\...qa......|.....].3.]....RB..M,=<.q3iM.qe...-.;!.......s......A.c.6[i.<3~..#N.T.ypb8%.U._3...{5_g.WF<YY.].....3.....Q....f..v...Il.%a..|.!&.L.V...J.o....o..{BH{|...7i....>5..Wqh.....VxWFZ........^,.

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\license.rtf

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:Rich Text Format data, version 1, unknown character set
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):49596
                                                                                                                            Entropy (8bit):5.090527980839645
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:qYVCfKMzsBFKwAtV6hKkYblb9VQ3bMqXa1dK4mhQhAGvi6rGsdbuGiYuOjjQK++x:qYVCfrxlb9AblOK4mQCGixmD+KNLBz
                                                                                                                            MD5:D8A042B2BBA1965983FF2820F5307F64
                                                                                                                            SHA1:5F2F3E3B373B7D0DBAF2D165E1088303995D63DF
                                                                                                                            SHA-256:0A6C8D26AD17AE622CF69A645174F4B87C21810733E1BA474CC4CB732992E383
                                                                                                                            SHA-512:A5B2D0E1927C60F9EA415D9EB620EC9481FF26965C8313DDA1A09A9C95B9EA9588CB8E80A742190476569EA8843C20AC95378519CB77E62BDDA1AE4FECCD5520
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff31507\deff0\stshfdbch31506\stshfloch31506\stshfhich31506\stshfbi31507\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}..{\f39\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f40\fbidi \fmodern\fcharset0\fprq1{\*\panose 020b0609020204030204}Consolas;}{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fhimajor\f31502\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0302020204030204}Calibri Light;}..{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\flominor\f31504\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fdbminor

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0 (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):540312
                                                                                                                            Entropy (8bit):7.151197745087488
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:yNeZNQ3blltlXos+PrVGwTtCCyajLiBNAVPzH94q4XuR9wK3YPJk:yNcQL7tl6TVGmcojLiBUzHZwK3Yxk
                                                                                                                            MD5:BF8C3713C265A55043C2C4B1563786A8
                                                                                                                            SHA1:1B74CC4F7532A627FD0E5976DA91DFB5F056E571
                                                                                                                            SHA-256:A431879637425B7A833F683EEE41567E7D089FC526F05BA00DEE2A34EB487151
                                                                                                                            SHA-512:0ECE86BBC6A9C7260008B39B00BA1FE89ECDA3A58130710333CBAB98E31C3A610F7014D906865245C603DC7D15A037959E2208C8A044FDC31325DCF9F1A58E9C
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L....Oa.................f...*.......4............@.................................."....@..............................................................e...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata... ...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1 (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:Zip archive data, at least v2.0 to extract
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2292510
                                                                                                                            Entropy (8bit):7.9988306152958195
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:49152:3J0r9l+Hlfb2sG0zzdg1QmA0+XLu0H0f9mDdp4yhRgLqEVgvJ1C:3g36m1TA0kLu0As5pthRgLwJI
                                                                                                                            MD5:A449A769F3D319F6EE2DBDEA3181C27E
                                                                                                                            SHA1:3E1BC9D7E750F5EF74EFDDEC4082B298F165AE3D
                                                                                                                            SHA-256:BDDEBEEFBEE71D61FEC0E9BFC8A441392C17037D3E7F22813F5289965B7DC374
                                                                                                                            SHA-512:0F5623B8B3F19FCBF6A02CAB7954094E1DF3128A9F469CDB0F1E95846CAB237138241DFFD9B80D8B30C47ECFE4D600FCB322929705E807F6A6653D7C8ED49F3C
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:PK........Gl.Q./...."..$.....OperaSetup.exe...X.....I.. ..........x..j..b%.nA+ *"R....J.. ...Vm..Zm...............*.......{..;...s...3.;.dfv..y....y..A..._....Oy.......]......i...Y.[.6..n.sg...i.7K...m'7lM.wGF.........A.!{..n.?>...I...!...PF^huC._...7.1...V... ..m...#..........|..?..d.M..B......&.._...f.....Ax..{R......%......)N......o.. ..ZGK...'.......&..QOD..gegm.xR...cTH.v.k......%.....J...t....fu..9A'+...o{.]..0..........O.C{.A.;....w...k...i.F:...'.......$...y.8.A....J....3..tfK...Pnn7Ww..E..Pg+.`/OJ...D.<...b.0.?.:... ....../.c....&y:../.x......)MK..q....R.a=..K.E.Rb//.|....C..J.j6..K.c.......rxR]I...DTi...-..5g..`.pt....V.......j/zZ........C._...-....'..+t.... .K,...%..2.w.S..v|/.?`.P7.........K.n...L.f.5k......U.R_...{tG..Fx..0^....,L...x.......i.-g....A.r...6[bQ......%...Vx...L..rq.{..|+....U.~....@........m.`...( ..!.-..<.Q8l..J.....c........51.....Y....t.t.".g.=..b`....rA...1..../..7.|.Y.>8=u...q)..pz...T.M....q..@..)..

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2405064
                                                                                                                            Entropy (8bit):7.771364721874354
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:9d3e52OJVEfaOEMhbJe9mOxPdrwKPUa/GV1ztyQQXRbh0uNkQAYGvlzCJUu:fUHEf/zJcU+5wKPUauV1z0QQhb+uyQAy
                                                                                                                            MD5:4310BBB114DF4AACE5DF0A08B6A82B92
                                                                                                                            SHA1:02F4597B35D9AEF5A08AECAA79BA184BE232BD78
                                                                                                                            SHA-256:257CEDAE2D29DBA089FB21B95543D146D45D2D653A6A6FF4CE7A33C6B7328DC5
                                                                                                                            SHA-512:151C21AF8E3ED9A926C421E4BE4FA2FA1C3EE9E63EAE05187E86AC287689FB07B004C5C0864E3E50D04D9A6FB866F0D1C2A2AFE7B6523642A9C20439C269BC89
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...{.._..........".......$...........@.......@...@...........................A.....m.$...@.................................\qA.......@.\.............$.. ..XrA.$...........................t.@.......@.............................................UPX0....................................UPX1......$.......$.................@....rsrc.........@.......$.............@...3.96.UPX!......:...~.@...$..<@.&.......U..SWV.............1.$.......t$|h..j.V....\....F........xV....j,..t .D$|...s........ww. ..$.......1..|$H.....LPf.v.f..D$0j.h....WIi..........3..Pj..jl0@...v..V..d.6....jp..f....D$`T..H.|$x..1.....PS...'.L$`......6.....~..l(`.8.uh-..eG.......G.-H......y.....!..M.21.B..DY.9.Het.9g.}.?.>...m...T0.T$`}.........l.|$0....c.i.X........F..~..~..~.-H..8p/.t.~....mQ1.L..E.D$x....3\.|.@...iX1.Ph..v.....P.P..'F...w....%F.F..G..]...i...../....`u.....u`..F..F..F.1.....H

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\success.png

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1059
                                                                                                                            Entropy (8bit):7.661253469196727
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:n3sK6uGabF5pVPJ2/QgGuasgpicBwaWqKp6OzJezErls9:3sK6uPvpVPJmhGCF4OzJezkW
                                                                                                                            MD5:3B8ACBB0D2DF56857A908F886529E316
                                                                                                                            SHA1:50A8FE8F4581346F3BDEE47281E959A6FD24906D
                                                                                                                            SHA-256:EA56671F1C4A958E173320B6A90FFE3C495FE1530C71FBC1806A7A2F921C402B
                                                                                                                            SHA-512:6A17486095C0229FFC30A2A65285CCC35994FC24689465114ADE8852DB7AE81395D615E57C782DC0A1BA715160C1AA038B53FAE3FCA46309E0113235558C7BD8
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.PNG........IHDR...@...@......iq.....gAMA......a.....pHYs..........(J.....tEXtSoftware.paint.net 4.0.173n.c....IDATx^.[..@.......j`........""...(x./...u...P..zN....T2...]p.I...N...L|.~...rc>..Z.._p...X.ei......x.N...b...q..`...:..xb77..o./......:.^....BC....V....j..a;4...}..0.`Eh..l'b.../.4....5.......@....b...&.4..n......s. ................B.LT.#D!....p..v......PQ.T..X!...AVU.......P.bX...p.[.o........2.....Y.............,.aF,....@..T.......\..E.....dA3....u.p.F3...7.e.e.".@1....;.+S.......<{.n......?.]A..:....,Z~".#...=..Nc........{[....@e..a..;....*KU......p...n.B.o...+#>...\.i..<.......Lpa......y.y....C....k8....S.S..\.>Un .n........+$..Z.h .....g. ...!m..:.X...H..i........B...o8... <DZ!.....B{....../. ..{....:......C..fHH5......9.&w..a... 0_Z.Z.7..0.#.."..^!..y...l.. w:..HL..e...M^P..:.E....^........E)!.....g-?4..o..i....y..j...i..Ef..)..A*..$.$.....i.$E.".......H.CI...>.....7.X........c...7BCc....}.. .._fl.q.SU'....-........A;f.".t..

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2134792
                                                                                                                            Entropy (8bit):7.9852355538797095
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:Z5cNqvW8vJASZ9gapxjW2eCmnT7aWMvd/HTXZS:gqvWGJASw6SQI7aWeR4
                                                                                                                            MD5:8972ADD33EF8423C9C13BCEFBC97616E
                                                                                                                            SHA1:6678EB276AA4516E4E508F109F92DE55C791F928
                                                                                                                            SHA-256:78568F8F3297E15FC90CAFA40E0A7647E2FF0F88426FDDEEAAEB9FC5AD2BCBCC
                                                                                                                            SHA-512:EDDC2F68A69B9B569FF4C48342B4B0EBE20ECE2BBDC0A166EB4088C5D70F8517BA3C47D415C969C27180B6197DDAC9CF90FD64E014BC6D87AF340B84354BD31A
                                                                                                                            Malicious:true
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......... ...s...s...s.6Fs...s.6Dsf..s.6Es...sE.r...s>.ps...s...r...s...r..s...r...sH..s...s#..s...s7..r...s7..rk..s..4s...s..3s...s..$s...s...sV..s7..r!..s2.Hs...s.. s...s7..r...sRich...s........................PE..L......a......................... 7..U..07...U...@...........................W.....d. ......................................W.......U..............h ..+..................................l.U.......U.\...........................................UPX0..... 7.............................UPX1.........07..t..................@....rsrc.........U......x..............@..............................................................................................................................................................................................................................................................................................3.00.UPX!....

                                                                                                                            C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):3214848
                                                                                                                            Entropy (8bit):6.433022209225392
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:iEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVU33385:i92bz2Eb6pd7B6bAGx7+3336
                                                                                                                            MD5:9054C48186BB9E64F0EDA6958EFEB852
                                                                                                                            SHA1:3C4C7F24628B203D0F64B8F8E12C5C783849D3AB
                                                                                                                            SHA-256:E38840B99DF615341B0BBA7C6A27E2D07A2C3B9DE49375A59EE1C9BDF2D72BD7
                                                                                                                            SHA-512:0607C45B03218F292373FF1FCE77F29AAC2E2DF9AC67BAE6A1524638D668416BBA93A47E21272C77EE26C7CA7E5ADD2A171600D2804E35764D8DAF2BB7E46B0B
                                                                                                                            Malicious:true
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1...........@......@....................-......p-.29....-.......................................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsn980C.tmp\ArchiveUtilityx64.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):154968
                                                                                                                            Entropy (8bit):6.36685535842309
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:tAMpz3eH1BFZWSVJqzL69oFNmGqN+gR+L1VPwd:tAazsJZWmqzL69LMO
                                                                                                                            MD5:8CE66C2BA080BCF3578DAE6922E2B230
                                                                                                                            SHA1:C8CF1BF7DCD020232F63EB9241B8E277549F8F23
                                                                                                                            SHA-256:D0869B51F08D9DD327C97AD9475CB1CDD01ECDDBEC39D6B8C500C5EB0660FE28
                                                                                                                            SHA-512:ADFF5FA23805B43C7439165F28F261EBFA68B81B005C5A16CB4CE1C36EF6327B3E55BFD8195887F5DD5D17D8CB37A8E48AA99B4A6FD46C141EEEF6E0AF5D8DD4
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.).T.z.T.z.T.zh&.{.T.zh&.{>T.zh&.{.T.z.!.{.T.z.!.{.T.z.!.{.T.zh&.{.T.z.T.z.T.z.<.{.T.z.!.{.T.z.!.{.T.z.!fz.T.z.!.{.T.zRich.T.z........PE..d....Q.a.........." .....R..........0....................................................`.............................................T.......(............P....... ..X=......D.......p...........................0...8............p..`............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...0<..........................@....pdata.......P......................@..@_RDATA.......p......................@..@.rsrc...............................@..@.reloc..D...........................@..B................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsn980C.tmp\ArchiveUtilityx86.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):128344
                                                                                                                            Entropy (8bit):6.667691716857046
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:H+mQhpZxggggMfxErW2JrFP6Hw3SOR2+BBz5UPlFe:emcTxggggMf+rdJPddBz5EI
                                                                                                                            MD5:E8C388FE622C3620787ABC9414721D03
                                                                                                                            SHA1:DAD21BCD59C720F98D459CEAB1335B7DD2E9C00A
                                                                                                                            SHA-256:09B9DC4603E0589603B271AF4B422D799BE7748C622D07E90AB005A5E4C7631E
                                                                                                                            SHA-512:5D11F8D76B69B4A7696434DD7942C28820FEA50CFF1106F0632216F6D77B208838138234D81EF104A1810CBD66D7DCFE24A5D6A4F6BC42118B1C2C12CEC9C93E
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z......P.............N.......D.......U.......H......Y...Z.......0...J.....X.....[....p.[.....[...RichZ...........................PE..L....Q.a...........!.....8...................P.......................................h....@.............................T.......(.......................X=..........|...p..............................@............P...............................text....6.......8.................. ..`.rdata..F^...P...`...<..............@..@.data...03..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):105816
                                                                                                                            Entropy (8bit):7.37013899602093
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:891ndL5zjrOospqDieu1a/x/y009eb/uc1ToyY24ExYpu+9hBPhBA/9VfIkPBprT:I1dL57OosYt5ogb/uc1Toi4MKu+3P3KT
                                                                                                                            MD5:EEA360450972F6372891341AEFFFBAA8
                                                                                                                            SHA1:20E6F26E140B272409430BF3E2022A431CEB82E4
                                                                                                                            SHA-256:14223F7C6CD9272ED7838615D99F8CFB8AEF31CF861632B063DF541A956B19E4
                                                                                                                            SHA-512:849CCAFA6B246EC13BB59E406D442F6BF13738BDE05669A8083F207AD9199A3F7BA0D1D2DA1F9DCF59A8C98220BAC078851F03CCAA90CF6214684CC7A821DAD5
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5..........."...0......x........... ... ....@.. ..............................j.....@.....................................O.... ...t...........`..X=..............8............................................ ............... ..H............text........ ...................... ..`.rsrc....t... ...v..................@..@.reloc...............^..............@..B........................H........0...4..........(e..............................................0..........s....%r...po....%rY..po....%rg..po....%r...po....%r...po....%r...po....%r...po....%(....o....s....o ...o!...%r...po"...%r...po#...%r7..po$...%rG..po%...%rk..po&...%ry..po'...%r...po(...%r...po)...%r1..po*...%r}..po+...%r...po,...%r...po-...%r...po....% ....o/...%.o0...(1...*..0..R.......sI....(....(2...s3....r1..p...,.......(4......(5.....(6...s7......(8......(9......{:...(;.......s<.....s=...

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):261
                                                                                                                            Entropy (8bit):4.967763398978415
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:TMV0kIffVKNC7VNQlcNC7VNQAofC7VJdfEyFRRAopuAW4QIT:TMG13VOQJQzofcr6U93xT
                                                                                                                            MD5:669F7A06A8064DA8C37F89C7F0270FCE
                                                                                                                            SHA1:4324865B840A3A11D1A4A072EBE17531D6E322C4
                                                                                                                            SHA-256:D6621A5344DB6C1A51CE9723CD98AED08BC75FFD864DC45BF6A506690F37F906
                                                                                                                            SHA-512:EC4D07EA2BAB375A83B0B1B7E06C96B057B2E55B1B2EBE6117329D7594E07748441F4E520F60D922B04CA5821A55C607173A0D85FE7AA752E0126D97BA6443CA
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:<?xml version="1.0"?>..<configuration>.. <startup>.. <supportedRuntime version="v2.0.50727" sku="Client"/>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. </startup>..</configuration>

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsn980C.tmp\rsStubLib.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):160600
                                                                                                                            Entropy (8bit):6.912552205368512
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:FvjVDW5Tu+S++eXuWKK6QBKnwd0OsvRYw0WLbfCz4il09WdtD0xPU+:53++pK61nzvewjLbqzm9iVU
                                                                                                                            MD5:9D97DBF1C31C70F71F7F798C7795794D
                                                                                                                            SHA1:8C3A67D14254EC6457344F90836B517F530FE318
                                                                                                                            SHA-256:966E30AD0D8C6DF97DF72E0FB82AD1222B2C2827ECFD5763A07C753D6890DC67
                                                                                                                            SHA-512:28C96BC4391E30B30BA5BAEF59003C05B502B35543FF2C7658BC3BED2180CE419E83BF6923F096C7AD153172B9B3A1F331EB1C188218D339E67B342555418A5D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?..........." ..0.............~M... ...`....... ....................................@.................................+M..O....`..x............6..X=...........L..8............................................ ............... ..H............text....-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............4..............@..B................_M......H.......H...............,...x.............................................("...*.~....-.r...p.....(#...o$...s%........~....*.~....*.......*.~....*..(&...*Vs....('...t.........*.0...........("....s....}.....sD....s....}.....sD....s....}.......s....}.......s\...}......sf...}.......sa...}........s....}.......s....}......su...}......sp...}.......sk...}.....s~...}....*..{....*N..}.....r?..po(...*..{....*N..}.....rQ..po(...*..{....*N..}.....rm..po(...*..{....*N..}.....r...po(...*..

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\1f91d2d17ea675d4c2c3192e241743f9_d06ed635-68f6-4e9a-955c-4899f5f57b9a

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1508
                                                                                                                            Entropy (8bit):7.364481826610537
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:y1EHbrefZN497COU+uQStRd/lJxbpoGznP+GQk1BA/cHIVOotojBXVX/nRw45Ks:yIGByLUTQStzXlpo0n2VEK/cogoto1Vx
                                                                                                                            MD5:2C4F37B35232D73F4B3E6380A6A60B6A
                                                                                                                            SHA1:0BED75AAB5C24B65734B0B2BF9D11F39BA44AFE0
                                                                                                                            SHA-256:6FE33D75F1419E501C38E2DA0FE264F22F51895F1E6CDF624F7A4E8B5649E8F5
                                                                                                                            SHA-512:300FFE77654EF1AA66C723C97483C22C3342BECD90DF01FA3F381C4440B739903851D46DDF520D809A74A125A729ADF426E335ACF76D3AADE8F5522DDFB5EC70
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:........@...............................C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent.....................RSA1..................SL.>.>..<..rb{..C.+...=.....>Er..2r...Z!....zh.^......t}....V.k.C..d.dL9..f..U...U....L/.i..&..4 .$...0B..q.."....dYp..v.....................z..O.......KH.j|KD..x...n.....,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ........L....-.V(..}:.....;L.q!.............. ....],.z..a......}i.n.B.8.d.(.<........"_..4r~,...|..)..L..i.b#..;&.heP9@.48.....G.Z#..2fB......$b.Yu.G..|.q8.w...@].....)K..J.P..@k..T@;f...0...!..1{B..\..y;......J..g).1........5uH.G....#.r....."x..?....Y.#....9<."J.9.A..or...)......]i.W.......`s.=.Jk......."y..\..1..-YHh&2..;....D.....L.{..<...!.n...}C.J.....*.;m...J..._.....^l.w..'jE...1K..Ks)}.O.V...o...b.1.x-0.Y.xkW..7a,#18._o..-..oC....G#...`Cf.......5[zi.....g.,....M..X.t.5\R....NhD.....[....~.#).......t.9...oJx......8ST..iG.....8..Y\0.. &E...8nzt.`..3....So.<.Sk....?...=.D^......v.

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\cfb7c43cf3edbb0b09a33a2b2f10892e_d06ed635-68f6-4e9a-955c-4899f5f57b9a

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1483
                                                                                                                            Entropy (8bit):7.371236450848158
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:HiEHbrefZN497COUBabga7EFuecW28neEMIeOodORX5z2/W5erhl/:HZGByLUAEY9HQe6XiWoll/
                                                                                                                            MD5:7E58490AE37A0622EF53CD0AA32C219F
                                                                                                                            SHA1:4C4B447D8C2AB34CFC3AAC5A8B6DD585EB8524B6
                                                                                                                            SHA-256:58E329AC882B06782187B435E0269797A75DB5AEBC02CF520EC739DE57907B0D
                                                                                                                            SHA-512:10172C4FEB48111DEAD349E26FA4FCB690E344BEADB15517E63258BA737EBF387876483A07F7CF82BC32E63447E5B1BAB2853FB0986BA511CAD8F6A4E9D74F81
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:........'...............................{DFC1C3B4-7AE9-42C8-8470-9D810DA577A5}.....................RSA1..................SL.>.>..<..rb{..C.+...=.....>Er..2r...Z!....zh.^......t}....V.k.C..d.dL9..f..U...U....L/.i..&..4 .$...0B..q.."....dYp..v.....................z..O.......KH.j|KD..x...n.....,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ...{.c9..m....;....5....sz.hj.W............. ..._.}..~...a....X4S.~LA....~.y.........g..u...3.};........bC.U..t..A...+.$...^c.{...k.....C... .W..L..2..g)..y...R#'......S.4..........QM.eY...B...?zr....<o{z..).WB.6.&.'.*.r.||.,.z9..+..'!.2.......].C<......:..;.Wv.......5......X...v.s$`Dj@lNa..C*r.u.h_..U.^..0..U._.\.Dr.m|...1..i..[m...D.....m.K....g..N7..P.....+n....XX....xL..].f./.;.F/....[.Xz.Wj.....,.>~. [,+......K8..g.*....W1..4N....*T.4{...J!J-..W.V/.5..Ni...s........>.tm..;.._..B..If..@..^..i."...@p.$m..]....2TKy......3U...X.^...*..G7XB.J.........u9....J. s....D..FV..3.z.......(w*..d.t.}....

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Torrent.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Feb 10 17:25:24 2022, mtime=Thu Feb 10 17:25:24 2022, atime=Thu Feb 10 17:25:24 2022, length=2134792, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):876
                                                                                                                            Entropy (8bit):5.018280760549345
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:8fL3A1643V4ClrY//FO9t0LSXFhKq+OjA9rHXYuMBm:8fzqH36bNO9IyhrdA9eBm
                                                                                                                            MD5:D0D032ED1A365C74FF54E57C9CD9E62C
                                                                                                                            SHA1:5E21B4D4F0D841342C0AD9E455F292888AB4CE69
                                                                                                                            SHA-256:0BC50441C1F4400E5A99035CE74FE7CF36165E620C5A37ADAAD80932A2AA5B9F
                                                                                                                            SHA-512:3689A5FF5C7598312F0EB6ED095838E54BAACC5433492627974037AD389F6FE429E27B25974CB016400662624A83DD857E0728309AA4A364411A48DEAF33623F
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:L..................F.... ...xg...................... .......................:..DG..Yr?.D..U..k0.&...&...........-.....X.....)..........t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..JT.......Y....................yN|.A.p.p.D.a.t.a...B.V.1.....JT-...Roaming.@.......N..JT-......Y....................R...R.o.a.m.i.n.g.....Z.1.....JT-...uTorrent..B......JT-.JT-.....x......................G..u.T.o.r.r.e.n.t.....f.2... .JT-. .uTorrent.exe..J......JT-.JT-.....}.....................s...u.T.o.r.r.e.n.t...e.x.e.......c...............-.......b............3i......C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe........\.....\.....\.u.T.o.r.r.e.n.t.\.u.T.o.r.r.e.n.t...e.x.e.`.......X.......468325...........!a..%.H.VZAj....................!a..%.H.VZAj...................E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ Torrent.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Feb 10 17:25:24 2022, mtime=Thu Feb 10 17:25:24 2022, atime=Thu Feb 10 17:25:24 2022, length=2134792, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):876
                                                                                                                            Entropy (8bit):5.025958306248397
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:8fL3A1643V4ClrY//29nLSXFfKq+OjA9rHXYuMBm:8fzqH36bO9LyfrdA9eBm
                                                                                                                            MD5:1A369CDE240E9DEA1C215D43FD5A8180
                                                                                                                            SHA1:A9B03DE8FB6249C60E18B8643CF1745CA45F99B8
                                                                                                                            SHA-256:2C3013C7EACD370643533989145495A9C17233758754343784A6355549091FAE
                                                                                                                            SHA-512:8F12A36C8D1666311F949B66FD8CB86A45DC212A7F1B619D2C44E755AF06618972EFC446AD97046A4F490BDDC86E652001A1402A23BBFC5C9AABB2BFB2AD6416
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:L..................F.... ...xg...................... .......................:..DG..Yr?.D..U..k0.&...&...........-.....X.....)..........t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..JT.......Y....................yN|.A.p.p.D.a.t.a...B.V.1......N....Roaming.@.......N..JT.......Y.....................K..R.o.a.m.i.n.g.....Z.1.....JT-...uTorrent..B......JT-.JT-.....x.....................R...u.T.o.r.r.e.n.t.....f.2... .JT-. .uTorrent.exe..J......JT-.JT-.....}.....................s...u.T.o.r.r.e.n.t...e.x.e.......c...............-.......b............3i......C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe........\.....\.....\.u.T.o.r.r.e.n.t.\.u.T.o.r.r.e.n.t...e.x.e.`.......X.......468325...........!a..%.H.VZAj....................!a..%.H.VZAj...................E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\apps\player.btapp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):243
                                                                                                                            Entropy (8bit):5.613451678916278
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:TMVBd/ZbZjZvKtWRVzjOSzUVCQxdQFhliwdb/kYan:TMHd9BZKtWRnMrQFhsnYa
                                                                                                                            MD5:C62AE4C1477422999CCD934A0F330FB4
                                                                                                                            SHA1:8350541D8EEE16AE64D999235DC0FCC4F4D9FF61
                                                                                                                            SHA-256:2812882123DF3F705E29445BDEDC8FD259F0190DFC2E6880633E34F971217027
                                                                                                                            SHA-512:9029CCDADD0C095B5C751B78A1158DA71E8F73B37766C7E93E583ACD78F140C4EC493A7BEC08EB7004D6A2A3AC570E6764205C4F211DE866B2BB8F62E7623AC1
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>N2SP77A3PY04E43B</RequestId><HostId>4Yq6RZ/dYhWyLMWO67G0lzuXeg66zlck94GSxlPgXOzBE1c+oWTUOVExZb8/UJYl3e36LF5dMU4=</HostId></Error>

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\chrome_native.json

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):389
                                                                                                                            Entropy (8bit):4.839445525361368
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:YWLrRLkrf4kpW5FjhyXY9RVtWDKaJI5QiNIlMLFZfVgBoNKNe5fxZ9+464OOxKVa:YGLupAEImWaOBIMLzd/jh+yhYVzm
                                                                                                                            MD5:E101023C559195FC7E40C7FB417995AF
                                                                                                                            SHA1:AD76B9B2C88AE452770CFE57A653538A0EC011AE
                                                                                                                            SHA-256:535B83BCC6812AF64F752E034736BC3ABCD99AE0CB65BB33D2C88FE234C7BD37
                                                                                                                            SHA-512:DD303D7737CF8197001787E94238AD6EC4C32B8AB4B196834253A9F7C9136FF37ADA32DBB6FA0F641C162F11249A1B57FA0F6B9520FE87D92BB30EC217EA99E5
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:{"name":"com.utorrent.native","description":"uTorrent native support for Safe Torrent Scanner Chrome Extension","path":"C:\\Users\\user\\AppData\\Roaming\\uTorrent\\uTorrent.exe","type":"stdio","allowed_origins":["chrome-extension:\/\/makcojoppodhcgmmchohadhpkicoafka\/","chrome-extension:\/\/aegnopegbbhjeeiganiajffnalhlkkjb\/","chrome-extension:\/\/aoceahpnkbdffndcgdcfjjaciomhgple\/"]}

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1263
                                                                                                                            Entropy (8bit):6.478068360680406
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:F1hpgyWwh82lYSKwzT5HYkYVJjmT3UyJ3V6xPzT5H/GjJTM6j/hPlkpd:r/EvnLgtYPmLJ3c9BaTNt2P
                                                                                                                            MD5:4280089022FCE23DA2C64031BF137C08
                                                                                                                            SHA1:0380334F420BC6677795FDA8F5201C1FB7355C1C
                                                                                                                            SHA-256:EC9E7C253D599175AF470832DA851CF4F59614A4C4D4E37183159801B13ABF5F
                                                                                                                            SHA-512:9EAFB6F30BAF09A32601B1F9DA1316E1FCC44256784221DA85F54718DE6F0539C2BB601FEBA194C2BA801C8B95834F5029C93E3508F79DADDF8C3343FC848A05
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.154911, 2013/10/29-11:47:16 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:01801174072068119FB483BB6AA6447E" xmpMM:DocumentID="xmp.did:9E4A8AB99C4311E3BC81E4BD1BE0F00E" xmpMM:InstanceID="xmp.iid:9E4A8AB89C4311E3BC81E4BD1BE0F00E" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3637b3de-885b-4f94-b5ae-3e362ec1613c" stRef:documentID="xmp.did:01801174072068119FB483BB6AA6447E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>m.......IDATx.b........hb.P...,.... ^..Z@,..

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\dlimagecache\21403779564BD2E3A33023568D7B75FDBEB7E284

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):302679
                                                                                                                            Entropy (8bit):3.38824004866678
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:b5/xW0FmlS5/jU6s5P1IrklhaQTuXVM14+Whytw/mJ9DJRos0LhYSUCrrCBwcG39:V75A1m0haRW4eAdpf4IqGK3xAoxohi83
                                                                                                                            MD5:DA316E51177B2544102FF1114DC0FBA5
                                                                                                                            SHA1:EE15A0050BAEBFB17C2B3CBC3AC0B3C71F1F1FE4
                                                                                                                            SHA-256:8CB453B27584DB1E82B22FEA0D55284575AA607200B52FB45372E0AAB87A056F
                                                                                                                            SHA-512:E69EE41FFE5FB25AF30336598FAB12F462CB020B40D37A4930FD0A2CAA696BCECEC64BACBE0F28F3841C6FD18954DED653FF8884329A93E61270F1D5D0EEA4D7
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..``.... ............... .(............. .(R...#........ .a(...u..(....... ..... .......................................................!...(.!...................................................6..-...%................................................:...A..*....................................n...........:...E...=.."...........................................:...E...D..4...=.....................................:...E...I...G..+.....................,.&............/...:..............T...5...............t.....~..............n..............C..!}..B.................$...........................f...A..+............ ...........[.......................C...D..3...#........>.............................W...C...E...8...@........X..............@..............B...D...E...;...Y. ......i........................L...

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\helper\btinstall.txt

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):405
                                                                                                                            Entropy (8bit):4.910454453775451
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:ACfYmc2JGwXeLUKzpD6Jxf3YJFmc2JGwXeLUKzpD6Jra9d7TyKxkBTQ8y6GKB6Fx:ACifnLrDblfnLrDX5TyKN8poFDxlafy
                                                                                                                            MD5:5E8FF798F5E920C93E77B427C05E51D0
                                                                                                                            SHA1:21F6B3F309467BC227924E3D9DFE82F1C9D4C1EF
                                                                                                                            SHA-256:E7D6B8319EF02BDDA5EE750D2DCEA4AA63CE3D7B11FD067F4E3CD7E4A56FF780
                                                                                                                            SHA-512:C2CFD4CE8BD584D3B0A8815F1EFCE342803378DD9051DCC395273E6EAFDC16184217B8468487FA358E33F54E12A05762D50C305439F3E30F2B4D15917A01B64D
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:update_url:http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall.update_url_btinstall:http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall.publisher:BitTorrent Inc..release_date:03/03/2019.version:1.description:HelperWebUI.product_code:{F1B0D2B7-88F0-489E-AFC9-5B99AB341097}.signer:BitTorrent Inc..install_dir:helper.pretty_name:helper.process_name:helper.exe.

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\helper\helper.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5179936
                                                                                                                            Entropy (8bit):6.783333633577949
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:98304:TjdyLmU8dWgAyPxh0LaT1l7xVsbrTJNHhRrEhkgGOviWJylBDxgc6DA3:fQidWgrLeaT1lIbxNbykgGO8gG
                                                                                                                            MD5:B13C3CBF6AC3FEE83EA38FA1164376BA
                                                                                                                            SHA1:440956CF95926E7D7CB2DBA57A5DE4BBA87ED06C
                                                                                                                            SHA-256:9BAEE772391167E729CBF149A29A4EED8F1C99B74034361CA95DF54B1308893A
                                                                                                                            SHA-512:43F877B34343ED68B4797DED8DD1BEF3446A29B31B5CA42AC80DA8FB8183C8B8AF865469A23EBE87728CD2102DD97FADBDC16D5B53CCD23BA93CFEB8C92D3789
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$..........I..I..I..,..R..,......,...R......J.....P............o......m..,..K..,..Z..I..~.....A......_...........:.H..I.R.H.....H..RichI..................PE..L....~Qa..................6.........~B0.......6...@...........................O.....IXO...@.................................L.I...... L.`.............N. "...0L..[....D.T.....................D.......D.@.............6..............................text...B.6.......6................. ..`.rdata..R3....6..4....6.............@..@.data........0I..n....I.............@....rsrc...`.... L.......K.............@..@.reloc...[...0L..\....K.............@..B........................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\helper\webui.zip

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:Zip archive data, at least v2.0 to extract
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4297072
                                                                                                                            Entropy (8bit):7.998842249798111
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:98304:JzWOKLqqnUynnlxcRM9S/djN74/cU5ykU/gciz2z5:RWH9rnnhyjhjbkUS65
                                                                                                                            MD5:E1D622FC6D9EB4EA292E429E707634DD
                                                                                                                            SHA1:3C89C912AE11F3EE81ACFA01610A82F00ACC6269
                                                                                                                            SHA-256:03B5A8FA95673119C03BA21AFE487378058894F5B31B9E0A52E997C984B70C4F
                                                                                                                            SHA-512:98D84F377AC8CE6A5584FAC9DD737248FADE61A378A03D54A094ECFFE2F363ECEFAE440EE412A6BB6A26921923F12BBBAD749CBB1E7B1809B4C3433B5868A038
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:PK.........\8S.....#..<.......fonts/Lato-Regular.ttf..xU......W.4.=;$..kH.....P.zo.D.t......@A@.."..."........ .....".9.9.......5...g..^s.ED....(.eb....gK'..k..6v.......H..e+.{.y"..F.t..:$a............%v..i...^Cz....[".N.x..N}|.+..m(........"...'..>=S{...,..&....!.....\...>.....,.Q.o...5`p...V.'"...1.SG..$s?..@...:..{.G..H..C.?>.~yIF~%....C.;}k.......B.>..@..]...I..-r..'..U......g.5.G[...q.6_..N.9xw./.q.................I.Q...KE.W..(...1F.9a.7...J.Z.......].5. 7...wy.."!^bD..<M.Q.(.|....i?..]K...h.E.FS....0..~32.n..t..{..q5.,...O......v..P..n..t.K^#.~..$.[....%..z..5UR.4h....... ....^.6... ...#aFv._.U.%..O...OS.....m....K..'mL.1`....]...^. ..)....5#...B.....Q_,e.'.|......=.o....P..2T.@....x^)..l.JF.i..I..^.d..)....\....rU..y..r%.r5.W..}@.+.....3.... l.(.<.Q........t.8..j....3.QM..Hi.m)...2FW)...R.i)m.....P_J..i.(...$.'B.k.G7%.6Cj.....)].(....Rjwi.f.....RA.%E.R\.!..Ob...Wj}......@O..w.(..}...}.j...R.x.U}b*?Hi.'.A..S..l..6..%3.,..P[*h.

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\helper_web_ui.btinstall

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):6713000
                                                                                                                            Entropy (8bit):7.998376710194632
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:98304:s4zHqMFsl/cWl0QzOdFHOptAUBgj5ciAfbDkFZtodOYtNIsRW+uoFRdp8:nzKKslkzQzOdFwj+5lDZQkh+pM
                                                                                                                            MD5:E43FF4E0F1B0305D6F07815CF754C327
                                                                                                                            SHA1:858623835832E8440157E179AD3EC3B6CC462D35
                                                                                                                            SHA-256:1D312C6ACFD51037BB4922E88374EF7DFB600E95FA11AF702BCC1E3A0F83FC03
                                                                                                                            SHA-512:A9B17ABFC674B48B16858D56E37178C3B747E47B3CD30F96F225DE72FBF85AE08155C7935AA5E05DCBAB007A4427DC8B811DCFBD5525342F5C3ECBE117465012
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#..g...g...g...n.`.r...g.......y.f.a...n.p.n...n.w.B...n.a.f...n.g.f...n.b.f...Richg...........PE..L......M.....................:....................@..........................@......;%g.................................3...............x@...........Lf.("...........................................................................................text...K........................... ..`.rdata..u...........................@..@.data...............................@....CRT................................@..@.rsrc...x@.......B..................@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\maindoc.ico

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe
                                                                                                                            File Type:MS Windows icon resource - 4 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48, 32 bits/pixel
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):63148
                                                                                                                            Entropy (8bit):7.710371095660033
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:XUyyxHafrMLEcKTqlGDBZGxtREwdKRjpY2pRnNWbnVRxxSjBMg:X6afcEcTGDBZGR/Ml/RnN6rS
                                                                                                                            MD5:B768B1F1A8C26BABBBC31FC551336221
                                                                                                                            SHA1:15D6D0975A6A09B4266A5C49CA0BB53A94BFEB08
                                                                                                                            SHA-256:663775C46DCE1CA8B104642374F93215A1B1E5E2AFD7618B69D6EBF056AFA5F1
                                                                                                                            SHA-512:FEBBF358420B1FA78DAE54E03A8C7DE167E9169BCE292399F768E997DC8FD912D8177F3C12F77420EA2DC20816D4E2A10C054699195248EAE1F728B0226F60AB
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:............ .....F...00.... ..%...... .... ............... .h...D....PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y.%.U'.;..wyk..TU*mU.%[2.62...-...a..|...@.16[.M7._7...i...i..x..`...b0n..$k..h...$.T.R....[..3.D..'..}.......y32.Ddd...I`.6a.6a.6a..{@g....x....f...M..g.t....5..<.....y.k..e...xG.5...G........Mi.<tH....E.7a.`l.........EQ.sn..z.m4]`......$k...rk..Q.)m..y*.'s........'.S.NUsss~bb"...(6.........x..~...s.....P.{.c.i..1....Ki.Z8...@.e$/........>......Z.h...4.[......W.uY!...{_K..$....3{..r..?.....c...v.......=...ggg..d.....g......9KD../9....F.....k..F.a#".gD.L.X....C.X....8N..6.r.ZM...2..Iq..z.4..r?^.z...tz>...3.E@.s..x..K..(..<.........Yg...n..?VVV...'?.{.^..[.n..1....A.`.'=!.,..h.>....:...^.h.'..........x..{....v....F.O...t......3y.I.`.N.sn.{..s....w..._S...............\.3."....~.x#.?..Z...U.0..3.D...s..K.....{.i."....V..L...VK.....U..h..a....j.T..S.g...P.\.t.?.>.J......c.9W..8...Xp:..wsss..}.......xii..._>.

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\settings.dat (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16012
                                                                                                                            Entropy (8bit):5.550818784646495
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:6C6vT09ylCiCyLqN8SUjzH9sLilN8SUjzH9sLijsraDkmFhDP0RfP/:R61xjudjuUsraDxPDspn
                                                                                                                            MD5:A47AC198BC99E7D88A8BADB04DE3059B
                                                                                                                            SHA1:57D6BEDE434217573AFFDFE557C511BBCBEF291E
                                                                                                                            SHA-256:2B9E8C1DE5DAD4391D40F0F3B15A15C487B1AF94C4ABB01709578AAF10E353FE
                                                                                                                            SHA-512:78B523207F29E5BFCD0F7B2570A0DD9CAA2E1962F5ECD293FE488692E53B4E549890237F74AE0FE8E198419865AA0F99D8B3CFFFB1723E5180A34EE48EB0DE70
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:d10:.fileguard40:A9523E231B45E72A0D158072AB738D0F324DEA0215:add_dialog_histle9:addpreloc8:........9:addprewnd8:........4:appsd7:applistlee4:asszi0e38:attempted_to_receive_server_search_urli1e3:av28:........13:benchrecorderde10:bin_changei13288991148e9:bind_porti44867e7:born_oni13288991123e14:born_on_remotei0e7:cfu_seqi2e17:check_update_betai0e3:cid24:-..5e.i.T.l...~d.m.c+X.4:cids28:-..5e.i.T.l...~d.m.c+X..Y.b7:cold_oni0e7:ct_histle19:daily_download_hist248:........................................................................................................................................................................................................................................................25:daily_local_download_hist248:........................................................................................................................................................................................................................................................23:daily_

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\settings.dat.new

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16012
                                                                                                                            Entropy (8bit):5.550818784646495
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:6C6vT09ylCiCyLqN8SUjzH9sLilN8SUjzH9sLijsraDkmFhDP0RfP/:R61xjudjuUsraDxPDspn
                                                                                                                            MD5:A47AC198BC99E7D88A8BADB04DE3059B
                                                                                                                            SHA1:57D6BEDE434217573AFFDFE557C511BBCBEF291E
                                                                                                                            SHA-256:2B9E8C1DE5DAD4391D40F0F3B15A15C487B1AF94C4ABB01709578AAF10E353FE
                                                                                                                            SHA-512:78B523207F29E5BFCD0F7B2570A0DD9CAA2E1962F5ECD293FE488692E53B4E549890237F74AE0FE8E198419865AA0F99D8B3CFFFB1723E5180A34EE48EB0DE70
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:d10:.fileguard40:A9523E231B45E72A0D158072AB738D0F324DEA0215:add_dialog_histle9:addpreloc8:........9:addprewnd8:........4:appsd7:applistlee4:asszi0e38:attempted_to_receive_server_search_urli1e3:av28:........13:benchrecorderde10:bin_changei13288991148e9:bind_porti44867e7:born_oni13288991123e14:born_on_remotei0e7:cfu_seqi2e17:check_update_betai0e3:cid24:-..5e.i.T.l...~d.m.c+X.4:cids28:-..5e.i.T.l...~d.m.c+X..Y.b7:cold_oni0e7:ct_histle19:daily_download_hist248:........................................................................................................................................................................................................................................................25:daily_local_download_hist248:........................................................................................................................................................................................................................................................23:daily_

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2134792
                                                                                                                            Entropy (8bit):7.9852355538797095
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:Z5cNqvW8vJASZ9gapxjW2eCmnT7aWMvd/HTXZS:gqvWGJASw6SQI7aWeR4
                                                                                                                            MD5:8972ADD33EF8423C9C13BCEFBC97616E
                                                                                                                            SHA1:6678EB276AA4516E4E508F109F92DE55C791F928
                                                                                                                            SHA-256:78568F8F3297E15FC90CAFA40E0A7647E2FF0F88426FDDEEAAEB9FC5AD2BCBCC
                                                                                                                            SHA-512:EDDC2F68A69B9B569FF4C48342B4B0EBE20ECE2BBDC0A166EB4088C5D70F8517BA3C47D415C969C27180B6197DDAC9CF90FD64E014BC6D87AF340B84354BD31A
                                                                                                                            Malicious:true
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......... ...s...s...s.6Fs...s.6Dsf..s.6Es...sE.r...s>.ps...s...r...s...r..s...r...sH..s...s#..s...s7..r...s7..rk..s..4s...s..3s...s..$s...s...sV..s7..r!..s2.Hs...s.. s...s7..r...sRich...s........................PE..L......a......................... 7..U..07...U...@...........................W.....d. ......................................W.......U..............h ..+..................................l.U.......U.\...........................................UPX0..... 7.............................UPX1.........07..t..................@....rsrc.........U......x..............@..............................................................................................................................................................................................................................................................................................3.00.UPX!....

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\updates.dat

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):522
                                                                                                                            Entropy (8bit):5.027629496654597
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:8y9ZQQa8iK+7oqJVeE77mrHvNK3JmrHqY3V:b9ZQQa82lVB7mDNSm+6
                                                                                                                            MD5:512D8F7A4B92F24AF27A26FAB44FD42D
                                                                                                                            SHA1:111C8566E6FEAB8CD7A376E84A2438C9FB7EFFC3
                                                                                                                            SHA-256:13B2CB915E454CCABCE290CDC297124AAA0C0E410A531345625CC55021F47A83
                                                                                                                            SHA-512:0A910B971CC43746CCFE1D9610120C23E5682EEEE404A77D7B4B70CDD2DED98E5BCE727009F84145D89C5D5794F966C6780DDD87DAB7AF6D589B82164C45C46B
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:d10:.fileguard40:AAD1AB56D0D68762059B425F978C0B36AD4C0A5D13:_sau_pmr_faili0e7:cvm_invd7:dl_timei1644513993e3:e_vi111916152e8:from_veri111916098e2:slli1eee6:notifyi0e3:pmri1e18:show_release_notesi1e7:updatedi1e8:versionsld11:blacklistedi0e11:crash_counti0e8:exe_path63:C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146.exe13:language_path0:7:versioni111916098eed11:blacklistedi0e11:crash_counti0e8:exe_path63:C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46200.exe13:language_path0:7:versioni111916152eeee

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2134792
                                                                                                                            Entropy (8bit):7.9852355538797095
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:Z5cNqvW8vJASZ9gapxjW2eCmnT7aWMvd/HTXZS:gqvWGJASw6SQI7aWeR4
                                                                                                                            MD5:8972ADD33EF8423C9C13BCEFBC97616E
                                                                                                                            SHA1:6678EB276AA4516E4E508F109F92DE55C791F928
                                                                                                                            SHA-256:78568F8F3297E15FC90CAFA40E0A7647E2FF0F88426FDDEEAAEB9FC5AD2BCBCC
                                                                                                                            SHA-512:EDDC2F68A69B9B569FF4C48342B4B0EBE20ECE2BBDC0A166EB4088C5D70F8517BA3C47D415C969C27180B6197DDAC9CF90FD64E014BC6D87AF340B84354BD31A
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......... ...s...s...s.6Fs...s.6Dsf..s.6Es...sE.r...s>.ps...s...r...s...r..s...r...sH..s...s#..s...s7..r...s7..rk..s..4s...s..3s...s..$s...s...sV..s7..r!..s2.Hs...s.. s...s7..r...sRich...s........................PE..L......a......................... 7..U..07...U...@...........................W.....d. ......................................W.......U..............h ..+..................................l.U.......U.\...........................................UPX0..... 7.............................UPX1.........07..t..................@....rsrc.........U......x..............@..............................................................................................................................................................................................................................................................................................3.00.UPX!....

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46146\utorrentie.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):550440
                                                                                                                            Entropy (8bit):6.5766468240438325
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:ZdazCSObmIXF5nLRpPghTdpvujS/8K+z9uwEgk5/xgxWSW:Z4HIXF5nLRpPghTdpvujrhuwxkxxgxW9
                                                                                                                            MD5:ED4B9275AF0F55843336FE8E9A31CF0F
                                                                                                                            SHA1:B779B4E994786B24E968D4BC3A201F65093083BA
                                                                                                                            SHA-256:9A32DFD14747295EEE3171218984B93FBDCE515E2641E3345993B5DD1A45D543
                                                                                                                            SHA-512:D7B704C93485E6F4BC0B75A59AA4480A432D026EFF506BE6A70EB612E20DC1A1D559C26934650214BE7ED1C46921D0ECA87C259726688DF0B0D016A44AB1F3D5
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.u1...b...b...b...b...b...b...b...b...b=..c...b=..c8..b=..c%..b..b...b..b...b...b..b...c...b...b...b...c...bRich...b................PE..L......a.....................p......g........0....@..................................P....@.................................8........P...............D..("...`...c..0...p...............................@............0...............................text............................... ..`.rdata..H....0....... ..............@..@.data....n.......$..................@....gfids.......0......................@..@.tls.........@......................@....rsrc........P......................@..@.reloc...c...`...d..................@..B................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\updates\3.5.5_46200.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1946664
                                                                                                                            Entropy (8bit):7.982252309237536
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:/7D0rnm+8FonvYZSwvPLmmGrlhPX26vN:jDCZBwvyrZlm
                                                                                                                            MD5:7C4F15EA0F16F5BFD2E868D70ADED600
                                                                                                                            SHA1:F79177ECFBC633E294A9C159BAC9424F712278E1
                                                                                                                            SHA-256:D91E240254EBB233F7F23FA1AFE91C12089EED919E9FF85E4CB7A8AEB04B5A51
                                                                                                                            SHA-512:290384ED0E1ABE093DAB8AB99FC98F2941548390A9737D0160700306A068362295BFE8B9BD24A4C0FF3655B3E358306C43B1403EBFDB90666BF19E2DEF3FAE38
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......... ...s...s...s.6Fs...s.6Dsf..s.6Es...sE.r...s>.ps...s...r...s...r..s...r...sH..s...s#..s...s7..r...s7..rk..s..4s...s..3s...s..$s...s...sV..s7..r!..s2.Hs...s.. s...s7..r...sRich...s........................PE..L...fL.a..........................9...U...:...U...@...........................W......p.......................................W.......U.................("...................................U.......U.\...........................................UPX0......9.............................UPX1..........:.....................@....rsrc.........U.....................@..............................................................................................................................................................................................................................................................................................3.00.UPX!....

                                                                                                                            C:\Users\user\Desktop\ Torrent.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Feb 10 17:25:24 2022, mtime=Thu Feb 10 17:25:24 2022, atime=Thu Feb 10 17:25:24 2022, length=2134792, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):896
                                                                                                                            Entropy (8bit):5.00101842229606
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:8fL3A1643V4ClrY//FO9t0LSXFhKq+OjA9rHXeMJmuMBm:8fzqH36bNO9IyhrdA9NCBm
                                                                                                                            MD5:4AD2AFCCA04725384A07CB499F01D944
                                                                                                                            SHA1:07B26C64AB6647F11142BC6E0D5C6BFC16AEE6D9
                                                                                                                            SHA-256:3C1F3C5475FF0BF81E4D3EF3BE126A5FD2F8A01EC23776C2A7DD00D86B62E13A
                                                                                                                            SHA-512:22F3B755F40B1CFC3DB0C051DE2BD4B4A629E8C48BE984AF3079AD96C84BEEA31897CDC679CD85FB3399B0DD676C8D0E4E3174EFD88BD21D106EAECA7F345B16
                                                                                                                            Malicious:false
                                                                                                                            Reputation:unknown
                                                                                                                            Preview:L..................F.... ...xg...................... .......................:..DG..Yr?.D..U..k0.&...&...........-.....X.....)..........t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..JT.......Y....................yN|.A.p.p.D.a.t.a...B.V.1.....JT-...Roaming.@.......N..JT-......Y....................R...R.o.a.m.i.n.g.....Z.1.....JT-...uTorrent..B......JT-.JT-.....x......................G..u.T.o.r.r.e.n.t.....f.2... .JT-. .uTorrent.exe..J......JT-.JT-.....}.....................s...u.T.o.r.r.e.n.t...e.x.e.......c...............-.......b............3i......C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe..(.....\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.u.T.o.r.r.e.n.t.\.u.T.o.r.r.e.n.t...e.x.e.`.......X.......468325...........!a..%.H.VZAj....................!a..%.H.VZAj...................E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                            Entropy (8bit):7.527296159152994
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 98.45%
                                                                                                                            • Inno Setup installer (109748/4) 1.08%
                                                                                                                            • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                            File name:uTorrent.exe
                                                                                                                            File size:1877512
                                                                                                                            MD5:007857e1cd5e960fea0416b2ef54534d
                                                                                                                            SHA1:9327a151202d9ba5d8415cb32a97f1c86e4ff82e
                                                                                                                            SHA256:4c7f671006c954103b076f46da7e2da23669da27a9e55b6ac268d071f8c90b86
                                                                                                                            SHA512:602e17399f3bb966dd443cfeb02bf775e5db7fdaaa8fff59115e9e968ce36e1e48f28d20917ff84c11d13501f173c313d57401f0021ab33f4a6d0d6e397aea8e
                                                                                                                            SSDEEP:24576:Y4nXubIQGyxbPV0db26ig2DLwZaWAd47ImLa6GHuTaoqP+4HNbH3XpKl2RmBSF4A:Yqe3f6eOaK74HuOoqW2NbnpW2RmBe4Ev
                                                                                                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                            File Icon

                                                                                                                            Icon Hash:f0cccecc9cb8f870

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x4b5eec
                                                                                                                            Entrypoint Section:.itext
                                                                                                                            Digitally signed:true
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED
                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                            Time Stamp:0x60B88E27 [Thu Jun 3 08:09:11 2021 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:6
                                                                                                                            OS Version Minor:1
                                                                                                                            File Version Major:6
                                                                                                                            File Version Minor:1
                                                                                                                            Subsystem Version Major:6
                                                                                                                            Subsystem Version Minor:1
                                                                                                                            Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                            Authenticode Signature

                                                                                                                            Signature Valid:true
                                                                                                                            Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                            Error Number:0
                                                                                                                            Not Before, Not After
                                                                                                                            • 9/13/2021 2:00:00 AM 9/13/2024 1:59:59 AM
                                                                                                                            Subject Chain
                                                                                                                            • CN=Rainberry Inc, O=Rainberry Inc, L=San Francisco, S=California, C=US
                                                                                                                            Version:3
                                                                                                                            Thumbprint MD5:8D0F54B0064A6CDE7499CB9CCF66AA31
                                                                                                                            Thumbprint SHA-1:804F289FB26C3708683D5342831B14CA8EBD2646
                                                                                                                            Thumbprint SHA-256:2B0ADF9055A0FEA252CE99419540D53EAFC8B4F825442A1FB5D2FF6E16D9E263
                                                                                                                            Serial:0EF83273F4E18371EEE96CA23BCFB376

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            push ebp
                                                                                                                            mov ebp, esp
                                                                                                                            add esp, FFFFFFA4h
                                                                                                                            push ebx
                                                                                                                            push esi
                                                                                                                            push edi
                                                                                                                            xor eax, eax
                                                                                                                            mov dword ptr [ebp-3Ch], eax
                                                                                                                            mov dword ptr [ebp-40h], eax
                                                                                                                            mov dword ptr [ebp-5Ch], eax
                                                                                                                            mov dword ptr [ebp-30h], eax
                                                                                                                            mov dword ptr [ebp-38h], eax
                                                                                                                            mov dword ptr [ebp-34h], eax
                                                                                                                            mov dword ptr [ebp-2Ch], eax
                                                                                                                            mov dword ptr [ebp-28h], eax
                                                                                                                            mov dword ptr [ebp-14h], eax
                                                                                                                            mov eax, 004B10F0h
                                                                                                                            call 00007FA1C4B8E7E5h
                                                                                                                            xor eax, eax
                                                                                                                            push ebp
                                                                                                                            push 004B65E2h
                                                                                                                            push dword ptr fs:[eax]
                                                                                                                            mov dword ptr fs:[eax], esp
                                                                                                                            xor edx, edx
                                                                                                                            push ebp
                                                                                                                            push 004B659Eh
                                                                                                                            push dword ptr fs:[edx]
                                                                                                                            mov dword ptr fs:[edx], esp
                                                                                                                            mov eax, dword ptr [004BE634h]
                                                                                                                            call 00007FA1C4C30F0Fh
                                                                                                                            call 00007FA1C4C30A62h
                                                                                                                            lea edx, dword ptr [ebp-14h]
                                                                                                                            xor eax, eax
                                                                                                                            call 00007FA1C4BA4258h
                                                                                                                            mov edx, dword ptr [ebp-14h]
                                                                                                                            mov eax, 004C1D84h
                                                                                                                            call 00007FA1C4B893D7h
                                                                                                                            push 00000002h
                                                                                                                            push 00000000h
                                                                                                                            push 00000001h
                                                                                                                            mov ecx, dword ptr [004C1D84h]
                                                                                                                            mov dl, 01h
                                                                                                                            mov eax, dword ptr [004237A4h]
                                                                                                                            call 00007FA1C4BA52BFh
                                                                                                                            mov dword ptr [004C1D88h], eax
                                                                                                                            xor edx, edx
                                                                                                                            push ebp
                                                                                                                            push 004B654Ah
                                                                                                                            push dword ptr fs:[edx]
                                                                                                                            mov dword ptr fs:[edx], esp
                                                                                                                            call 00007FA1C4C30F97h
                                                                                                                            mov dword ptr [004C1D90h], eax
                                                                                                                            mov eax, dword ptr [004C1D90h]
                                                                                                                            cmp dword ptr [eax+0Ch], 01h
                                                                                                                            jne 00007FA1C4C3757Ah
                                                                                                                            mov eax, dword ptr [004C1D90h]
                                                                                                                            mov edx, 00000028h
                                                                                                                            call 00007FA1C4BA5BB4h
                                                                                                                            mov edx, dword ptr [004C1D90h]

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x1d708.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x1c88c00x1d48
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x10000xb361c0xb3800False0.344863934105data6.35605820433IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                            .itext0xb50000x16880x1800False0.544921875data5.97275005522IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                            .data0xb70000x37a40x3800False0.360979352679data5.04440056201IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                            .bss0xbb0000x6de80x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                            .idata0xc20000xf360x1000False0.3681640625data4.89870464796IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                            .didata0xc30000x1a40x200False0.345703125data2.75636286825IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                            .edata0xc40000x9a0x200False0.2578125data1.87222286659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .tls0xc50000x180x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                            .rdata0xc60000x5d0x200False0.189453125data1.38389437522IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0xc70000x1d7080x1d800False0.724774894068data7.21499303178IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                            RT_ICON0xc75880x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                            RT_ICON0xc79f00x6b8dataEnglishUnited States
                                                                                                                            RT_ICON0xc80a80x988dataEnglishUnited States
                                                                                                                            RT_ICON0xc8a300x10a8dataEnglishUnited States
                                                                                                                            RT_ICON0xc9ad80x1a68dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                                                            RT_ICON0xcb5400x25a8dataEnglishUnited States
                                                                                                                            RT_ICON0xcdae80x4228dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                                                            RT_ICON0xd1d100xfa69PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                            RT_STRING0xe177c0x360data
                                                                                                                            RT_STRING0xe1adc0x260data
                                                                                                                            RT_STRING0xe1d3c0x45cdata
                                                                                                                            RT_STRING0xe21980x40cdata
                                                                                                                            RT_STRING0xe25a40x2d4data
                                                                                                                            RT_STRING0xe28780xb8data
                                                                                                                            RT_STRING0xe29300x9cdata
                                                                                                                            RT_STRING0xe29cc0x374data
                                                                                                                            RT_STRING0xe2d400x398data
                                                                                                                            RT_STRING0xe30d80x368data
                                                                                                                            RT_STRING0xe34400x2a4data
                                                                                                                            RT_RCDATA0xe36e40x10data
                                                                                                                            RT_RCDATA0xe36f40x2c4data
                                                                                                                            RT_RCDATA0xe39b80x2cdata
                                                                                                                            RT_GROUP_ICON0xe39e40x76dataEnglishUnited States
                                                                                                                            RT_VERSION0xe3a5c0x584dataEnglishUnited States
                                                                                                                            RT_MANIFEST0xe3fe00x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                            comctl32.dllInitCommonControls
                                                                                                                            version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                            user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                            oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                            netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                            advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                            Exports

                                                                                                                            NameOrdinalAddress
                                                                                                                            TMethodImplementationIntercept30x454060
                                                                                                                            __dbk_fcall_wrapper20x40d0a0
                                                                                                                            dbkFCallWrapperAddr10x4be63c

                                                                                                                            Version Infos

                                                                                                                            DescriptionData
                                                                                                                            LegalCopyright2020 BitTorrent, Inc. All Rights Reserved
                                                                                                                            FileVersion3.5.5.46120
                                                                                                                            CompanyName
                                                                                                                            CommentsThis installation was built with Inno Setup.
                                                                                                                            ProductNameTorrent
                                                                                                                            ProductVersion3.5.5.46120
                                                                                                                            FileDescriptionTorrent
                                                                                                                            OriginalFileName
                                                                                                                            Translation0x0000 0x04b0

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishUnited States

                                                                                                                            Network Behavior

                                                                                                                            No network behavior found

                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:19:24:45
                                                                                                                            Start date:10/02/2022
                                                                                                                            Path:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\uTorrent.exe"
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:1877512 bytes
                                                                                                                            MD5 hash:007857E1CD5E960FEA0416B2EF54534D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:Borland Delphi
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:1
                                                                                                                            Start time:19:24:49
                                                                                                                            Start date:10/02/2022
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-D82CR.tmp\uTorrent.tmp" /SL5="$B03E2,943312,883200,C:\Users\user\Desktop\uTorrent.exe"
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:3214848 bytes
                                                                                                                            MD5 hash:9054C48186BB9E64F0EDA6958EFEB852
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:Borland Delphi
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:7
                                                                                                                            Start time:19:25:22
                                                                                                                            Start date:10/02/2022
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010100111110
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:2134792 bytes
                                                                                                                            MD5 hash:8972ADD33EF8423C9C13BCEFBC97616E
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:9
                                                                                                                            Start time:19:25:36
                                                                                                                            Start date:10/02/2022
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe" /silent
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:540312 bytes
                                                                                                                            MD5 hash:BF8C3713C265A55043C2C4B1563786A8
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:10
                                                                                                                            Start time:19:25:37
                                                                                                                            Start date:10/02/2022
                                                                                                                            Path:C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:2134792 bytes
                                                                                                                            MD5 hash:8972ADD33EF8423C9C13BCEFBC97616E
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:11
                                                                                                                            Start time:19:25:40
                                                                                                                            Start date:10/02/2022
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\nsn980C.tmp\RAVAntivirus-installer.exe" "C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod0.exe" /silent
                                                                                                                            Imagebase:0x570000
                                                                                                                            File size:105816 bytes
                                                                                                                            MD5 hash:EEA360450972F6372891341AEFFFBAA8
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:12
                                                                                                                            Start time:19:25:42
                                                                                                                            Start date:10/02/2022
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-9IFO5.tmp\prod1_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_new
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:2405064 bytes
                                                                                                                            MD5 hash:4310BBB114DF4AACE5DF0A08B6A82B92
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:3.8%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:11.9%
                                                                                                                              Total number of Nodes:839
                                                                                                                              Total number of Limit Nodes:30
                                                                                                                              execution_graph 29885 409ff0 29886 40a01d 29885->29886 29888 409ffe 29885->29888 29888->29886 29890 409fa8 29888->29890 29891 409fd4 29890->29891 29892 409fb8 GetModuleFileNameW 29890->29892 29894 40b234 GetModuleFileNameW 29892->29894 29895 40b282 29894->29895 29904 40b110 29895->29904 29897 40b2ae 29898 40b2c8 29897->29898 29899 40b2c0 LoadLibraryExW 29897->29899 29930 407a80 29898->29930 29899->29898 29905 40b131 29904->29905 29906 407a20 11 API calls 29905->29906 29907 40b14e 29906->29907 29921 40b1b9 29907->29921 29938 407e48 29907->29938 29909 407a80 11 API calls 29911 40b226 29909->29911 29911->29897 29912 40b194 29942 40ae34 29912->29942 29916 40b1bb GetUserDefaultUILanguage 29950 40a7e4 EnterCriticalSection 29916->29950 29917 40b1ac 29919 40af60 13 API calls 29917->29919 29919->29921 29921->29909 29924 40b1fd 29924->29921 29989 40b044 29924->29989 29925 40b1e3 GetSystemDefaultUILanguage 29926 40a7e4 28 API calls 29925->29926 29928 40b1f0 29926->29928 29929 40af60 13 API calls 29928->29929 29929->29924 29932 407a86 29930->29932 29931 407aac 29934 407a20 29931->29934 29932->29931 30097 40540c 11 API calls 29932->30097 29935 407a26 29934->29935 29937 407a41 29934->29937 29935->29937 30098 40540c 11 API calls 29935->30098 29937->29891 29940 407e4c 29938->29940 29939 407e70 29939->29912 30007 4088ac 29939->30007 29940->29939 30011 40540c 11 API calls 29940->30011 29943 40ae56 29942->29943 29947 40ae68 29942->29947 30012 40ab18 29943->30012 29945 40ae60 30036 40ae98 18 API calls 29945->30036 29948 407a20 11 API calls 29947->29948 29949 40ae8a 29948->29949 29949->29916 29949->29917 29951 40a830 LeaveCriticalSection 29950->29951 29952 40a810 29950->29952 29953 407a20 11 API calls 29951->29953 29955 40a821 LeaveCriticalSection 29952->29955 29954 40a841 IsValidLocale 29953->29954 29956 40a850 29954->29956 29957 40a89f EnterCriticalSection 29954->29957 29958 40a8d2 29955->29958 29960 40a864 29956->29960 29961 40a859 29956->29961 29959 40a8b7 29957->29959 29964 407a20 11 API calls 29958->29964 29968 40a8c8 LeaveCriticalSection 29959->29968 30040 40a4cc 14 API calls 29960->30040 30039 40a6c8 17 API calls 29961->30039 29967 40a8e7 29964->29967 29965 40a862 29965->29957 29966 40a86d GetSystemDefaultUILanguage 29966->29957 29969 40a877 29966->29969 29975 40af60 29967->29975 29968->29958 29970 40a888 GetSystemDefaultUILanguage 29969->29970 30041 4086e4 29969->30041 30053 40a4cc 14 API calls 29970->30053 29973 40a895 29974 4086e4 11 API calls 29973->29974 29974->29957 29976 40af7f 29975->29976 29977 407a20 11 API calls 29976->29977 29984 40af9d 29977->29984 29978 40b00b 29979 407a20 11 API calls 29978->29979 29980 40b013 29979->29980 29981 407a20 11 API calls 29980->29981 29983 40b028 29981->29983 29982 4088ac 11 API calls 29982->29984 29985 407a80 11 API calls 29983->29985 29984->29978 29984->29980 29984->29982 30067 40873c 29984->30067 30078 40aef4 29984->30078 29987 40b035 29985->29987 29987->29924 29987->29925 30091 407b04 29989->30091 29992 40b094 29993 40873c 11 API calls 29992->29993 29994 40b0a1 29993->29994 29995 40aef4 13 API calls 29994->29995 29997 40b0a8 29995->29997 29996 40b0e1 29998 407a80 11 API calls 29996->29998 29997->29996 30000 40873c 11 API calls 29997->30000 29999 40b0fb 29998->29999 30001 407a20 11 API calls 29999->30001 30002 40b0cf 30000->30002 30003 40b103 30001->30003 30004 40aef4 13 API calls 30002->30004 30003->29921 30005 40b0d6 30004->30005 30005->29996 30006 407a20 11 API calls 30005->30006 30006->29996 30008 4088b7 30007->30008 30093 407ba8 30008->30093 30011->29939 30013 40ab2f 30012->30013 30014 40ab43 GetModuleFileNameW 30013->30014 30015 40ab58 30013->30015 30014->30015 30016 40ab80 RegOpenKeyExW 30015->30016 30017 40ad27 30015->30017 30018 40ac41 30016->30018 30019 40aba7 RegOpenKeyExW 30016->30019 30021 407a20 11 API calls 30017->30021 30037 40a928 7 API calls 30018->30037 30019->30018 30022 40abc5 RegOpenKeyExW 30019->30022 30024 40ad3c 30021->30024 30022->30018 30025 40abe3 RegOpenKeyExW 30022->30025 30023 40ac5f RegQueryValueExW 30026 40acb0 RegQueryValueExW 30023->30026 30029 40ac7d 30023->30029 30024->29945 30025->30018 30027 40ac01 RegOpenKeyExW 30025->30027 30030 40acae 30026->30030 30031 40accc 30026->30031 30027->30018 30028 40ac1f RegOpenKeyExW 30027->30028 30028->30017 30028->30018 30032 40ac85 RegQueryValueExW 30029->30032 30033 40ad16 RegCloseKey 30030->30033 30038 40540c 11 API calls 30030->30038 30034 40acd4 RegQueryValueExW 30031->30034 30032->30030 30033->29945 30034->30030 30036->29947 30037->30023 30038->30033 30039->29965 30040->29966 30042 408733 30041->30042 30043 4086e8 30041->30043 30042->29970 30044 4086f2 30043->30044 30050 407e00 30043->30050 30044->30042 30045 408728 30044->30045 30046 40870d 30044->30046 30049 408664 11 API calls 30045->30049 30055 408664 30046->30055 30047 407e44 30047->29970 30052 408712 30049->30052 30050->30047 30054 40540c 11 API calls 30050->30054 30052->29970 30053->29973 30054->30047 30056 4086af 30055->30056 30059 408671 30055->30059 30057 407a44 11 API calls 30056->30057 30058 4086ac 30057->30058 30058->30052 30059->30056 30060 408689 30059->30060 30060->30058 30062 407a44 30060->30062 30063 407a65 30062->30063 30064 407a4a 30062->30064 30063->30058 30064->30063 30066 40540c 11 API calls 30064->30066 30066->30063 30068 408740 30067->30068 30072 4087ae 30067->30072 30070 408748 30068->30070 30074 407e00 30068->30074 30069 407e44 30069->29984 30070->30072 30075 408757 30070->30075 30086 407e00 30070->30086 30072->30072 30074->30069 30085 40540c 11 API calls 30074->30085 30075->30072 30076 407e00 11 API calls 30075->30076 30077 4087aa 30076->30077 30077->29984 30079 40af09 30078->30079 30080 40af26 FindFirstFileW 30079->30080 30081 40af36 FindClose 30080->30081 30082 40af3c 30080->30082 30081->30082 30083 407a20 11 API calls 30082->30083 30084 40af51 30083->30084 30084->29984 30085->30069 30088 407e04 30086->30088 30087 407e44 30087->30075 30088->30087 30090 40540c 11 API calls 30088->30090 30090->30087 30092 407b08 GetUserDefaultUILanguage GetLocaleInfoW 30091->30092 30092->29992 30094 407bb8 30093->30094 30095 407a44 11 API calls 30094->30095 30096 407bd2 30095->30096 30096->29912 30097->29932 30098->29937 30099 407880 30102 407750 30099->30102 30103 407766 30102->30103 30104 407777 30102->30104 30117 4076b8 GetStdHandle WriteFile GetStdHandle WriteFile 30103->30117 30105 407780 GetCurrentThreadId 30104->30105 30107 40778d 30104->30107 30105->30107 30111 4077fc 30107->30111 30118 4054b4 11 API calls 30107->30118 30108 407770 30108->30104 30110 4077e4 30110->30111 30119 4054b4 11 API calls 30110->30119 30113 407827 FreeLibrary 30111->30113 30115 40782d 30111->30115 30113->30115 30114 407866 30115->30114 30116 40785e ExitProcess 30115->30116 30117->30108 30118->30110 30119->30110 30120 4b60e8 30121 4b610d 30120->30121 30166 4af678 30121->30166 30124 4b611b 30171 4afa44 30124->30171 30125 4b6192 30182 4056d0 QueryPerformanceCounter 30125->30182 30128 4b6137 30128->30125 30257 426f08 11 API calls 30128->30257 30129 4b6197 30185 4aefe8 30129->30185 30132 4b612b 30135 4b64ec 30132->30135 30249 4af1b4 30132->30249 30134 4b616e 30143 4b6176 MessageBoxW 30134->30143 30139 4b6505 30135->30139 30144 4b64ff RemoveDirectoryW 30135->30144 30136 407e00 11 API calls 30137 4b61ac 30136->30137 30204 422954 30137->30204 30141 4b6519 30139->30141 30142 4b650e DestroyWindow 30139->30142 30155 4b6542 30141->30155 30260 408d08 27 API calls 30141->30260 30142->30141 30143->30125 30146 4b6183 30143->30146 30144->30139 30258 41f238 75 API calls 30146->30258 30151 4b6538 30261 40540c 11 API calls 30151->30261 30154 4b61da 30156 40873c 11 API calls 30154->30156 30157 4b61e8 30156->30157 30158 407e00 11 API calls 30157->30158 30159 4b61f8 30158->30159 30227 423d00 30159->30227 30161 4b6237 30233 424748 30161->30233 30163 4b6299 30259 424a24 105 API calls 30163->30259 30165 4b62c0 30262 4af244 30166->30262 30172 4afa74 30171->30172 30173 4afa65 30171->30173 30175 407a20 11 API calls 30172->30175 30174 407e48 11 API calls 30173->30174 30176 4afa72 30174->30176 30175->30176 30281 4087c4 30176->30281 30178 4afa9c 30179 4afaab MessageBoxW 30178->30179 30180 407a80 11 API calls 30179->30180 30181 4afacd 30180->30181 30181->30132 30183 4056dd GetTickCount 30182->30183 30184 4056eb 30182->30184 30183->30184 30184->30129 30192 4aeff0 30185->30192 30188 4af02f CreateDirectoryW 30189 4af039 GetLastError 30188->30189 30190 4af0af 30188->30190 30189->30192 30191 407e00 11 API calls 30190->30191 30193 4af0b9 30191->30193 30192->30188 30287 422d70 30192->30287 30312 4aeec8 30192->30312 30332 426f08 11 API calls 30192->30332 30333 419e18 11 API calls 30192->30333 30334 4232ec FormatMessageW 30192->30334 30338 426ed8 11 API calls 30192->30338 30339 41f264 11 API calls 30192->30339 30340 40711c 11 API calls 30192->30340 30195 407a80 11 API calls 30193->30195 30196 4af0d3 30195->30196 30198 407a80 11 API calls 30196->30198 30199 4af0e0 30198->30199 30199->30136 30205 422964 30204->30205 30206 4088ac 11 API calls 30205->30206 30207 422976 30206->30207 30208 4226c8 30207->30208 30209 4226f2 30208->30209 30210 422706 30209->30210 30211 4226f8 30209->30211 30212 4088ac 11 API calls 30210->30212 30213 40873c 11 API calls 30211->30213 30214 422719 30212->30214 30215 422704 30213->30215 30216 40873c 11 API calls 30214->30216 30217 407a20 11 API calls 30215->30217 30216->30215 30218 42273b 30217->30218 30219 422660 30218->30219 30220 42268e 30219->30220 30223 42266a 30219->30223 30221 407e00 11 API calls 30220->30221 30222 422697 30221->30222 30222->30154 30223->30220 30224 42267d 30223->30224 30225 40873c 11 API calls 30224->30225 30226 42268b 30225->30226 30226->30154 30228 423d0a 30227->30228 30415 423da8 30228->30415 30229 423d39 30231 423d4f 30229->30231 30418 423cac 106 API calls 30229->30418 30231->30161 30234 424755 30233->30234 30238 4247ae 30234->30238 30425 41f264 11 API calls 30234->30425 30236 4247a9 30426 40711c 11 API calls 30236->30426 30242 4247d6 30238->30242 30427 41f264 11 API calls 30238->30427 30240 4247d1 30428 40711c 11 API calls 30240->30428 30243 424819 30242->30243 30429 41f264 11 API calls 30242->30429 30244 42482c 30243->30244 30421 403bcc 30243->30421 30244->30163 30246 424814 30430 40711c 11 API calls 30246->30430 30250 4af20e 30249->30250 30251 4af1c7 30249->30251 30250->30135 30251->30250 30252 4af1cf Sleep 30251->30252 30253 4af1df Sleep 30251->30253 30255 4af1f6 GetLastError 30251->30255 30433 427154 30251->30433 30252->30251 30253->30251 30255->30250 30256 4af200 GetLastError 30255->30256 30256->30250 30256->30251 30257->30134 30259->30165 30260->30151 30261->30155 30268 4af263 30262->30268 30263 4af299 30265 4af2a6 GetUserDefaultLangID 30263->30265 30270 4af29b 30263->30270 30264 4af29d 30278 42301c 55 API calls 30264->30278 30265->30270 30267 4af2a2 30267->30270 30268->30263 30268->30264 30269 4af277 30268->30269 30272 4af60c 30269->30272 30270->30269 30271 4af218 GetLocaleInfoW 30270->30271 30271->30270 30273 4af64f 30272->30273 30274 4af614 30272->30274 30273->30124 30273->30128 30274->30273 30279 407f5c 11 API calls 30274->30279 30276 4af635 30280 427000 11 API calls 30276->30280 30278->30267 30279->30276 30280->30273 30282 4087da 30281->30282 30283 408664 11 API calls 30282->30283 30284 408815 30282->30284 30285 40885f 30282->30285 30283->30284 30284->30285 30286 407e00 11 API calls 30284->30286 30286->30285 30341 422a90 30287->30341 30290 422da0 30292 422a90 12 API calls 30290->30292 30294 422ded 30290->30294 30293 422db0 30292->30293 30295 422dbc 30293->30295 30297 422a6c 12 API calls 30293->30297 30349 4228a4 30294->30349 30295->30294 30361 41ff2c 47 API calls 30295->30361 30297->30295 30299 422dc5 30302 422a90 12 API calls 30299->30302 30311 422de2 30299->30311 30301 422660 11 API calls 30304 422e02 30301->30304 30305 422dd6 30302->30305 30306 407e00 11 API calls 30304->30306 30309 422a6c 12 API calls 30305->30309 30305->30311 30307 422e0c 30306->30307 30308 407a80 11 API calls 30307->30308 30310 422e26 30308->30310 30309->30311 30310->30192 30311->30294 30362 422d18 GetWindowsDirectoryW 30311->30362 30313 4aeeec 30312->30313 30314 422660 11 API calls 30313->30314 30315 4aef05 30314->30315 30316 407e48 11 API calls 30315->30316 30321 4aef10 30316->30321 30317 4229ac 11 API calls 30317->30321 30320 4087c4 11 API calls 30320->30321 30321->30317 30321->30320 30325 4aef8e 30321->30325 30377 4aee50 30321->30377 30385 4271cc 30321->30385 30393 426f08 11 API calls 30321->30393 30394 41f264 11 API calls 30321->30394 30395 40711c 11 API calls 30321->30395 30326 407e00 11 API calls 30325->30326 30327 4aef99 30326->30327 30328 407a80 11 API calls 30327->30328 30329 4aefb3 30328->30329 30330 407a80 11 API calls 30329->30330 30331 4aefc0 30330->30331 30331->30192 30332->30192 30333->30192 30335 423312 30334->30335 30336 407ba8 11 API calls 30335->30336 30337 423332 30336->30337 30337->30192 30338->30192 30339->30192 30342 408664 11 API calls 30341->30342 30343 422aa3 30342->30343 30344 422abe GetEnvironmentVariableW 30343->30344 30348 422ad1 30343->30348 30363 422e84 11 API calls 30343->30363 30344->30343 30345 422aca 30344->30345 30346 407a20 11 API calls 30345->30346 30346->30348 30348->30290 30358 422a6c 30348->30358 30350 4228ad 30349->30350 30350->30350 30351 4228d4 GetFullPathNameW 30350->30351 30352 4228e0 30351->30352 30353 4228f7 30351->30353 30352->30353 30354 4228e8 30352->30354 30355 407e00 11 API calls 30353->30355 30356 407ba8 11 API calls 30354->30356 30357 4228f5 30355->30357 30356->30357 30357->30301 30364 422a18 30358->30364 30361->30299 30362->30294 30363->30343 30370 4229ac 30364->30370 30366 422a38 30367 422a40 GetFileAttributesW 30366->30367 30368 407a20 11 API calls 30367->30368 30369 422a5d 30368->30369 30369->30290 30371 4229bd 30370->30371 30372 422a03 30371->30372 30373 4229f8 30371->30373 30375 4088ac 11 API calls 30372->30375 30374 407e00 11 API calls 30373->30374 30376 422a01 30374->30376 30375->30376 30376->30366 30378 407a20 11 API calls 30377->30378 30380 4aee71 30378->30380 30382 4aeea2 30380->30382 30396 408510 30380->30396 30399 408950 30380->30399 30383 407a20 11 API calls 30382->30383 30384 4aeeb7 30383->30384 30384->30321 30403 427108 30385->30403 30387 4271e2 30388 4271e6 30387->30388 30409 422a80 30387->30409 30388->30321 30393->30321 30394->30321 30397 407ba8 11 API calls 30396->30397 30398 40851d 30397->30398 30398->30380 30400 408965 30399->30400 30401 408664 11 API calls 30400->30401 30402 4089ba 30400->30402 30401->30402 30402->30380 30404 427112 30403->30404 30405 427116 30403->30405 30404->30387 30406 427138 SetLastError 30405->30406 30407 42711f Wow64DisableWow64FsRedirection 30405->30407 30408 427133 30406->30408 30407->30408 30408->30387 30410 422a18 12 API calls 30409->30410 30411 422a8a GetLastError 30410->30411 30412 427144 30411->30412 30413 427153 30412->30413 30414 427149 Wow64RevertWow64FsRedirection 30412->30414 30413->30321 30414->30413 30419 4084ec 30415->30419 30418->30231 30420 4084f2 CreateFileW 30419->30420 30420->30229 30431 403b60 30421->30431 30423 403bd5 VirtualAlloc 30424 403bec 30423->30424 30424->30244 30425->30236 30427->30240 30429->30246 30432 403b00 30431->30432 30432->30423 30434 427108 2 API calls 30433->30434 30435 42716a 30434->30435 30436 42716e 30435->30436 30437 42718a DeleteFileW GetLastError 30435->30437 30436->30251 30438 427144 Wow64RevertWow64FsRedirection 30437->30438 30439 4271b0 30438->30439 30439->30251 30440 4b62df 30441 4b6304 30440->30441 30442 4b633c 30441->30442 30452 4af834 11 API calls 30441->30452 30448 423ed8 SetEndOfFile 30442->30448 30445 4b6358 30453 40540c 11 API calls 30445->30453 30447 4b638f 30449 423ee8 30448->30449 30450 423eef 30448->30450 30454 423cac 106 API calls 30449->30454 30450->30445 30452->30442 30453->30447 30454->30450 30455 41ff94 30456 407e48 11 API calls 30455->30456 30457 41ffc4 30456->30457 30470 407fb0 30457->30470 30459 41ffcc 30460 41ffd8 GetFileVersionInfoSizeW 30459->30460 30461 42007e 30460->30461 30464 41ffe8 30460->30464 30462 407a20 11 API calls 30461->30462 30463 420093 30462->30463 30465 420011 GetFileVersionInfoW 30464->30465 30466 420035 30465->30466 30467 42001b VerQueryValueW 30465->30467 30474 40540c 11 API calls 30466->30474 30467->30466 30469 420076 30472 407f18 30470->30472 30471 407f53 30471->30459 30472->30471 30475 40540c 11 API calls 30472->30475 30474->30469 30475->30471 30476 4b5eec 30503 40d1cc GetModuleHandleW 30476->30503 30485 407e00 11 API calls 30486 4b5f5e 30485->30486 30487 423d00 107 API calls 30486->30487 30488 4b5f76 30487->30488 30535 4af9f0 FindResourceW 30488->30535 30491 4b5feb 30548 423cc0 30491->30548 30492 4b5f8e 30492->30491 30570 4af834 11 API calls 30492->30570 30494 4b6011 30495 4b602d 30494->30495 30571 4af834 11 API calls 30494->30571 30497 424748 12 API calls 30495->30497 30498 4b6053 30497->30498 30552 425cd8 30498->30552 30500 4b60c9 30501 4b607e 30501->30500 30502 425cd8 105 API calls 30501->30502 30502->30501 30504 40d207 30503->30504 30572 407484 30504->30572 30507 4af91c GetSystemInfo VirtualQuery 30508 4af9e7 30507->30508 30511 4af948 30507->30511 30513 4af474 30508->30513 30509 4af9c7 VirtualQuery 30509->30508 30509->30511 30510 4af978 VirtualProtect 30510->30511 30511->30508 30511->30509 30511->30510 30512 4af9b1 VirtualProtect 30511->30512 30512->30509 30748 422c14 GetCommandLineW 30513->30748 30515 4af492 30516 4af55d 30515->30516 30519 422c74 13 API calls 30515->30519 30520 4088ac 11 API calls 30515->30520 30517 407a80 11 API calls 30516->30517 30518 4af577 30517->30518 30521 422c74 30518->30521 30519->30515 30520->30515 30522 422c9b GetModuleFileNameW 30521->30522 30523 422cbf GetCommandLineW 30521->30523 30525 407ba8 11 API calls 30522->30525 30524 422cc6 30523->30524 30526 422ccc 30524->30526 30529 422b34 11 API calls 30524->30529 30531 422cd4 30524->30531 30527 422cbd 30525->30527 30528 407a20 11 API calls 30526->30528 30530 422cf3 30527->30530 30528->30531 30529->30524 30532 407a20 11 API calls 30530->30532 30534 407e00 11 API calls 30531->30534 30533 422d08 30532->30533 30533->30485 30534->30530 30536 4afa0a SizeofResource 30535->30536 30537 4afa05 30535->30537 30539 4afa1c LoadResource 30536->30539 30540 4afa17 30536->30540 30770 4af834 11 API calls 30537->30770 30542 4afa2a 30539->30542 30543 4afa2f LockResource 30539->30543 30771 4af834 11 API calls 30540->30771 30772 4af834 11 API calls 30542->30772 30545 4afa3b 30543->30545 30546 4afa40 30543->30546 30773 4af834 11 API calls 30545->30773 30546->30492 30549 423cd4 30548->30549 30550 423ce4 30549->30550 30774 423bf8 105 API calls 30549->30774 30550->30494 30556 425d09 30552->30556 30558 425d54 30552->30558 30553 425da1 30778 424a24 105 API calls 30553->30778 30555 424a24 105 API calls 30555->30558 30556->30558 30560 408664 11 API calls 30556->30560 30565 407fa0 11 API calls 30556->30565 30567 407e00 11 API calls 30556->30567 30569 424a24 105 API calls 30556->30569 30557 425db9 30561 407a44 11 API calls 30557->30561 30558->30553 30558->30555 30775 408254 11 API calls 30558->30775 30776 407f5c 11 API calls 30558->30776 30777 407e9c 11 API calls 30558->30777 30560->30556 30562 425dce 30561->30562 30563 407a20 11 API calls 30562->30563 30568 425dd6 30563->30568 30565->30556 30567->30556 30568->30501 30569->30556 30570->30491 30571->30495 30573 4074bc 30572->30573 30576 407418 30573->30576 30577 407460 30576->30577 30578 407428 30576->30578 30577->30507 30578->30577 30583 4232ec 12 API calls 30578->30583 30585 40caa4 GetSystemInfo 30578->30585 30586 4b5114 30578->30586 30658 4b5980 30578->30658 30670 4b5000 30578->30670 30682 4b5a90 30578->30682 30583->30578 30585->30578 30587 4b511c 30586->30587 30587->30587 30588 4b536d 30587->30588 30589 4b5141 GetModuleHandleW GetVersion 30587->30589 30592 407a80 11 API calls 30588->30592 30590 4b517a 30589->30590 30591 4b515c GetProcAddress 30589->30591 30594 4b5182 GetProcAddress 30590->30594 30595 4b5344 GetProcAddress 30590->30595 30591->30590 30593 4b516d 30591->30593 30596 4b5387 30592->30596 30593->30590 30597 4b5191 30594->30597 30598 4b535a GetProcAddress 30595->30598 30599 4b5353 30595->30599 30596->30578 30700 40e520 GetSystemDirectoryW 30597->30700 30598->30588 30601 4b5369 SetProcessDEPPolicy 30598->30601 30599->30598 30601->30588 30602 4b51a0 30603 407e00 11 API calls 30602->30603 30604 4b51ad 30603->30604 30604->30595 30605 4b51e5 30604->30605 30606 4086e4 11 API calls 30604->30606 30607 40873c 11 API calls 30605->30607 30606->30605 30608 4b51f8 30607->30608 30701 40e54c SetErrorMode LoadLibraryW 30608->30701 30610 4b5200 30611 40873c 11 API calls 30610->30611 30612 4b5213 30611->30612 30702 40e54c SetErrorMode LoadLibraryW 30612->30702 30614 4b521b 30615 40873c 11 API calls 30614->30615 30616 4b522e 30615->30616 30703 40e54c SetErrorMode LoadLibraryW 30616->30703 30618 4b5236 30619 40873c 11 API calls 30618->30619 30620 4b5249 30619->30620 30704 40e54c SetErrorMode LoadLibraryW 30620->30704 30622 4b5251 30623 40873c 11 API calls 30622->30623 30624 4b5264 30623->30624 30705 40e54c SetErrorMode LoadLibraryW 30624->30705 30626 4b526c 30627 40873c 11 API calls 30626->30627 30628 4b527f 30627->30628 30706 40e54c SetErrorMode LoadLibraryW 30628->30706 30630 4b5287 30631 40873c 11 API calls 30630->30631 30632 4b529a 30631->30632 30707 40e54c SetErrorMode LoadLibraryW 30632->30707 30634 4b52a2 30635 40873c 11 API calls 30634->30635 30636 4b52b5 30635->30636 30708 40e54c SetErrorMode LoadLibraryW 30636->30708 30638 4b52bd 30639 40873c 11 API calls 30638->30639 30640 4b52d0 30639->30640 30709 40e54c SetErrorMode LoadLibraryW 30640->30709 30642 4b52d8 30643 40873c 11 API calls 30642->30643 30644 4b52eb 30643->30644 30710 40e54c SetErrorMode LoadLibraryW 30644->30710 30646 4b52f3 30647 40873c 11 API calls 30646->30647 30648 4b5306 30647->30648 30711 40e54c SetErrorMode LoadLibraryW 30648->30711 30650 4b530e 30651 40873c 11 API calls 30650->30651 30652 4b5321 30651->30652 30712 40e54c SetErrorMode LoadLibraryW 30652->30712 30654 4b5329 30655 40873c 11 API calls 30654->30655 30656 4b533c 30655->30656 30713 40e54c SetErrorMode LoadLibraryW 30656->30713 30659 4b599e 30658->30659 30660 4b5a33 30658->30660 30714 407588 30659->30714 30660->30578 30662 4b59a8 30663 407e00 11 API calls 30662->30663 30664 4b59ca 30662->30664 30663->30664 30665 40ae34 48 API calls 30664->30665 30666 4b5a11 30665->30666 30720 420524 51 API calls 30666->30720 30668 4b5a2e 30721 4206d8 119 API calls 30668->30721 30671 4b50c9 30670->30671 30672 4b501e 30670->30672 30671->30578 30673 4b5028 SetThreadLocale 30672->30673 30725 40a250 InitializeCriticalSection GetVersion 30673->30725 30677 4b505e 30678 4b5077 GetCommandLineW 30677->30678 30729 403810 GetStartupInfoW 30678->30729 30680 4b50a1 GetACP GetCurrentThreadId 30730 40cab8 GetVersion 30680->30730 30683 4b5b3f 30682->30683 30684 4b5ab4 GetModuleHandleW 30682->30684 30686 407a80 11 API calls 30683->30686 30731 40e1a8 30684->30731 30688 4b5b59 30686->30688 30687 4b5ac9 GetModuleHandleW 30689 40e1a8 13 API calls 30687->30689 30688->30578 30690 4b5ae3 30689->30690 30743 422d44 GetSystemDirectoryW 30690->30743 30692 4b5b0d 30693 422660 11 API calls 30692->30693 30694 4b5b18 30693->30694 30695 4086e4 11 API calls 30694->30695 30696 4b5b25 30695->30696 30745 421230 SetErrorMode 30696->30745 30698 4b5b32 30699 4232ec 12 API calls 30698->30699 30699->30683 30700->30602 30701->30610 30702->30614 30703->30618 30704->30622 30705->30626 30706->30630 30707->30634 30708->30638 30709->30642 30710->30646 30711->30650 30712->30654 30713->30595 30717 407594 30714->30717 30719 4075cb 30717->30719 30722 4074cc 75 API calls 30717->30722 30723 407524 75 API calls 30717->30723 30724 407574 75 API calls 30717->30724 30719->30662 30720->30668 30721->30660 30722->30717 30723->30717 30724->30717 30726 40a280 6 API calls 30725->30726 30727 40a2ce 30725->30727 30726->30727 30728 40caa4 GetSystemInfo 30727->30728 30728->30677 30729->30680 30730->30671 30732 40e1d0 GetProcAddress 30731->30732 30733 40e1dc 30731->30733 30734 40e230 30732->30734 30735 407a44 11 API calls 30733->30735 30737 407a44 11 API calls 30734->30737 30736 40e1f2 30735->30736 30739 40e209 GetProcAddress 30736->30739 30738 40e245 30737->30738 30738->30687 30740 40e220 30739->30740 30741 407a44 11 API calls 30740->30741 30742 40e228 30741->30742 30742->30687 30744 422d65 30743->30744 30744->30692 30746 4084ec 30745->30746 30747 421268 LoadLibraryW 30746->30747 30747->30698 30755 422b34 30748->30755 30750 422c36 30751 422c4f 30750->30751 30753 422b34 11 API calls 30750->30753 30752 407a20 11 API calls 30751->30752 30754 422c64 30752->30754 30753->30750 30754->30515 30756 422b5f 30755->30756 30757 407ba8 11 API calls 30756->30757 30758 422b6c 30757->30758 30765 407fa0 30758->30765 30760 422b74 30761 407e00 11 API calls 30760->30761 30762 422b8c 30761->30762 30763 407a20 11 API calls 30762->30763 30764 422bb4 30763->30764 30764->30750 30767 407f18 30765->30767 30766 407f53 30766->30760 30767->30766 30769 40540c 11 API calls 30767->30769 30769->30766 30770->30536 30771->30539 30772->30543 30773->30546 30774->30550 30775->30558 30776->30558 30777->30558 30778->30557 30779 40cb18 30780 40cb31 30779->30780 30781 40cb86 30779->30781 30797 40582c 11 API calls 30780->30797 30783 40cb3b 30798 40582c 11 API calls 30783->30798 30785 40cb45 30799 40582c 11 API calls 30785->30799 30787 40cb4f 30800 40a340 DeleteCriticalSection 30787->30800 30789 40cb54 30790 40cb67 30789->30790 30801 40426c 30789->30801 30821 40c198 21 API calls 30790->30821 30793 40cb71 30822 405384 30793->30822 30797->30783 30798->30785 30799->30787 30800->30789 30802 404281 30801->30802 30803 404364 30801->30803 30805 404287 30802->30805 30809 4042fe Sleep 30802->30809 30804 403cf8 30803->30804 30803->30805 30807 40445e 30804->30807 30832 403c48 30804->30832 30806 404290 30805->30806 30811 404342 Sleep 30805->30811 30815 404379 30805->30815 30806->30790 30807->30790 30809->30805 30810 404318 Sleep 30809->30810 30810->30802 30813 404358 Sleep 30811->30813 30811->30815 30813->30805 30814 403d1f VirtualFree 30816 403d30 30814->30816 30817 40439c 30815->30817 30819 4043f8 VirtualFree 30815->30819 30816->30790 30817->30790 30818 403d42 VirtualQuery VirtualFree 30818->30816 30820 403d39 30818->30820 30819->30790 30820->30816 30820->30818 30821->30793 30823 40538d CloseHandle 30822->30823 30824 40539f 30822->30824 30823->30824 30825 4053ad 30824->30825 30843 404d58 10 API calls 30824->30843 30827 4053b6 VirtualFree 30825->30827 30828 4053cf 30825->30828 30827->30828 30837 4052d4 30828->30837 30831 408c90 27 API calls 30831->30781 30833 403c90 30832->30833 30834 403c51 30832->30834 30833->30814 30833->30820 30834->30833 30835 403c5c Sleep 30834->30835 30835->30833 30836 403c76 Sleep 30835->30836 30836->30834 30838 4052f9 30837->30838 30839 4052e7 VirtualFree 30838->30839 30840 4052fd 30838->30840 30839->30838 30841 405363 VirtualFree 30840->30841 30842 405379 30840->30842 30841->30840 30842->30831 30843->30825 30844 403ee8 30845 403f00 30844->30845 30846 404148 30844->30846 30857 403f12 30845->30857 30859 403f9d Sleep 30845->30859 30847 404260 30846->30847 30848 40410c 30846->30848 30850 403c94 VirtualAlloc 30847->30850 30851 404269 30847->30851 30854 404126 Sleep 30848->30854 30860 404166 30848->30860 30849 403f21 30852 403ccf 30850->30852 30853 403cbf 30850->30853 30855 403c48 2 API calls 30853->30855 30858 40413c Sleep 30854->30858 30854->30860 30855->30852 30856 404000 30866 403bcc VirtualAlloc 30856->30866 30867 40400c 30856->30867 30857->30849 30857->30856 30861 403fe1 Sleep 30857->30861 30858->30848 30859->30857 30863 403fb3 Sleep 30859->30863 30862 403bcc VirtualAlloc 30860->30862 30865 404184 30860->30865 30861->30856 30864 403ff7 Sleep 30861->30864 30862->30865 30863->30845 30864->30857 30866->30867 30868 4b63a1 30869 4b63d3 30868->30869 30892 40e450 30869->30892 30871 4b640c SetWindowLongW 30896 41a87c 30871->30896 30876 4087c4 11 API calls 30877 4b648e 30876->30877 30904 4af728 30877->30904 30880 4af60c 11 API calls 30882 4b64b3 30880->30882 30881 4b64ec 30884 4b6505 30881->30884 30887 4b64ff RemoveDirectoryW 30881->30887 30882->30881 30883 4af1b4 9 API calls 30882->30883 30883->30881 30885 4b6519 30884->30885 30886 4b650e DestroyWindow 30884->30886 30888 4b6542 30885->30888 30919 408d08 27 API calls 30885->30919 30886->30885 30887->30884 30890 4b6538 30920 40540c 11 API calls 30890->30920 30921 405740 30892->30921 30894 40e463 CreateWindowExW 30895 40e49d 30894->30895 30895->30871 30922 41a8a4 30896->30922 30899 422bc4 GetCommandLineW 30900 422b34 11 API calls 30899->30900 30901 422be7 30900->30901 30902 407a20 11 API calls 30901->30902 30903 422c05 30902->30903 30903->30876 30905 4087c4 11 API calls 30904->30905 30906 4af763 30905->30906 30907 4af795 CreateProcessW 30906->30907 30908 4af7aa CloseHandle 30907->30908 30909 4af7a1 30907->30909 30911 4af7b3 30908->30911 30944 4af34c 13 API calls 30909->30944 30940 4af6fc 30911->30940 30914 4af7d1 30915 4af6fc 3 API calls 30914->30915 30916 4af7d6 GetExitCodeProcess CloseHandle 30915->30916 30917 407a20 11 API calls 30916->30917 30918 4af7fe 30917->30918 30918->30880 30918->30882 30919->30890 30920->30888 30921->30894 30925 41a8bc 30922->30925 30926 41a8c5 30925->30926 30929 41a925 30926->30929 30938 41a7f4 104 API calls 30926->30938 30928 41a998 30930 407ba8 11 API calls 30928->30930 30929->30928 30936 41a942 30929->30936 30932 41a89c 30930->30932 30931 41a98c 30933 408664 11 API calls 30931->30933 30932->30899 30933->30932 30934 407a20 11 API calls 30934->30936 30935 408664 11 API calls 30935->30936 30936->30931 30936->30934 30936->30935 30939 41a7f4 104 API calls 30936->30939 30938->30929 30939->30936 30941 4af710 PeekMessageW 30940->30941 30942 4af722 MsgWaitForMultipleObjects 30941->30942 30943 4af704 TranslateMessage DispatchMessageW 30941->30943 30942->30911 30942->30914 30943->30941 30944->30908

                                                                                                                              Executed Functions

                                                                                                                              Function 004B5114 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165libraryloaderCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E004B5114(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				long _t39;
				_Unknown_base(*)()* _t42;
				_Unknown_base(*)()* _t43;
				_Unknown_base(*)()* _t46;
				signed int _t51;
				void* _t111;
				void* _t112;
				intOrPtr _t129;
				struct HINSTANCE__* _t148;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr _t153;

				_t152 = _t153;
				_t112 = 7;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_push(_t152);
				_push(0x4b5388);
				_push( *[fs:eax]);
				 *[fs:eax] = _t153;
				 *0x4be664 =  *0x4be664 - 1;
				if( *0x4be664 >= 0) {
					L19:
					_pop(_t129);
					 *[fs:eax] = _t129;
					_push(0x4b538f);
					return E00407A80( &_v60, 0xe);
				} else {
					_t148 = GetModuleHandleW(L"kernel32.dll");
					_t39 = GetVersion();
					_t111 = 0;
					if(_t39 != 0x600) {
						_t150 = GetProcAddress(_t148, "SetDefaultDllDirectories");
						if(_t150 != 0) {
							 *_t150(0x800);
							asm("sbb ebx, ebx");
							_t111 = 1;
						}
					}
					if(_t111 == 0) {
						_t46 = GetProcAddress(_t148, "SetDllDirectoryW");
						if(_t46 != 0) {
							 *_t46(0x4b53e4);
						}
						E0040E520( &_v8);
						E00407E00(0x4be668, _v8);
						if( *0x4be668 != 0) {
							_t51 =  *0x4be668;
							if(_t51 != 0) {
								_t51 =  *(_t51 - 4);
							}
							if( *((short*)( *0x4be668 + _t51 * 2 - 2)) != 0x5c) {
								E004086E4(0x4be668, 0x4b53f4);
							}
							E0040873C( &_v12, L"uxtheme.dll",  *0x4be668);
							E0040E54C(_v12, _t111);
							E0040873C( &_v16, L"userenv.dll",  *0x4be668);
							E0040E54C(_v16, _t111);
							E0040873C( &_v20, L"setupapi.dll",  *0x4be668);
							E0040E54C(_v20, _t111);
							E0040873C( &_v24, L"apphelp.dll",  *0x4be668);
							E0040E54C(_v24, _t111);
							E0040873C( &_v28, L"propsys.dll",  *0x4be668);
							E0040E54C(_v28, _t111);
							E0040873C( &_v32, L"dwmapi.dll",  *0x4be668);
							E0040E54C(_v32, _t111);
							E0040873C( &_v36, L"cryptbase.dll",  *0x4be668);
							E0040E54C(_v36, _t111);
							E0040873C( &_v40, L"oleacc.dll",  *0x4be668);
							E0040E54C(_v40, _t111);
							E0040873C( &_v44, L"version.dll",  *0x4be668);
							E0040E54C(_v44, _t111);
							E0040873C( &_v48, L"profapi.dll",  *0x4be668);
							E0040E54C(_v48, _t111);
							E0040873C( &_v52, L"comres.dll",  *0x4be668);
							E0040E54C(_v52, _t111);
							E0040873C( &_v56, L"clbcatq.dll",  *0x4be668);
							E0040E54C(_v56, _t111);
							E0040873C( &_v60, L"ntmarta.dll",  *0x4be668);
							E0040E54C(_v60, _t111);
						}
					}
					_t42 = GetProcAddress(_t148, "SetSearchPathMode");
					if(_t42 != 0) {
						 *_t42(0x8001);
					}
					_t43 = GetProcAddress(_t148, "SetProcessDEPPolicy");
					if(_t43 != 0) {
						 *_t43(1); // executed
					}
					goto L19;
				}
			}





























                                                                                                                              0x004b5115
                                                                                                                              0x004b5117
                                                                                                                              0x004b511c
                                                                                                                              0x004b511c
                                                                                                                              0x004b511e
                                                                                                                              0x004b5120
                                                                                                                              0x004b5120
                                                                                                                              0x004b5128
                                                                                                                              0x004b5129
                                                                                                                              0x004b512e
                                                                                                                              0x004b5131
                                                                                                                              0x004b5134
                                                                                                                              0x004b513b
                                                                                                                              0x004b536d
                                                                                                                              0x004b536f
                                                                                                                              0x004b5372
                                                                                                                              0x004b5375
                                                                                                                              0x004b5387
                                                                                                                              0x004b5141
                                                                                                                              0x004b514b
                                                                                                                              0x004b514d
                                                                                                                              0x004b5154
                                                                                                                              0x004b515a
                                                                                                                              0x004b5167
                                                                                                                              0x004b516b
                                                                                                                              0x004b5172
                                                                                                                              0x004b5177
                                                                                                                              0x004b5179
                                                                                                                              0x004b5179
                                                                                                                              0x004b516b
                                                                                                                              0x004b517c
                                                                                                                              0x004b5188
                                                                                                                              0x004b518f
                                                                                                                              0x004b5196
                                                                                                                              0x004b5196
                                                                                                                              0x004b519b
                                                                                                                              0x004b51a8
                                                                                                                              0x004b51b4
                                                                                                                              0x004b51ba
                                                                                                                              0x004b51c1
                                                                                                                              0x004b51c6
                                                                                                                              0x004b51c6
                                                                                                                              0x004b51d4
                                                                                                                              0x004b51e0
                                                                                                                              0x004b51e0
                                                                                                                              0x004b51f3
                                                                                                                              0x004b51fb
                                                                                                                              0x004b520e
                                                                                                                              0x004b5216
                                                                                                                              0x004b5229
                                                                                                                              0x004b5231
                                                                                                                              0x004b5244
                                                                                                                              0x004b524c
                                                                                                                              0x004b525f
                                                                                                                              0x004b5267
                                                                                                                              0x004b527a
                                                                                                                              0x004b5282
                                                                                                                              0x004b5295
                                                                                                                              0x004b529d
                                                                                                                              0x004b52b0
                                                                                                                              0x004b52b8
                                                                                                                              0x004b52cb
                                                                                                                              0x004b52d3
                                                                                                                              0x004b52e6
                                                                                                                              0x004b52ee
                                                                                                                              0x004b5301
                                                                                                                              0x004b5309
                                                                                                                              0x004b531c
                                                                                                                              0x004b5324
                                                                                                                              0x004b5337
                                                                                                                              0x004b533f
                                                                                                                              0x004b533f
                                                                                                                              0x004b51b4
                                                                                                                              0x004b534a
                                                                                                                              0x004b5351
                                                                                                                              0x004b5358
                                                                                                                              0x004b5358
                                                                                                                              0x004b5360
                                                                                                                              0x004b5367
                                                                                                                              0x004b536b
                                                                                                                              0x004b536b
                                                                                                                              0x00000000
                                                                                                                              0x004b5367

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5146
                                                                                                                              • GetVersion.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B514D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 004B5162
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 004B5188
                                                                                                                                • Part of subcall function 0040E54C: SetErrorMode.KERNEL32(00008000), ref: 0040E55A
                                                                                                                                • Part of subcall function 0040E54C: LoadLibraryW.KERNEL32(00000000,00000000,0040E5AE,?,00000000,0040E5CC,?,00008000), ref: 0040E58F
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004B534A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004B5360
                                                                                                                              • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B536B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$ErrorHandleLibraryLoadModeModulePolicyProcessVersion
                                                                                                                              • String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$hK$hK$kernel32.dll$ntmarta.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
                                                                                                                              • API String ID: 2248137261-3182217745
                                                                                                                              • Opcode ID: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
                                                                                                                              • Instruction ID: 14362f36823de93a6bafc63c1bb5288ecf7b8ac372eee3bc1917329a49ba756d
                                                                                                                              • Opcode Fuzzy Hash: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
                                                                                                                              • Instruction Fuzzy Hash: 57513C34601504ABE701EBA6DC82FDEB3A5AB94348BA4493BE40077395DF7C9D428B6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004AF91C Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 382 4af91c-4af942 GetSystemInfo VirtualQuery 383 4af948 382->383 384 4af9e7-4af9ee 382->384 385 4af9db-4af9e1 383->385 385->384 386 4af94d-4af954 385->386 387 4af956-4af95a 386->387 388 4af9c7-4af9d9 VirtualQuery 386->388 387->388 389 4af95c-4af967 387->389 388->384 388->385 390 4af978-4af98d VirtualProtect 389->390 391 4af969-4af96c 389->391 393 4af98f 390->393 394 4af994-4af996 390->394 391->390 392 4af96e-4af971 391->392 392->390 396 4af973-4af976 392->396 393->394 395 4af9a5-4af9a8 394->395 397 4af9aa-4af9af 395->397 398 4af998-4af9a1 call 4af914 395->398 396->390 396->394 397->388 400 4af9b1-4af9c2 VirtualProtect 397->400 398->395 400->388
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004AF91C(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				int _t28;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								_t28 = VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84); // executed
								if(_t28 != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E004AF914(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}













                                                                                                                              0x004af920
                                                                                                                              0x004af923
                                                                                                                              0x004af926
                                                                                                                              0x004af92f
                                                                                                                              0x004af93b
                                                                                                                              0x004af942
                                                                                                                              0x004af9ee
                                                                                                                              0x004af9ee
                                                                                                                              0x004af948
                                                                                                                              0x004af9db
                                                                                                                              0x004af9db
                                                                                                                              0x004af9e1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004af954
                                                                                                                              0x004af9c7
                                                                                                                              0x004af9d2
                                                                                                                              0x004af9d9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004af95c
                                                                                                                              0x004af95c
                                                                                                                              0x004af961
                                                                                                                              0x004af967
                                                                                                                              0x004af986
                                                                                                                              0x004af98d
                                                                                                                              0x004af98f
                                                                                                                              0x004af98f
                                                                                                                              0x004af98d
                                                                                                                              0x004af994
                                                                                                                              0x004af9a5
                                                                                                                              0x004af99c
                                                                                                                              0x004af9a1
                                                                                                                              0x004af9a1
                                                                                                                              0x004af9af
                                                                                                                              0x004af9c2
                                                                                                                              0x004af9c2
                                                                                                                              0x00000000
                                                                                                                              0x004af9af
                                                                                                                              0x004af954
                                                                                                                              0x00000000
                                                                                                                              0x004af9db

                                                                                                                              APIs
                                                                                                                              • GetSystemInfo.KERNEL32(?), ref: 004AF92F
                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 004AF93B
                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 004AF986
                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 004AF9C2
                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 004AF9D2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2441996862-0
                                                                                                                              • Opcode ID: 57281b4e736338f8d77ca256b537dd22dd4c981be38144bf210ac0f1d0b120f5
                                                                                                                              • Instruction ID: 3a96586125c0dafbea7f6284d897bb751f900199eded140d0d018ead0d29608e
                                                                                                                              • Opcode Fuzzy Hash: 57281b4e736338f8d77ca256b537dd22dd4c981be38144bf210ac0f1d0b120f5
                                                                                                                              • Instruction Fuzzy Hash: C5212CB1104344BAD730DA99C885F6BBBEC9B56354F04492EF59583681D339E848C766
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B044 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E0040B044(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t61);
				_push(0x40b104);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00403730();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040858C( &_v20, 4,  &_v16);
				E0040873C(_t44, _v20, _v8);
				_t29 = E0040AEF4( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040858C( &_v24, 4,  &_v16);
					E0040873C(_t44, _v24, _v8);
					_t40 = E0040AEF4( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00407A20(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040B10B);
				E00407A80( &_v24, 2);
				return E00407A20( &_v8);
			}













                                                                                                                              0x0040b04a
                                                                                                                              0x0040b04d
                                                                                                                              0x0040b050
                                                                                                                              0x0040b053
                                                                                                                              0x0040b055
                                                                                                                              0x0040b05b
                                                                                                                              0x0040b062
                                                                                                                              0x0040b063
                                                                                                                              0x0040b068
                                                                                                                              0x0040b06b
                                                                                                                              0x0040b070
                                                                                                                              0x0040b076
                                                                                                                              0x0040b07f
                                                                                                                              0x0040b08f
                                                                                                                              0x0040b09c
                                                                                                                              0x0040b0a3
                                                                                                                              0x0040b0aa
                                                                                                                              0x0040b0ac
                                                                                                                              0x0040b0bd
                                                                                                                              0x0040b0ca
                                                                                                                              0x0040b0d1
                                                                                                                              0x0040b0d8
                                                                                                                              0x0040b0dc
                                                                                                                              0x0040b0dc
                                                                                                                              0x0040b0d8
                                                                                                                              0x0040b0e3
                                                                                                                              0x0040b0e6
                                                                                                                              0x0040b0e9
                                                                                                                              0x0040b0f6
                                                                                                                              0x0040b103

                                                                                                                              APIs
                                                                                                                              • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B076
                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B07F
                                                                                                                                • Part of subcall function 0040AEF4: FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
                                                                                                                                • Part of subcall function 0040AEF4: FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3216391948-0
                                                                                                                              • Opcode ID: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
                                                                                                                              • Instruction ID: a9cfc37755e84068b6e5d0711ea0537dd567252b91127d2e7da10f621904fc04
                                                                                                                              • Opcode Fuzzy Hash: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
                                                                                                                              • Instruction Fuzzy Hash: 35113674A041099BDB00EB95C9529AEB3B9EF44304F50447FA515B73C1DB785E058A6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040AEF4 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 46%
                                                                                                                              			E0040AEF4(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t27);
				_push(0x40af52);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004084EC(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040AF59);
				return E00407A20( &_v8);
			}








                                                                                                                              0x0040aefd
                                                                                                                              0x0040aefe
                                                                                                                              0x0040af04
                                                                                                                              0x0040af0b
                                                                                                                              0x0040af0c
                                                                                                                              0x0040af11
                                                                                                                              0x0040af14
                                                                                                                              0x0040af27
                                                                                                                              0x0040af34
                                                                                                                              0x0040af37
                                                                                                                              0x0040af37
                                                                                                                              0x0040af3e
                                                                                                                              0x0040af41
                                                                                                                              0x0040af44
                                                                                                                              0x0040af51

                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
                                                                                                                              • FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2295610775-0
                                                                                                                              • Opcode ID: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
                                                                                                                              • Instruction ID: b27eefbf95a445daf5872925c41aeb1c7ded3ce7930a436f9b8cfd192dc84724
                                                                                                                              • Opcode Fuzzy Hash: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
                                                                                                                              • Instruction Fuzzy Hash: 5FF0B471518209BFC710FB75CD4294EB7ACEB043147A005B6B504F32C1E638AF149519
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040AB18 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E0040AB18(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t112);
				_push(0x40ad3d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040A34C( &_v542, E004084EC(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040AD44);
					return E00407A20( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40ad20);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040A928( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040AE30, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004053F0(_v20);
								RegQueryValueExW(_v16, E0040AE30, 0, 0, _v12,  &_v20);
								E00408550(_t97, _v12);
							}
						} else {
							_v12 = E004053F0(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00408550(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040AD27);
						if(_v12 != 0) {
							E0040540C(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                                                                              0x0040ab19
                                                                                                                              0x0040ab1b
                                                                                                                              0x0040ab22
                                                                                                                              0x0040ab24
                                                                                                                              0x0040ab2a
                                                                                                                              0x0040ab31
                                                                                                                              0x0040ab32
                                                                                                                              0x0040ab37
                                                                                                                              0x0040ab3a
                                                                                                                              0x0040ab41
                                                                                                                              0x0040ab6d
                                                                                                                              0x0040ab43
                                                                                                                              0x0040ab51
                                                                                                                              0x0040ab51
                                                                                                                              0x0040ab7a
                                                                                                                              0x0040ad27
                                                                                                                              0x0040ad29
                                                                                                                              0x0040ad2c
                                                                                                                              0x0040ad2f
                                                                                                                              0x0040ad3c
                                                                                                                              0x0040ab80
                                                                                                                              0x0040ab82
                                                                                                                              0x0040ab9a
                                                                                                                              0x0040aba1
                                                                                                                              0x0040ac41
                                                                                                                              0x0040ac43
                                                                                                                              0x0040ac44
                                                                                                                              0x0040ac49
                                                                                                                              0x0040ac4c
                                                                                                                              0x0040ac5a
                                                                                                                              0x0040ac7b
                                                                                                                              0x0040acca
                                                                                                                              0x0040acd4
                                                                                                                              0x0040acec
                                                                                                                              0x0040acf6
                                                                                                                              0x0040acf6
                                                                                                                              0x0040ac7d
                                                                                                                              0x0040ac85
                                                                                                                              0x0040ac9f
                                                                                                                              0x0040aca9
                                                                                                                              0x0040aca9
                                                                                                                              0x0040acfd
                                                                                                                              0x0040ad00
                                                                                                                              0x0040ad03
                                                                                                                              0x0040ad0c
                                                                                                                              0x0040ad11
                                                                                                                              0x0040ad11
                                                                                                                              0x0040ad1f
                                                                                                                              0x0040aba7
                                                                                                                              0x0040abbc
                                                                                                                              0x0040abc3
                                                                                                                              0x00000000
                                                                                                                              0x0040abc5
                                                                                                                              0x0040abda
                                                                                                                              0x0040abe1
                                                                                                                              0x00000000
                                                                                                                              0x0040abe3
                                                                                                                              0x0040abf8
                                                                                                                              0x0040abff
                                                                                                                              0x00000000
                                                                                                                              0x0040ac01
                                                                                                                              0x0040ac16
                                                                                                                              0x0040ac1d
                                                                                                                              0x00000000
                                                                                                                              0x0040ac1f
                                                                                                                              0x0040ac34
                                                                                                                              0x0040ac3b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040ac3b
                                                                                                                              0x0040ac1d
                                                                                                                              0x0040abff
                                                                                                                              0x0040abe1
                                                                                                                              0x0040abc3
                                                                                                                              0x0040aba1

                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040AD3D,?,?), ref: 0040AB51
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040AB9A
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040ABBC
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040ABDA
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040ABF8
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040AC16
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040AC34
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D), ref: 0040AC74
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001), ref: 0040AC9F
                                                                                                                              • RegCloseKey.ADVAPI32(?,0040AD27,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales), ref: 0040AD1A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                              • API String ID: 2701450724-3496071916
                                                                                                                              • Opcode ID: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
                                                                                                                              • Instruction ID: cdbeddac4db4dda9279672c2614f8dce2a18b15a4a55f9a64fe791b6da82c449
                                                                                                                              • Opcode Fuzzy Hash: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
                                                                                                                              • Instruction Fuzzy Hash: FB514371A80308BEEB10DA95CC46FAE77BCEB08709F504477BA04F75C1D6B8AA50975E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040426C Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 116 40426c-40427b 117 404281-404285 116->117 118 404364-404367 116->118 119 404287-40428e 117->119 120 4042e8-4042f1 117->120 121 404454-404458 118->121 122 40436d-404377 118->122 123 404290-40429b 119->123 124 4042bc-4042be 119->124 120->119 129 4042f3-4042fc 120->129 127 403cf8-403d1d call 403c48 121->127 128 40445e-404463 121->128 125 404328-404335 122->125 126 404379-404385 122->126 132 4042a4-4042b9 123->132 133 40429d-4042a2 123->133 136 4042c0-4042d1 124->136 137 4042d3 124->137 125->126 130 404337-404340 125->130 134 404387-40438a 126->134 135 4043bc-4043ca 126->135 147 403d39-403d40 127->147 148 403d1f-403d2e VirtualFree 127->148 129->120 138 4042fe-404312 Sleep 129->138 130->125 140 404342-404356 Sleep 130->140 142 40438e-404392 134->142 135->142 144 4043cc-4043d1 call 403ac0 135->144 136->137 143 4042d6-4042e3 136->143 137->143 138->119 139 404318-404323 Sleep 138->139 139->120 140->126 146 404358-40435f Sleep 140->146 149 4043d4-4043e1 142->149 150 404394-40439a 142->150 143->122 144->142 146->125 157 403d42-403d5e VirtualQuery VirtualFree 147->157 153 403d30-403d32 148->153 154 403d34-403d37 148->154 149->150 152 4043e3-4043ea call 403ac0 149->152 155 4043ec-4043f6 150->155 156 40439c-4043ba call 403b00 150->156 152->150 161 403d73-403d75 153->161 154->161 159 404424-404451 call 403b60 155->159 160 4043f8-404420 VirtualFree 155->160 163 403d60-403d63 157->163 164 403d65-403d6b 157->164 165 403d77-403d87 161->165 166 403d8a-403d9a 161->166 163->161 164->161 170 403d6d-403d71 164->170 165->166 170->157
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E0040426C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x4bb059; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403C48();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x4bdb78 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4bb989;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x4bb059; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x4bbaf0 - 0x13ffe0;
							if( *0x4bbaf0 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403B60(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x4bbaf0 = 0x13ffe0;
								 *0x4bbaec = _t82;
								 *0x4bbae8 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x4bbae8 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403B00(_t106, _t88, _t81);
							 *0x4bbae8 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}





























                                                                                                                              0x0040426c
                                                                                                                              0x0040426c
                                                                                                                              0x00404275
                                                                                                                              0x0040427b
                                                                                                                              0x00404364
                                                                                                                              0x00404367
                                                                                                                              0x00404454
                                                                                                                              0x00404455
                                                                                                                              0x00404458
                                                                                                                              0x00403cf8
                                                                                                                              0x00403cfa
                                                                                                                              0x00403cfc
                                                                                                                              0x00403d01
                                                                                                                              0x00403d04
                                                                                                                              0x00403d09
                                                                                                                              0x00403d0d
                                                                                                                              0x00403d13
                                                                                                                              0x00403d17
                                                                                                                              0x00403d1d
                                                                                                                              0x00403d39
                                                                                                                              0x00403d3d
                                                                                                                              0x00403d40
                                                                                                                              0x00403d40
                                                                                                                              0x00403d42
                                                                                                                              0x00403d4a
                                                                                                                              0x00403d57
                                                                                                                              0x00403d5c
                                                                                                                              0x00403d5e
                                                                                                                              0x00403d60
                                                                                                                              0x00403d63
                                                                                                                              0x00403d63
                                                                                                                              0x00403d65
                                                                                                                              0x00403d69
                                                                                                                              0x00403d6b
                                                                                                                              0x00403d6d
                                                                                                                              0x00403d6f
                                                                                                                              0x00000000
                                                                                                                              0x00403d6f
                                                                                                                              0x00000000
                                                                                                                              0x00403d6b
                                                                                                                              0x00403d1f
                                                                                                                              0x00403d27
                                                                                                                              0x00403d2e
                                                                                                                              0x00403d34
                                                                                                                              0x00403d30
                                                                                                                              0x00403d30
                                                                                                                              0x00403d30
                                                                                                                              0x00403d2e
                                                                                                                              0x00403d73
                                                                                                                              0x00403d75
                                                                                                                              0x00403d7e
                                                                                                                              0x00403d87
                                                                                                                              0x00403d87
                                                                                                                              0x00403d8a
                                                                                                                              0x00403d9a
                                                                                                                              0x0040445e
                                                                                                                              0x00404463
                                                                                                                              0x00404463
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404281
                                                                                                                              0x00404281
                                                                                                                              0x00404283
                                                                                                                              0x00404285
                                                                                                                              0x004042e8
                                                                                                                              0x004042e8
                                                                                                                              0x004042ed
                                                                                                                              0x004042f1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004042f3
                                                                                                                              0x004042f5
                                                                                                                              0x004042fc
                                                                                                                              0x00000000
                                                                                                                              0x004042fe
                                                                                                                              0x00404302
                                                                                                                              0x00404307
                                                                                                                              0x00404308
                                                                                                                              0x00404309
                                                                                                                              0x0040430e
                                                                                                                              0x00404312
                                                                                                                              0x0040431c
                                                                                                                              0x00404321
                                                                                                                              0x00404322
                                                                                                                              0x00000000
                                                                                                                              0x00404322
                                                                                                                              0x00404312
                                                                                                                              0x00000000
                                                                                                                              0x004042fc
                                                                                                                              0x004042e8
                                                                                                                              0x00404287
                                                                                                                              0x00404287
                                                                                                                              0x00404287
                                                                                                                              0x00404287
                                                                                                                              0x0040428b
                                                                                                                              0x0040428e
                                                                                                                              0x004042bc
                                                                                                                              0x004042be
                                                                                                                              0x004042d3
                                                                                                                              0x004042d3
                                                                                                                              0x004042c0
                                                                                                                              0x004042c0
                                                                                                                              0x004042c3
                                                                                                                              0x004042c6
                                                                                                                              0x004042c9
                                                                                                                              0x004042cc
                                                                                                                              0x004042ce
                                                                                                                              0x004042d1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004042d1
                                                                                                                              0x004042d6
                                                                                                                              0x004042d8
                                                                                                                              0x004042da
                                                                                                                              0x004042dd
                                                                                                                              0x0040436d
                                                                                                                              0x00404370
                                                                                                                              0x00404372
                                                                                                                              0x00404374
                                                                                                                              0x00404375
                                                                                                                              0x00404377
                                                                                                                              0x00404328
                                                                                                                              0x00404328
                                                                                                                              0x0040432d
                                                                                                                              0x00404335
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404337
                                                                                                                              0x00404339
                                                                                                                              0x00404340
                                                                                                                              0x00000000
                                                                                                                              0x00404342
                                                                                                                              0x00404344
                                                                                                                              0x00404349
                                                                                                                              0x0040434e
                                                                                                                              0x00404356
                                                                                                                              0x0040435a
                                                                                                                              0x00000000
                                                                                                                              0x0040435a
                                                                                                                              0x00404356
                                                                                                                              0x00000000
                                                                                                                              0x00404340
                                                                                                                              0x00404328
                                                                                                                              0x00404379
                                                                                                                              0x00404379
                                                                                                                              0x00404381
                                                                                                                              0x00404385
                                                                                                                              0x004043bc
                                                                                                                              0x004043bf
                                                                                                                              0x004043c2
                                                                                                                              0x004043c4
                                                                                                                              0x004043ca
                                                                                                                              0x004043cc
                                                                                                                              0x004043cc
                                                                                                                              0x00404387
                                                                                                                              0x00404387
                                                                                                                              0x00404387
                                                                                                                              0x0040438a
                                                                                                                              0x0040438a
                                                                                                                              0x0040438e
                                                                                                                              0x00404392
                                                                                                                              0x004043d4
                                                                                                                              0x004043d7
                                                                                                                              0x004043d9
                                                                                                                              0x004043db
                                                                                                                              0x004043e1
                                                                                                                              0x004043e5
                                                                                                                              0x004043e5
                                                                                                                              0x004043e1
                                                                                                                              0x00404394
                                                                                                                              0x0040439a
                                                                                                                              0x004043ec
                                                                                                                              0x004043f6
                                                                                                                              0x00404424
                                                                                                                              0x0040442a
                                                                                                                              0x0040442f
                                                                                                                              0x00404436
                                                                                                                              0x00404440
                                                                                                                              0x00404446
                                                                                                                              0x0040444d
                                                                                                                              0x00404451
                                                                                                                              0x004043f8
                                                                                                                              0x004043f8
                                                                                                                              0x004043fb
                                                                                                                              0x004043fd
                                                                                                                              0x00404400
                                                                                                                              0x00404403
                                                                                                                              0x00404405
                                                                                                                              0x00404414
                                                                                                                              0x00404419
                                                                                                                              0x0040441c
                                                                                                                              0x00404420
                                                                                                                              0x00404420
                                                                                                                              0x0040439c
                                                                                                                              0x0040439f
                                                                                                                              0x004043a2
                                                                                                                              0x004043aa
                                                                                                                              0x004043af
                                                                                                                              0x004043b6
                                                                                                                              0x004043ba
                                                                                                                              0x004043ba
                                                                                                                              0x00404290
                                                                                                                              0x00404290
                                                                                                                              0x00404292
                                                                                                                              0x00404298
                                                                                                                              0x0040429b
                                                                                                                              0x004042a4
                                                                                                                              0x004042a7
                                                                                                                              0x004042aa
                                                                                                                              0x004042ad
                                                                                                                              0x004042b0
                                                                                                                              0x004042b3
                                                                                                                              0x004042b6
                                                                                                                              0x004042b6
                                                                                                                              0x004042b8
                                                                                                                              0x004042b9
                                                                                                                              0x0040429d
                                                                                                                              0x0040429d
                                                                                                                              0x0040429d
                                                                                                                              0x0040429f
                                                                                                                              0x004042a1
                                                                                                                              0x004042a2
                                                                                                                              0x004042a2
                                                                                                                              0x0040429b
                                                                                                                              0x0040428e

                                                                                                                              APIs
                                                                                                                              • Sleep.KERNEL32(00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA,00000000), ref: 00404302
                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA), ref: 0040431C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3472027048-0
                                                                                                                              • Opcode ID: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
                                                                                                                              • Instruction ID: daf3465a9571387f72e828d046180f4ce70f3b260d456b91f151aa63c4646fa2
                                                                                                                              • Opcode Fuzzy Hash: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
                                                                                                                              • Instruction Fuzzy Hash: AA71E2B17042008BD715DF29CC84B16BBD8AF85715F2482BFE984AB3D2D7B899418789
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004B63A1 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E004B63A1(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				struct HWND__* _t21;
				struct HWND__* _t22;
				struct HWND__* _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t36;
				intOrPtr _t39;
				int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				struct HWND__* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_t72 = __esi;
				_t71 = __edi;
				_t52 = __ebx;
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t17 =  *0x4c1d88; // 0x0
				 *0x4c1d88 = 0;
				E00405CE8(_t17);
				_t21 = E0040E450(0, L"STATIC", 0,  *0x4be634, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x4ba450 = _t21;
				_t22 =  *0x4ba450; // 0xb03e2
				 *0x4c1d80 = SetWindowLongW(_t22, 0xfffffffc, E004AF69C);
				_t25 =  *0x4ba450; // 0xb03e2
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				_t26 =  *0x4c1d90; // 0x4e39b8
				_t4 = _t26 + 0x20; // 0xe64d0
				 *((intOrPtr*)(_t73 - 0x50)) =  *_t4;
				 *((char*)(_t73 - 0x4c)) = 0;
				_t28 =  *0x4c1d90; // 0x4e39b8
				_t7 = _t28 + 0x24; // 0xd7a00
				 *((intOrPtr*)(_t73 - 0x48)) =  *_t7;
				 *((char*)(_t73 - 0x44)) = 0;
				E0041A87C(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x4c1d84);
				_push(0x4b6680);
				E00422BC4(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E004087C4(_t73 - 0x3c, __ebx, 4, __edi, __esi);
				_t36 =  *0x4c1d9c; // 0x0, executed
				E004AF728(_t36, _t52, 0x4ba44c,  *((intOrPtr*)(_t73 - 0x3c)), _t71, _t72, __fp0); // executed
				if( *0x4ba448 != 0xffffffff) {
					_t50 =  *0x4ba448; // 0x0
					E004AF60C(_t50);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E004B6554);
				_t39 =  *0x4c1d88; // 0x0
				_t40 = E00405CE8(_t39);
				if( *0x4c1d9c != 0) {
					_t70 =  *0x4c1d9c; // 0x0
					_t40 = E004AF1B4(0, _t70, 0xfa, 0x32); // executed
				}
				if( *0x4c1d94 != 0) {
					_t47 =  *0x4c1d94; // 0x0
					_t40 = RemoveDirectoryW(E004084EC(_t47)); // executed
				}
				if( *0x4ba450 != 0) {
					_t46 =  *0x4ba450; // 0xb03e2
					_t40 = DestroyWindow(_t46); // executed
				}
				if( *0x4c1d78 != 0) {
					_t41 =  *0x4c1d78; // 0x0
					_t60 =  *0x4c1d7c; // 0x1
					_t69 =  *0x426bb0; // 0x426bb4
					E00408D08(_t41, _t60, _t69);
					_t43 =  *0x4c1d78; // 0x0
					E0040540C(_t43);
					 *0x4c1d78 = 0;
					return 0;
				}
				return _t40;
			}
























                                                                                                                              0x004b63a1
                                                                                                                              0x004b63a1
                                                                                                                              0x004b63a1
                                                                                                                              0x004b63a1
                                                                                                                              0x004b63a3
                                                                                                                              0x004b63a6
                                                                                                                              0x004b63d3
                                                                                                                              0x004b63da
                                                                                                                              0x004b63e0
                                                                                                                              0x004b6407
                                                                                                                              0x004b640c
                                                                                                                              0x004b6418
                                                                                                                              0x004b6423
                                                                                                                              0x004b642c
                                                                                                                              0x004b6431
                                                                                                                              0x004b6434
                                                                                                                              0x004b6438
                                                                                                                              0x004b643d
                                                                                                                              0x004b6440
                                                                                                                              0x004b6443
                                                                                                                              0x004b6447
                                                                                                                              0x004b644c
                                                                                                                              0x004b644f
                                                                                                                              0x004b6452
                                                                                                                              0x004b6463
                                                                                                                              0x004b6468
                                                                                                                              0x004b646b
                                                                                                                              0x004b6471
                                                                                                                              0x004b6479
                                                                                                                              0x004b647e
                                                                                                                              0x004b6489
                                                                                                                              0x004b6496
                                                                                                                              0x004b649b
                                                                                                                              0x004b64a7
                                                                                                                              0x004b64a9
                                                                                                                              0x004b64ae
                                                                                                                              0x004b64ae
                                                                                                                              0x004b64b5
                                                                                                                              0x004b64b8
                                                                                                                              0x004b64bb
                                                                                                                              0x004b64c0
                                                                                                                              0x004b64c5
                                                                                                                              0x004b64d1
                                                                                                                              0x004b64df
                                                                                                                              0x004b64e7
                                                                                                                              0x004b64e7
                                                                                                                              0x004b64f3
                                                                                                                              0x004b64f5
                                                                                                                              0x004b6500
                                                                                                                              0x004b6500
                                                                                                                              0x004b650c
                                                                                                                              0x004b650e
                                                                                                                              0x004b6514
                                                                                                                              0x004b6514
                                                                                                                              0x004b6520
                                                                                                                              0x004b6522
                                                                                                                              0x004b6527
                                                                                                                              0x004b652d
                                                                                                                              0x004b6533
                                                                                                                              0x004b6538
                                                                                                                              0x004b653d
                                                                                                                              0x004b6544
                                                                                                                              0x00000000
                                                                                                                              0x004b6544
                                                                                                                              0x004b6549

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0040E450: CreateWindowExW.USER32 ref: 0040E48F
                                                                                                                              • SetWindowLongW.USER32 ref: 004B641E
                                                                                                                                • Part of subcall function 00422BC4: GetCommandLineW.KERNEL32(00000000,00422C06,?,?,00000000,?,004B647E,004B6680,?), ref: 00422BDA
                                                                                                                                • Part of subcall function 004AF728: CreateProcessW.KERNEL32 ref: 004AF798
                                                                                                                                • Part of subcall function 004AF728: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF82C,00000000,004AF81C,00000000), ref: 004AF7AE
                                                                                                                                • Part of subcall function 004AF728: MsgWaitForMultipleObjects.USER32 ref: 004AF7C7
                                                                                                                                • Part of subcall function 004AF728: GetExitCodeProcess.KERNEL32 ref: 004AF7DB
                                                                                                                                • Part of subcall function 004AF728: CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7E4
                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,004B6554), ref: 004B6500
                                                                                                                              • DestroyWindow.USER32(000B03E2,004B6554), ref: 004B6514
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                                              • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                              • API String ID: 3586484885-3001827809
                                                                                                                              • Opcode ID: 3c021837c984efc67f9ad3a794955b0d04b23bc85077f6812c73bb0a86195aee
                                                                                                                              • Instruction ID: 04c90e22d0408fd8de4b79ff2beaee59f7a3a861a1d73b16261182ae62401715
                                                                                                                              • Opcode Fuzzy Hash: 3c021837c984efc67f9ad3a794955b0d04b23bc85077f6812c73bb0a86195aee
                                                                                                                              • Instruction Fuzzy Hash: EC416B74A002009FE754EBA9EC85B9A37B4EB85308F11453BE0059B2B6CB7CA851CB5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004AF728 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E004AF728(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x4af7ff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x4af81c);
				_push(__eax);
				_push(0x4af82c);
				_push(__edx);
				E004087C4( &_v8, __eax, 4, __ecx, __edx);
				E00405884( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E004084EC(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t58 = _t23;
				if(_t23 == 0) {
					E004AF34C(0x83, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E004AF6FC();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0x4ff) == 1);
				E004AF6FC();
				GetExitCodeProcess(_v92, _t51); // executed
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x4af806);
				return E00407A20( &_v8);
			}











                                                                                                                              0x004af733
                                                                                                                              0x004af736
                                                                                                                              0x004af738
                                                                                                                              0x004af73a
                                                                                                                              0x004af73e
                                                                                                                              0x004af73f
                                                                                                                              0x004af744
                                                                                                                              0x004af747
                                                                                                                              0x004af74a
                                                                                                                              0x004af74f
                                                                                                                              0x004af750
                                                                                                                              0x004af755
                                                                                                                              0x004af75e
                                                                                                                              0x004af76d
                                                                                                                              0x004af772
                                                                                                                              0x004af798
                                                                                                                              0x004af79d
                                                                                                                              0x004af79f
                                                                                                                              0x004af7a5
                                                                                                                              0x004af7a5
                                                                                                                              0x004af7ae
                                                                                                                              0x004af7b3
                                                                                                                              0x004af7b3
                                                                                                                              0x004af7cc
                                                                                                                              0x004af7d1
                                                                                                                              0x004af7db
                                                                                                                              0x004af7e4
                                                                                                                              0x004af7eb
                                                                                                                              0x004af7ee
                                                                                                                              0x004af7f1
                                                                                                                              0x004af7fe

                                                                                                                              APIs
                                                                                                                              • CreateProcessW.KERNEL32 ref: 004AF798
                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF82C,00000000,004AF81C,00000000), ref: 004AF7AE
                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 004AF7C7
                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 004AF7DB
                                                                                                                              • CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7E4
                                                                                                                                • Part of subcall function 004AF34C: GetLastError.KERNEL32(00000000,004AF3F5,?,?,00000000), ref: 004AF36F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                                              • String ID: D
                                                                                                                              • API String ID: 3356880605-2746444292
                                                                                                                              • Opcode ID: ad1163668f60b09aa263e635df1463f1e4b37e8a5aa9c4cbf2e159c77cef0046
                                                                                                                              • Instruction ID: 88989adc3f1fa39a5a5eb6990527994e2deb527bcdcae90bffb7d35c0d41af56
                                                                                                                              • Opcode Fuzzy Hash: ad1163668f60b09aa263e635df1463f1e4b37e8a5aa9c4cbf2e159c77cef0046
                                                                                                                              • Instruction Fuzzy Hash: C01163716041096EEB00FBE68C42F9F77ACDF56714F50053AB604E72C5DA789905866D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004B5A90 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E004B5A90(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x4b5b5a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x4c1124 =  *0x4c1124 - 1;
				if( *0x4c1124 < 0) {
					 *0x4c1128 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x4c112c = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x4c1128 == 0 ||  *0x4c112c == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x4c1130 = _t16;
					E00422D44( &_v12);
					E00422660(_v12,  &_v8);
					E004086E4( &_v8, L"shell32.dll");
					E00421230(_v8, _t27, 0x8000); // executed
					E004232EC(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(0x4b5b61);
				return E00407A80( &_v16, 3);
			}









                                                                                                                              0x004b5a90
                                                                                                                              0x004b5a93
                                                                                                                              0x004b5a95
                                                                                                                              0x004b5a97
                                                                                                                              0x004b5a9b
                                                                                                                              0x004b5a9c
                                                                                                                              0x004b5aa1
                                                                                                                              0x004b5aa4
                                                                                                                              0x004b5aa7
                                                                                                                              0x004b5aae
                                                                                                                              0x004b5ac9
                                                                                                                              0x004b5ae3
                                                                                                                              0x004b5aef
                                                                                                                              0x004b5afa
                                                                                                                              0x004b5afe
                                                                                                                              0x004b5afe
                                                                                                                              0x004b5afe
                                                                                                                              0x004b5b00
                                                                                                                              0x004b5b08
                                                                                                                              0x004b5b13
                                                                                                                              0x004b5b20
                                                                                                                              0x004b5b2d
                                                                                                                              0x004b5b3a
                                                                                                                              0x004b5b3a
                                                                                                                              0x004b5b41
                                                                                                                              0x004b5b44
                                                                                                                              0x004b5b47
                                                                                                                              0x004b5b59

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5ABE
                                                                                                                                • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5AD8
                                                                                                                                • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00000000), ref: 0040E20B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                              • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                              • API String ID: 1646373207-2130885113
                                                                                                                              • Opcode ID: 149d4641e6716bccfc7038b8b83dc43c2c59674e16c2d4af6eff100d23c955b7
                                                                                                                              • Instruction ID: b56c6da1e02aeac4ac36a9fb763b3b3a2bfa4c382daca5c5ea2a5d16c2919690
                                                                                                                              • Opcode Fuzzy Hash: 149d4641e6716bccfc7038b8b83dc43c2c59674e16c2d4af6eff100d23c955b7
                                                                                                                              • Instruction Fuzzy Hash: DA11A730604704AFD744EB76DC02F9DB7B4E749704F64447BF500A6591CABC6A04CA3D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403EE8 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 246 403ee8-403efa 247 403f00-403f10 246->247 248 404148-40414d 246->248 249 403f12-403f1f 247->249 250 403f68-403f71 247->250 251 404260-404263 248->251 252 404153-404164 248->252 253 403f21-403f2e 249->253 254 403f38-403f44 249->254 250->249 255 403f73-403f7f 250->255 258 403c94-403cbd VirtualAlloc 251->258 259 404269-40426b 251->259 256 404166-404182 252->256 257 40410c-404119 252->257 260 403f30-403f34 253->260 261 403f58-403f65 253->261 262 403f46-403f54 254->262 263 403fbc-403fc5 254->263 255->249 265 403f81-403f8d 255->265 266 404190-40419f 256->266 267 404184-40418c 256->267 257->256 264 40411b-404124 257->264 268 403cef-403cf5 258->268 269 403cbf-403cec call 403c48 258->269 276 404000-40400a 263->276 277 403fc7-403fd4 263->277 264->257 270 404126-40413a Sleep 264->270 265->249 271 403f8f-403f9b 265->271 274 4041a1-4041b5 266->274 275 4041b8-4041c0 266->275 272 4041ec-404202 267->272 269->268 270->256 282 40413c-404143 Sleep 270->282 271->250 283 403f9d-403fad Sleep 271->283 280 404204-404212 272->280 281 40421b-404227 272->281 274->272 285 4041c2-4041da 275->285 286 4041dc-4041de call 403bcc 275->286 278 40407c-404088 276->278 279 40400c-404037 276->279 277->276 287 403fd6-403fdf 277->287 296 4040b0-4040bf call 403bcc 278->296 297 40408a-40409c 278->297 291 404050-40405e 279->291 292 404039-404047 279->292 280->281 293 404214 280->293 294 404248 281->294 295 404229-40423c 281->295 282->257 283->249 298 403fb3-403fba Sleep 283->298 288 4041e3-4041eb 285->288 286->288 287->277 289 403fe1-403ff5 Sleep 287->289 289->276 299 403ff7-403ffe Sleep 289->299 301 404060-40407a call 403b00 291->301 302 4040cc 291->302 292->291 300 404049 292->300 293->281 303 40424d-40425f 294->303 295->303 304 40423e-404243 call 403b00 295->304 309 4040d1-40410a 296->309 312 4040c1-4040cb 296->312 305 4040a0-4040ae 297->305 306 40409e 297->306 298->250 299->277 300->291 301->309 302->309 304->303 305->309 306->305
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E00403EE8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x4bb059; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403C48();
								_t99 =  *0x4bdb80; // 0x4bdb7c
								 *_t147 = 0x4bdb7c;
								 *0x4bdb80 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x4bdb78 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x4bbaf8 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x4bbaf4;
							if((0xfffffffe << _t132 &  *0x4bbaf4) == 0) {
								_t133 =  *0x4bbaf0; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403BCC(_t125);
								} else {
									_t110 =  *0x4bbaec; // 0x272fec0
									_t109 = _t110 - _t125;
									 *0x4bbaec = _t109;
									 *0x4bbaf0 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x4bbae8 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x4bbb78 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x4bbaf8 + _t142 * 4;
								 *_t80 =  *(0x4bbaf8 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x4bbaf4], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403B00(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x4bbae8 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x4bb990; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x4b7080 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x4bb059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x4bbae8], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x4bbaf4;
							__eflags =  *(__ebx + 1) &  *0x4bbaf4;
							if(( *(__ebx + 1) &  *0x4bbaf4) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x4bbaf0; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403BCC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x4bbae8 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x4bbaec; // 0x272fec0
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x4bbaf0 =  *0x4bbaf0 - __edi;
									 *0x4bbaec = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x4bbaf8 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x4bbb78 + ( *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x4bbaf8 + __eax * 4;
									 *_t38 =  *(0x4bbaf8 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x4bbaf4], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403B00(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x4bbae8 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x272fee0
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}






























                                                                                                                              0x00403ee8
                                                                                                                              0x00403ef4
                                                                                                                              0x00403efa
                                                                                                                              0x00404148
                                                                                                                              0x0040414d
                                                                                                                              0x00404260
                                                                                                                              0x00404261
                                                                                                                              0x00404263
                                                                                                                              0x00403c94
                                                                                                                              0x00403c98
                                                                                                                              0x00403c9a
                                                                                                                              0x00403ca4
                                                                                                                              0x00403cb4
                                                                                                                              0x00403cb9
                                                                                                                              0x00403cbd
                                                                                                                              0x00403cbf
                                                                                                                              0x00403cc1
                                                                                                                              0x00403cc7
                                                                                                                              0x00403cca
                                                                                                                              0x00403ccf
                                                                                                                              0x00403cd4
                                                                                                                              0x00403cda
                                                                                                                              0x00403ce0
                                                                                                                              0x00403ce3
                                                                                                                              0x00403ce5
                                                                                                                              0x00403cec
                                                                                                                              0x00403cec
                                                                                                                              0x00403cf5
                                                                                                                              0x00404269
                                                                                                                              0x00404269
                                                                                                                              0x0040426b
                                                                                                                              0x0040426b
                                                                                                                              0x00404153
                                                                                                                              0x00404153
                                                                                                                              0x0040415f
                                                                                                                              0x00404162
                                                                                                                              0x00404164
                                                                                                                              0x0040410c
                                                                                                                              0x00404111
                                                                                                                              0x00404119
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040411b
                                                                                                                              0x0040411d
                                                                                                                              0x00404124
                                                                                                                              0x00000000
                                                                                                                              0x00404126
                                                                                                                              0x00404128
                                                                                                                              0x00404132
                                                                                                                              0x0040413a
                                                                                                                              0x0040413e
                                                                                                                              0x00000000
                                                                                                                              0x0040413e
                                                                                                                              0x0040413a
                                                                                                                              0x00000000
                                                                                                                              0x00404124
                                                                                                                              0x0040410c
                                                                                                                              0x00404166
                                                                                                                              0x00404166
                                                                                                                              0x00404166
                                                                                                                              0x0040416e
                                                                                                                              0x00404171
                                                                                                                              0x0040417b
                                                                                                                              0x0040417b
                                                                                                                              0x00404182
                                                                                                                              0x00404195
                                                                                                                              0x00404199
                                                                                                                              0x0040419f
                                                                                                                              0x004041b8
                                                                                                                              0x004041be
                                                                                                                              0x004041be
                                                                                                                              0x004041c0
                                                                                                                              0x004041de
                                                                                                                              0x004041c2
                                                                                                                              0x004041c2
                                                                                                                              0x004041c7
                                                                                                                              0x004041c9
                                                                                                                              0x004041ce
                                                                                                                              0x004041d7
                                                                                                                              0x004041d7
                                                                                                                              0x004041e3
                                                                                                                              0x004041eb
                                                                                                                              0x004041a1
                                                                                                                              0x004041a1
                                                                                                                              0x004041ab
                                                                                                                              0x004041b3
                                                                                                                              0x00000000
                                                                                                                              0x004041b3
                                                                                                                              0x00404184
                                                                                                                              0x00404187
                                                                                                                              0x0040418a
                                                                                                                              0x004041ec
                                                                                                                              0x004041ec
                                                                                                                              0x004041ed
                                                                                                                              0x004041ee
                                                                                                                              0x004041f5
                                                                                                                              0x004041f8
                                                                                                                              0x004041fb
                                                                                                                              0x004041fe
                                                                                                                              0x00404200
                                                                                                                              0x00404202
                                                                                                                              0x00404209
                                                                                                                              0x0040420b
                                                                                                                              0x0040420b
                                                                                                                              0x0040420b
                                                                                                                              0x00404212
                                                                                                                              0x00404214
                                                                                                                              0x00404214
                                                                                                                              0x00404212
                                                                                                                              0x00404220
                                                                                                                              0x00404225
                                                                                                                              0x00404225
                                                                                                                              0x00404227
                                                                                                                              0x00404248
                                                                                                                              0x00404248
                                                                                                                              0x00404248
                                                                                                                              0x00404229
                                                                                                                              0x00404229
                                                                                                                              0x0040422f
                                                                                                                              0x00404232
                                                                                                                              0x00404236
                                                                                                                              0x0040423c
                                                                                                                              0x0040423e
                                                                                                                              0x0040423e
                                                                                                                              0x0040423c
                                                                                                                              0x0040424d
                                                                                                                              0x00404250
                                                                                                                              0x00404253
                                                                                                                              0x0040425f
                                                                                                                              0x0040425f
                                                                                                                              0x00404182
                                                                                                                              0x00403f00
                                                                                                                              0x00403f00
                                                                                                                              0x00403f02
                                                                                                                              0x00403f02
                                                                                                                              0x00403f09
                                                                                                                              0x00403f10
                                                                                                                              0x00403f68
                                                                                                                              0x00403f68
                                                                                                                              0x00403f6d
                                                                                                                              0x00403f71
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403f73
                                                                                                                              0x00403f73
                                                                                                                              0x00403f76
                                                                                                                              0x00403f7b
                                                                                                                              0x00403f7f
                                                                                                                              0x00403f81
                                                                                                                              0x00403f81
                                                                                                                              0x00403f84
                                                                                                                              0x00403f89
                                                                                                                              0x00403f8d
                                                                                                                              0x00403f8f
                                                                                                                              0x00403f92
                                                                                                                              0x00403f94
                                                                                                                              0x00403f9b
                                                                                                                              0x00000000
                                                                                                                              0x00403f9d
                                                                                                                              0x00403f9f
                                                                                                                              0x00403fa4
                                                                                                                              0x00403fa9
                                                                                                                              0x00403fad
                                                                                                                              0x00403fb5
                                                                                                                              0x00000000
                                                                                                                              0x00403fb5
                                                                                                                              0x00403fad
                                                                                                                              0x00403f9b
                                                                                                                              0x00403f8d
                                                                                                                              0x00000000
                                                                                                                              0x00403f7f
                                                                                                                              0x00403f68
                                                                                                                              0x00403f12
                                                                                                                              0x00403f12
                                                                                                                              0x00403f15
                                                                                                                              0x00403f18
                                                                                                                              0x00403f1d
                                                                                                                              0x00403f1f
                                                                                                                              0x00403f38
                                                                                                                              0x00403f3b
                                                                                                                              0x00403f3f
                                                                                                                              0x00403f41
                                                                                                                              0x00403f44
                                                                                                                              0x00403fbc
                                                                                                                              0x00403fbd
                                                                                                                              0x00403fbe
                                                                                                                              0x00403fc5
                                                                                                                              0x00403fc7
                                                                                                                              0x00403fc7
                                                                                                                              0x00403fcc
                                                                                                                              0x00403fd4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403fd6
                                                                                                                              0x00403fd8
                                                                                                                              0x00403fdf
                                                                                                                              0x00000000
                                                                                                                              0x00403fe1
                                                                                                                              0x00403fe3
                                                                                                                              0x00403fe8
                                                                                                                              0x00403fed
                                                                                                                              0x00403ff5
                                                                                                                              0x00403ff9
                                                                                                                              0x00000000
                                                                                                                              0x00403ff9
                                                                                                                              0x00403ff5
                                                                                                                              0x00000000
                                                                                                                              0x00403fdf
                                                                                                                              0x00403fc7
                                                                                                                              0x00404000
                                                                                                                              0x00404004
                                                                                                                              0x00404004
                                                                                                                              0x0040400a
                                                                                                                              0x0040407c
                                                                                                                              0x00404080
                                                                                                                              0x00404086
                                                                                                                              0x00404088
                                                                                                                              0x004040b0
                                                                                                                              0x004040b4
                                                                                                                              0x004040b6
                                                                                                                              0x004040bb
                                                                                                                              0x004040bd
                                                                                                                              0x004040bf
                                                                                                                              0x00000000
                                                                                                                              0x004040c1
                                                                                                                              0x004040c1
                                                                                                                              0x004040c6
                                                                                                                              0x004040c8
                                                                                                                              0x004040c9
                                                                                                                              0x004040ca
                                                                                                                              0x004040cb
                                                                                                                              0x004040cb
                                                                                                                              0x0040408a
                                                                                                                              0x0040408a
                                                                                                                              0x00404090
                                                                                                                              0x00404094
                                                                                                                              0x0040409a
                                                                                                                              0x0040409c
                                                                                                                              0x0040409e
                                                                                                                              0x0040409e
                                                                                                                              0x004040a0
                                                                                                                              0x004040a2
                                                                                                                              0x004040a8
                                                                                                                              0x00000000
                                                                                                                              0x004040a8
                                                                                                                              0x0040400c
                                                                                                                              0x0040400c
                                                                                                                              0x0040400f
                                                                                                                              0x00404016
                                                                                                                              0x0040401d
                                                                                                                              0x00404020
                                                                                                                              0x00404023
                                                                                                                              0x0040402a
                                                                                                                              0x0040402d
                                                                                                                              0x00404030
                                                                                                                              0x00404033
                                                                                                                              0x00404035
                                                                                                                              0x00404037
                                                                                                                              0x00404039
                                                                                                                              0x0040403e
                                                                                                                              0x00404040
                                                                                                                              0x00404040
                                                                                                                              0x00404040
                                                                                                                              0x00404047
                                                                                                                              0x00404049
                                                                                                                              0x00404049
                                                                                                                              0x00404047
                                                                                                                              0x00404050
                                                                                                                              0x00404055
                                                                                                                              0x00404058
                                                                                                                              0x0040405e
                                                                                                                              0x004040cc
                                                                                                                              0x004040cc
                                                                                                                              0x004040cc
                                                                                                                              0x00404060
                                                                                                                              0x00404060
                                                                                                                              0x00404062
                                                                                                                              0x00404066
                                                                                                                              0x00404068
                                                                                                                              0x0040406b
                                                                                                                              0x0040406e
                                                                                                                              0x00404071
                                                                                                                              0x00404075
                                                                                                                              0x00404075
                                                                                                                              0x004040d1
                                                                                                                              0x004040d1
                                                                                                                              0x004040d1
                                                                                                                              0x004040d4
                                                                                                                              0x004040d7
                                                                                                                              0x004040d9
                                                                                                                              0x004040de
                                                                                                                              0x004040e0
                                                                                                                              0x004040e3
                                                                                                                              0x004040ea
                                                                                                                              0x004040ed
                                                                                                                              0x004040ed
                                                                                                                              0x004040f0
                                                                                                                              0x004040f4
                                                                                                                              0x004040f7
                                                                                                                              0x004040fa
                                                                                                                              0x004040fc
                                                                                                                              0x004040fc
                                                                                                                              0x004040fe
                                                                                                                              0x00404101
                                                                                                                              0x00404104
                                                                                                                              0x00404107
                                                                                                                              0x00404108
                                                                                                                              0x00404109
                                                                                                                              0x0040410a
                                                                                                                              0x0040410a
                                                                                                                              0x00403f46
                                                                                                                              0x00403f46
                                                                                                                              0x00403f46
                                                                                                                              0x00403f46
                                                                                                                              0x00403f4a
                                                                                                                              0x00403f4d
                                                                                                                              0x00403f50
                                                                                                                              0x00403f53
                                                                                                                              0x00403f54
                                                                                                                              0x00403f54
                                                                                                                              0x00403f21
                                                                                                                              0x00403f21
                                                                                                                              0x00403f25
                                                                                                                              0x00403f25
                                                                                                                              0x00403f28
                                                                                                                              0x00403f2b
                                                                                                                              0x00403f2e
                                                                                                                              0x00403f58
                                                                                                                              0x00403f5b
                                                                                                                              0x00403f5e
                                                                                                                              0x00403f61
                                                                                                                              0x00403f64
                                                                                                                              0x00403f65
                                                                                                                              0x00403f30
                                                                                                                              0x00403f30
                                                                                                                              0x00403f33
                                                                                                                              0x00403f34
                                                                                                                              0x00403f34
                                                                                                                              0x00403f2e
                                                                                                                              0x00403f1f

                                                                                                                              APIs
                                                                                                                              • Sleep.KERNEL32(00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403F9F
                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FB5
                                                                                                                              • Sleep.KERNEL32(00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FE3
                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FF9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3472027048-0
                                                                                                                              • Opcode ID: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
                                                                                                                              • Instruction ID: d98b69cfe0522def9def3360e9182a2a8bb24ce33fa39324cc86f3a67812f259
                                                                                                                              • Opcode Fuzzy Hash: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
                                                                                                                              • Instruction Fuzzy Hash: 99C123B2A002018BCB15CF69EC84356BFE4EB89311F1882BFE514AB3D5D7B89941C7D8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004B60E8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165windowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E004B60E8(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t61;
				WCHAR* _t63;
				intOrPtr _t69;
				intOrPtr _t74;
				int _t75;
				intOrPtr _t76;
				intOrPtr _t78;
				struct HWND__* _t81;
				intOrPtr _t82;
				intOrPtr _t86;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t120;
				intOrPtr _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t85 = __ebx;
				_pop(_t101);
				_pop(_t88);
				 *[fs:eax] = _t101;
				E004AF678(_t88);
				if( *0x4ba440 == 0) {
					if(( *0x4c1d71 & 0x00000001) == 0 &&  *0x4ba441 == 0) {
						_t61 =  *0x4ba674; // 0x4c0d0c
						_t4 = _t61 + 0x2f8; // 0x0
						_t63 = E004084EC( *_t4);
						_t88 = _t120 - 0x28;
						_t101 =  *0x4c1c48; // 0x0
						E00426F08(0xc2, _t120 - 0x28, _t101);
						if(MessageBoxW(0, E004084EC( *((intOrPtr*)(_t120 - 0x28))), _t63, 0x24) != 6) {
							 *0x4ba44c = 2;
							E0041F238();
						}
					}
					E004056D0();
					E004AEFE8(_t120 - 0x2c, _t85, _t101, _t118, _t119); // executed
					E00407E00(0x4c1d94,  *((intOrPtr*)(_t120 - 0x2c)));
					_t26 =  *0x4c1d84; // 0x0
					E00422954(_t26, _t88, _t120 - 0x34);
					E004226C8( *((intOrPtr*)(_t120 - 0x34)), _t85, _t120 - 0x30, L".tmp", _t118, _t119);
					_push( *((intOrPtr*)(_t120 - 0x30)));
					_t31 =  *0x4c1d94; // 0x0
					E00422660(_t31, _t120 - 0x38);
					_pop(_t90);
					E0040873C(0x4c1d98, _t90,  *((intOrPtr*)(_t120 - 0x38)));
					_t107 =  *0x4c1d98; // 0x0
					E00407E00(0x4c1d9c, _t107);
					_t37 =  *0x4c1d90; // 0x4e39b8
					_t15 = _t37 + 0x14; // 0xf2201
					_t38 =  *0x4c1d88; // 0x0
					E00423CE8(_t38,  *_t15);
					_push(_t120);
					_push(0x4b63ab);
					_push( *[fs:edx]);
					 *[fs:edx] = _t121;
					 *0x4c1de0 = 0;
					_t42 = E00423D00(1, 0, 1, 0); // executed
					 *0x4c1d8c = _t42;
					_push(_t120);
					_push(0x4b639a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t44 =  *0x4c1d90; // 0x4e39b8
					_t16 = _t44 + 0x18; // 0x310e00
					 *0x4c1de0 = E004053F0( *_t16);
					_t47 =  *0x4c1d90; // 0x4e39b8
					_t17 = _t47 + 0x18; // 0x310e00
					_t86 =  *0x4c1de0; // 0x7fb90010
					E00405884(_t86,  *_t17);
					_push(_t120);
					_push(0x4b62e9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t51 =  *0x424cd8; // 0x424d30
					_t93 =  *0x4c1d88; // 0x0
					_t53 = E00424748(_t93, 1, _t51); // executed
					 *0x4c1de4 = _t53;
					_push(_t120);
					_push(0x4b62d8);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t55 =  *0x4c1d90; // 0x4e39b8
					_t18 = _t55 + 0x18; // 0x310e00
					_t56 =  *0x4c1de4; // 0x239a500
					E00424A24(_t56,  *_t18, _t86);
					_pop(_t114);
					 *[fs:eax] = _t114;
					_push(E004B62DF);
					_t59 =  *0x4c1de4; // 0x239a500
					return E00405CE8(_t59);
				} else {
					_t69 =  *0x4ba674; // 0x4c0d0c
					_t1 = _t69 + 0x1d0; // 0x0
					E004AFA44( *_t1, __ebx, __edi, __esi);
					 *0x4ba44c = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E004B6554);
					_t74 =  *0x4c1d88; // 0x0
					_t75 = E00405CE8(_t74);
					if( *0x4c1d9c != 0) {
						_t117 =  *0x4c1d9c; // 0x0
						_t75 = E004AF1B4(0, _t117, 0xfa, 0x32); // executed
					}
					if( *0x4c1d94 != 0) {
						_t82 =  *0x4c1d94; // 0x0
						_t75 = RemoveDirectoryW(E004084EC(_t82)); // executed
					}
					if( *0x4ba450 != 0) {
						_t81 =  *0x4ba450; // 0xb03e2
						_t75 = DestroyWindow(_t81); // executed
					}
					if( *0x4c1d78 != 0) {
						_t76 =  *0x4c1d78; // 0x0
						_t99 =  *0x4c1d7c; // 0x1
						_t116 =  *0x426bb0; // 0x426bb4
						E00408D08(_t76, _t99, _t116);
						_t78 =  *0x4c1d78; // 0x0
						E0040540C(_t78);
						 *0x4c1d78 = 0;
						return 0;
					}
					return _t75;
				}
			}




































                                                                                                                              0x004b60e8
                                                                                                                              0x004b60e8
                                                                                                                              0x004b60e8
                                                                                                                              0x004b60ea
                                                                                                                              0x004b60ec
                                                                                                                              0x004b60ed
                                                                                                                              0x004b610d
                                                                                                                              0x004b6119
                                                                                                                              0x004b613e
                                                                                                                              0x004b614b
                                                                                                                              0x004b6150
                                                                                                                              0x004b6156
                                                                                                                              0x004b615c
                                                                                                                              0x004b615f
                                                                                                                              0x004b6169
                                                                                                                              0x004b6181
                                                                                                                              0x004b6183
                                                                                                                              0x004b618d
                                                                                                                              0x004b618d
                                                                                                                              0x004b6181
                                                                                                                              0x004b6192
                                                                                                                              0x004b619a
                                                                                                                              0x004b61a7
                                                                                                                              0x004b61af
                                                                                                                              0x004b61b4
                                                                                                                              0x004b61c4
                                                                                                                              0x004b61cc
                                                                                                                              0x004b61d0
                                                                                                                              0x004b61d5
                                                                                                                              0x004b61e2
                                                                                                                              0x004b61e3
                                                                                                                              0x004b61ed
                                                                                                                              0x004b61f3
                                                                                                                              0x004b61f8
                                                                                                                              0x004b61fd
                                                                                                                              0x004b6200
                                                                                                                              0x004b6205
                                                                                                                              0x004b620c
                                                                                                                              0x004b620d
                                                                                                                              0x004b6212
                                                                                                                              0x004b6215
                                                                                                                              0x004b621a
                                                                                                                              0x004b6232
                                                                                                                              0x004b6237
                                                                                                                              0x004b623e
                                                                                                                              0x004b623f
                                                                                                                              0x004b6244
                                                                                                                              0x004b6247
                                                                                                                              0x004b624a
                                                                                                                              0x004b624f
                                                                                                                              0x004b6257
                                                                                                                              0x004b625c
                                                                                                                              0x004b6261
                                                                                                                              0x004b6264
                                                                                                                              0x004b626e
                                                                                                                              0x004b6275
                                                                                                                              0x004b6276
                                                                                                                              0x004b627b
                                                                                                                              0x004b627e
                                                                                                                              0x004b6281
                                                                                                                              0x004b6287
                                                                                                                              0x004b6294
                                                                                                                              0x004b6299
                                                                                                                              0x004b62a0
                                                                                                                              0x004b62a1
                                                                                                                              0x004b62a6
                                                                                                                              0x004b62a9
                                                                                                                              0x004b62ac
                                                                                                                              0x004b62b1
                                                                                                                              0x004b62b6
                                                                                                                              0x004b62bb
                                                                                                                              0x004b62c2
                                                                                                                              0x004b62c5
                                                                                                                              0x004b62c8
                                                                                                                              0x004b62cd
                                                                                                                              0x004b62d7
                                                                                                                              0x004b611b
                                                                                                                              0x004b611b
                                                                                                                              0x004b6120
                                                                                                                              0x004b6126
                                                                                                                              0x004b612d
                                                                                                                              0x004b64b5
                                                                                                                              0x004b64b8
                                                                                                                              0x004b64bb
                                                                                                                              0x004b64c0
                                                                                                                              0x004b64c5
                                                                                                                              0x004b64d1
                                                                                                                              0x004b64df
                                                                                                                              0x004b64e7
                                                                                                                              0x004b64e7
                                                                                                                              0x004b64f3
                                                                                                                              0x004b64f5
                                                                                                                              0x004b6500
                                                                                                                              0x004b6500
                                                                                                                              0x004b650c
                                                                                                                              0x004b650e
                                                                                                                              0x004b6514
                                                                                                                              0x004b6514
                                                                                                                              0x004b6520
                                                                                                                              0x004b6522
                                                                                                                              0x004b6527
                                                                                                                              0x004b652d
                                                                                                                              0x004b6533
                                                                                                                              0x004b6538
                                                                                                                              0x004b653d
                                                                                                                              0x004b6544
                                                                                                                              0x00000000
                                                                                                                              0x004b6544
                                                                                                                              0x004b6549
                                                                                                                              0x004b6549

                                                                                                                              APIs
                                                                                                                              • MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 004B6179
                                                                                                                                • Part of subcall function 004AFA44: MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFAAE
                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,004B6554), ref: 004B6500
                                                                                                                              • DestroyWindow.USER32(000B03E2,004B6554), ref: 004B6514
                                                                                                                                • Part of subcall function 004AF1B4: Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1D3
                                                                                                                                • Part of subcall function 004AF1B4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1F6
                                                                                                                                • Part of subcall function 004AF1B4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF200
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLastMessage$DestroyDirectoryRemoveSleepWindow
                                                                                                                              • String ID: .tmp$0MB
                                                                                                                              • API String ID: 3858953238-176122739
                                                                                                                              • Opcode ID: 930ec171da33bb7cb26a68baf49ed61eca7e6ecce176de484762bd5e64518e8e
                                                                                                                              • Instruction ID: b159488041d1577a8b45ed1a1d18f26c00613076fc9a683522f38ff229f2206a
                                                                                                                              • Opcode Fuzzy Hash: 930ec171da33bb7cb26a68baf49ed61eca7e6ecce176de484762bd5e64518e8e
                                                                                                                              • Instruction Fuzzy Hash: AC615A342002009FD755EF69ED86EAA37A5EB4A308F51453AF801976B2DA3CBC51CB6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00407750 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 402 407750-407764 403 407766-407772 call 407630 call 4076b8 402->403 404 407777-40777e 402->404 403->404 406 407780-40778b GetCurrentThreadId 404->406 407 4077a1-4077a5 404->407 406->407 409 40778d-40779c call 407388 call 40768c 406->409 410 4077a7-4077ae 407->410 411 4077c9-4077cd 407->411 409->407 410->411 416 4077b0-4077c7 410->416 412 4077d9-4077dd 411->412 413 4077cf-4077d2 411->413 418 4077fc-407805 call 4073b0 412->418 419 4077df-4077e8 call 4054b4 412->419 413->412 417 4077d4-4077d6 413->417 416->411 417->412 428 407807-40780a 418->428 429 40780c-407811 418->429 419->418 430 4077ea-4077fa call 405ce8 call 4054b4 419->430 428->429 431 40782d-407838 call 407388 428->431 429->431 432 407813-407821 call 40b40c 429->432 430->418 441 40783a 431->441 442 40783d-407841 431->442 432->431 440 407823-407825 432->440 440->431 444 407827-407828 FreeLibrary 440->444 441->442 445 407843-407845 call 40768c 442->445 446 40784a-40784d 442->446 444->431 445->446 447 407866 446->447 448 40784f-407856 446->448 450 407858 448->450 451 40785e-407861 ExitProcess 448->451 450->451
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00407750() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t46);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L8:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L14:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t15 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t15);
								_t31 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L8;
					} else {
						_t20 = E004054B4();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00405CE8(_t44);
							_t23 = E004054B4();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t33();
					} while ( *0x4bb054 != 0);
					L8:
					while(1) {
					}
				}
			}










                                                                                                                              0x00407764
                                                                                                                              0x00407766
                                                                                                                              0x0040776b
                                                                                                                              0x00407772
                                                                                                                              0x00407772
                                                                                                                              0x0040777e
                                                                                                                              0x00407792
                                                                                                                              0x0040779c
                                                                                                                              0x0040779c
                                                                                                                              0x004077a5
                                                                                                                              0x004077c9
                                                                                                                              0x004077cd
                                                                                                                              0x004077d6
                                                                                                                              0x004077d6
                                                                                                                              0x004077dd
                                                                                                                              0x004077fc
                                                                                                                              0x004077fc
                                                                                                                              0x00407805
                                                                                                                              0x0040780c
                                                                                                                              0x00407811
                                                                                                                              0x00407813
                                                                                                                              0x00407818
                                                                                                                              0x0040781b
                                                                                                                              0x0040781b
                                                                                                                              0x0040781e
                                                                                                                              0x00407821
                                                                                                                              0x00407828
                                                                                                                              0x00407828
                                                                                                                              0x00407821
                                                                                                                              0x00407811
                                                                                                                              0x0040782f
                                                                                                                              0x00407838
                                                                                                                              0x0040783a
                                                                                                                              0x0040783a
                                                                                                                              0x00407841
                                                                                                                              0x00407845
                                                                                                                              0x00407845
                                                                                                                              0x0040784d
                                                                                                                              0x00407856
                                                                                                                              0x00407858
                                                                                                                              0x00407858
                                                                                                                              0x00407861
                                                                                                                              0x00407861
                                                                                                                              0x00407873
                                                                                                                              0x00407873
                                                                                                                              0x00407875
                                                                                                                              0x00407876
                                                                                                                              0x00000000
                                                                                                                              0x004077df
                                                                                                                              0x004077df
                                                                                                                              0x004077e4
                                                                                                                              0x004077e8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004077ea
                                                                                                                              0x004077ea
                                                                                                                              0x004077ec
                                                                                                                              0x004077f1
                                                                                                                              0x004077f6
                                                                                                                              0x004077f8
                                                                                                                              0x00000000
                                                                                                                              0x004077ea
                                                                                                                              0x004077b0
                                                                                                                              0x004077b0
                                                                                                                              0x004077b0
                                                                                                                              0x004077b9
                                                                                                                              0x004077be
                                                                                                                              0x004077c0
                                                                                                                              0x00000000
                                                                                                                              0x004077c9
                                                                                                                              0x00000000
                                                                                                                              0x004077c9

                                                                                                                              APIs
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00407780
                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407828
                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407861
                                                                                                                                • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                                                                                • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                                                                                • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                                                                                • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                              • String ID: MZP
                                                                                                                              • API String ID: 3490077880-2889622443
                                                                                                                              • Opcode ID: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
                                                                                                                              • Instruction ID: 4bb8ca2865ae45d0ec72c9e6ca862cba493d08d50c1d65b63798a8296780cd14
                                                                                                                              • Opcode Fuzzy Hash: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
                                                                                                                              • Instruction Fuzzy Hash: 76317220E087415BE721BB7A888875B76E09B45315F14897FE541A33D2D77CB884CB6F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00407748 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 452 407748-407764 453 407766-407772 call 407630 call 4076b8 452->453 454 407777-40777e 452->454 453->454 456 407780-40778b GetCurrentThreadId 454->456 457 4077a1-4077a5 454->457 456->457 459 40778d-40779c call 407388 call 40768c 456->459 460 4077a7-4077ae 457->460 461 4077c9-4077cd 457->461 459->457 460->461 466 4077b0-4077c7 460->466 462 4077d9-4077dd 461->462 463 4077cf-4077d2 461->463 468 4077fc-407805 call 4073b0 462->468 469 4077df-4077e8 call 4054b4 462->469 463->462 467 4077d4-4077d6 463->467 466->461 467->462 478 407807-40780a 468->478 479 40780c-407811 468->479 469->468 480 4077ea-4077fa call 405ce8 call 4054b4 469->480 478->479 481 40782d-407838 call 407388 478->481 479->481 482 407813-407821 call 40b40c 479->482 480->468 491 40783a 481->491 492 40783d-407841 481->492 482->481 490 407823-407825 482->490 490->481 494 407827-407828 FreeLibrary 490->494 491->492 495 407843-407845 call 40768c 492->495 496 40784a-40784d 492->496 494->481 495->496 497 407866 496->497 498 40784f-407856 496->498 500 407858 498->500 501 40785e-407861 ExitProcess 498->501 500->501
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00407748() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t50);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L9:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L15:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t18 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t18);
								_t34 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L9;
					} else {
						_t23 = E004054B4();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00405CE8(_t48);
							_t26 = E004054B4();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t36();
					} while ( *0x4bb054 != 0);
					L9:
					while(1) {
					}
				}
			}











                                                                                                                              0x0040774a
                                                                                                                              0x00407764
                                                                                                                              0x00407766
                                                                                                                              0x0040776b
                                                                                                                              0x00407772
                                                                                                                              0x00407772
                                                                                                                              0x0040777e
                                                                                                                              0x00407792
                                                                                                                              0x0040779c
                                                                                                                              0x0040779c
                                                                                                                              0x004077a5
                                                                                                                              0x004077c9
                                                                                                                              0x004077cd
                                                                                                                              0x004077d6
                                                                                                                              0x004077d6
                                                                                                                              0x004077dd
                                                                                                                              0x004077fc
                                                                                                                              0x004077fc
                                                                                                                              0x00407805
                                                                                                                              0x0040780c
                                                                                                                              0x00407811
                                                                                                                              0x00407813
                                                                                                                              0x00407818
                                                                                                                              0x0040781b
                                                                                                                              0x0040781b
                                                                                                                              0x0040781e
                                                                                                                              0x00407821
                                                                                                                              0x00407828
                                                                                                                              0x00407828
                                                                                                                              0x00407821
                                                                                                                              0x00407811
                                                                                                                              0x0040782f
                                                                                                                              0x00407838
                                                                                                                              0x0040783a
                                                                                                                              0x0040783a
                                                                                                                              0x00407841
                                                                                                                              0x00407845
                                                                                                                              0x00407845
                                                                                                                              0x0040784d
                                                                                                                              0x00407856
                                                                                                                              0x00407858
                                                                                                                              0x00407858
                                                                                                                              0x00407861
                                                                                                                              0x00407861
                                                                                                                              0x00407873
                                                                                                                              0x00407873
                                                                                                                              0x00407875
                                                                                                                              0x00407876
                                                                                                                              0x00000000
                                                                                                                              0x004077df
                                                                                                                              0x004077df
                                                                                                                              0x004077e4
                                                                                                                              0x004077e8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004077ea
                                                                                                                              0x004077ea
                                                                                                                              0x004077ec
                                                                                                                              0x004077f1
                                                                                                                              0x004077f6
                                                                                                                              0x004077f8
                                                                                                                              0x00000000
                                                                                                                              0x004077ea
                                                                                                                              0x004077b0
                                                                                                                              0x004077b0
                                                                                                                              0x004077b0
                                                                                                                              0x004077b9
                                                                                                                              0x004077be
                                                                                                                              0x004077c0
                                                                                                                              0x00000000
                                                                                                                              0x004077c9
                                                                                                                              0x00000000
                                                                                                                              0x004077c9

                                                                                                                              APIs
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00407780
                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407828
                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407861
                                                                                                                                • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                                                                                • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                                                                                • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                                                                                • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                              • String ID: MZP
                                                                                                                              • API String ID: 3490077880-2889622443
                                                                                                                              • Opcode ID: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
                                                                                                                              • Instruction ID: bfc25cbdcfe625b544084418af651039c1e49876b6b13a82c314e6a817d38f33
                                                                                                                              • Opcode Fuzzy Hash: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
                                                                                                                              • Instruction Fuzzy Hash: E3314D20E087419BE721BB7A888935B7BA09B05315F14897FE541A73D2D77CB884CB6F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004B5000 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			E004B5000(void* __ecx, void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;

				_push(_t22);
				_push(0x4b50d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				 *0x4bb98c =  *0x4bb98c - 1;
				if( *0x4bb98c < 0) {
					E00405B74();
					E004051A8();
					SetThreadLocale(0x400); // executed
					E0040A250();
					 *0x4b700c = 2;
					 *0x4bb01c = 0x4036b0;
					 *0x4bb020 = 0x4036b8;
					 *0x4bb05a = 2;
					 *0x4bb060 = E0040CAA4();
					 *0x4bb008 = 0x4095a0;
					E00405BCC(E00405BB0());
					 *0x4bb068 = 0xd7b0;
					 *0x4bb344 = 0xd7b0;
					 *0x4bb620 = 0xd7b0;
					 *0x4bb050 = GetCommandLineW();
					 *0x4bb04c = E00403810();
					 *0x4bb97c = GetACP();
					 *0x4bb980 = 0x4b0;
					 *0x4bb044 = GetCurrentThreadId();
					E0040CAB8();
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x4b50de);
				return 0;
			}





                                                                                                                              0x004b5005
                                                                                                                              0x004b5006
                                                                                                                              0x004b500b
                                                                                                                              0x004b500e
                                                                                                                              0x004b5011
                                                                                                                              0x004b5018
                                                                                                                              0x004b501e
                                                                                                                              0x004b5023
                                                                                                                              0x004b502d
                                                                                                                              0x004b5032
                                                                                                                              0x004b5037
                                                                                                                              0x004b503e
                                                                                                                              0x004b5048
                                                                                                                              0x004b5052
                                                                                                                              0x004b505e
                                                                                                                              0x004b5063
                                                                                                                              0x004b5072
                                                                                                                              0x004b5077
                                                                                                                              0x004b5080
                                                                                                                              0x004b5089
                                                                                                                              0x004b5097
                                                                                                                              0x004b50a1
                                                                                                                              0x004b50ab
                                                                                                                              0x004b50b0
                                                                                                                              0x004b50bf
                                                                                                                              0x004b50c4
                                                                                                                              0x004b50c4
                                                                                                                              0x004b50cb
                                                                                                                              0x004b50ce
                                                                                                                              0x004b50d1
                                                                                                                              0x004b50d6

                                                                                                                              APIs
                                                                                                                              • SetThreadLocale.KERNEL32(00000400,00000000,004B50D7), ref: 004B502D
                                                                                                                                • Part of subcall function 0040A250: InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
                                                                                                                                • Part of subcall function 0040A250: GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
                                                                                                                                • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
                                                                                                                                • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
                                                                                                                                • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
                                                                                                                                • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
                                                                                                                                • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
                                                                                                                                • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4
                                                                                                                                • Part of subcall function 0040CAA4: GetSystemInfo.KERNEL32 ref: 0040CAA8
                                                                                                                              • GetCommandLineW.KERNEL32(00000400,00000000,004B50D7), ref: 004B5092
                                                                                                                                • Part of subcall function 00403810: GetStartupInfoW.KERNEL32 ref: 00403821
                                                                                                                              • GetACP.KERNEL32(00000400,00000000,004B50D7), ref: 004B50A6
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004B50BA
                                                                                                                                • Part of subcall function 0040CAB8: GetVersion.KERNEL32(004B50C9,00000400,00000000,004B50D7), ref: 0040CAB8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2740004594-0
                                                                                                                              • Opcode ID: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
                                                                                                                              • Instruction ID: 4c04e7183c3d5c6504f231a905193e891933426fc174ea8e71756e1f90614aff
                                                                                                                              • Opcode Fuzzy Hash: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
                                                                                                                              • Instruction Fuzzy Hash: 46111CB04047449FE311BF76A8062267BA8EB05309B508A7FE110662E2EBFD15048FEE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004AEFE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E004AEFE8(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4af0e1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E00422D70( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E004AEEC8(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004084EC(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E00426F08(0x3d,  &_v32, _v8);
						_v28 = _v32;
						E00419E18( &_v36, _t54, 0);
						_v24 = _v36;
						E004232EC(_t54,  &_v40);
						_v20 = _v40;
						E00426ED8(0x81, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0041F264(_v16, 1);
						E0040711C();
					}
				}
				E00407E00(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004AF0E8);
				E00407A80( &_v40, 3);
				return E00407A80( &_v16, 3);
			}


















                                                                                                                              0x004aefe8
                                                                                                                              0x004aefe8
                                                                                                                              0x004aefe9
                                                                                                                              0x004aefeb
                                                                                                                              0x004aeff0
                                                                                                                              0x004aeff0
                                                                                                                              0x004aeff2
                                                                                                                              0x004aeff4
                                                                                                                              0x004aeff4
                                                                                                                              0x004aeff7
                                                                                                                              0x004aeff8
                                                                                                                              0x004aeffa
                                                                                                                              0x004aeffc
                                                                                                                              0x004aeffe
                                                                                                                              0x004aefff
                                                                                                                              0x004af004
                                                                                                                              0x004af007
                                                                                                                              0x004af00a
                                                                                                                              0x004af011
                                                                                                                              0x004af019
                                                                                                                              0x004af020
                                                                                                                              0x004af030
                                                                                                                              0x004af037
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004af03e
                                                                                                                              0x004af040
                                                                                                                              0x004af046
                                                                                                                              0x004af056
                                                                                                                              0x004af05e
                                                                                                                              0x004af06a
                                                                                                                              0x004af072
                                                                                                                              0x004af07a
                                                                                                                              0x004af082
                                                                                                                              0x004af091
                                                                                                                              0x004af096
                                                                                                                              0x004af0a0
                                                                                                                              0x004af0a5
                                                                                                                              0x004af0a5
                                                                                                                              0x004af046
                                                                                                                              0x004af0b4
                                                                                                                              0x004af0b9
                                                                                                                              0x004af0bb
                                                                                                                              0x004af0be
                                                                                                                              0x004af0c1
                                                                                                                              0x004af0ce
                                                                                                                              0x004af0e0

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004AF0E1,?,?,?,00000003,00000000,00000000,?,004B619F), ref: 004AF030
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?,00000000,004AF0E1,?,?,?,00000003,00000000,00000000,?,004B619F), ref: 004AF039
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                              • String ID: .tmp
                                                                                                                              • API String ID: 1375471231-2986845003
                                                                                                                              • Opcode ID: b866ae3ac5566b90e4d091c6d0119bd5c5d6e6cd69059738e462e2ab807557f0
                                                                                                                              • Instruction ID: 89b964d67460c442e7c67535b057b8112791baa86db9a38931a927ffd746d2a8
                                                                                                                              • Opcode Fuzzy Hash: b866ae3ac5566b90e4d091c6d0119bd5c5d6e6cd69059738e462e2ab807557f0
                                                                                                                              • Instruction Fuzzy Hash: 3A218735A041089BDB00EBE1C842ADFB3B9EB49304F50447BF800F7381DA386E058BA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 551 40e450-40e4a4 call 405740 CreateWindowExW call 405730
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040E450(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405740();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00405730(_t13);
				return _t24;
			}








                                                                                                                              0x0040e457
                                                                                                                              0x0040e45c
                                                                                                                              0x0040e45e
                                                                                                                              0x0040e48f
                                                                                                                              0x0040e498
                                                                                                                              0x0040e4a4

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateWindow
                                                                                                                              • String ID: InnoSetupLdrWindow$STATIC
                                                                                                                              • API String ID: 716092398-2209255943
                                                                                                                              • Opcode ID: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
                                                                                                                              • Instruction ID: 770f17d29583ffea265d4876c6cd55b491c436ce5e2cc0b006eebdc9bc405b2a
                                                                                                                              • Opcode Fuzzy Hash: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
                                                                                                                              • Instruction Fuzzy Hash: 73F07FB6600118AF9B84DE9EDC85E9B77ECEB4D264B05412ABA08E7201D634ED118BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004AF1B4 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 556 4af1b4-4af1c5 557 4af20e-4af213 556->557 558 4af1c7-4af1c8 556->558 559 4af1ca-4af1cd 558->559 560 4af1da-4af1dd 559->560 561 4af1cf-4af1d8 Sleep 559->561 562 4af1e8-4af1ed call 427154 560->562 563 4af1df-4af1e3 Sleep 560->563 561->562 565 4af1f2-4af1f4 562->565 563->562 565->557 566 4af1f6-4af1fe GetLastError 565->566 566->557 567 4af200-4af208 GetLastError 566->567 567->557 568 4af20a-4af20c 567->568 568->557 568->559
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004AF1B4(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E00427154(_t9, _v8, _t19); // executed
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}










                                                                                                                              0x004af1b4
                                                                                                                              0x004af1bb
                                                                                                                              0x004af1be
                                                                                                                              0x004af1c2
                                                                                                                              0x004af1c5
                                                                                                                              0x004af213
                                                                                                                              0x004af213
                                                                                                                              0x004af213
                                                                                                                              0x004af1c7
                                                                                                                              0x004af1c8
                                                                                                                              0x004af1ca
                                                                                                                              0x004af1ca
                                                                                                                              0x004af1cd
                                                                                                                              0x004af1da
                                                                                                                              0x004af1dd
                                                                                                                              0x004af1e3
                                                                                                                              0x004af1e3
                                                                                                                              0x004af1cf
                                                                                                                              0x004af1d3
                                                                                                                              0x004af1d3
                                                                                                                              0x004af1ed
                                                                                                                              0x004af1f4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004af1f6
                                                                                                                              0x004af1fe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004af200
                                                                                                                              0x004af208
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004af20a
                                                                                                                              0x004af20b
                                                                                                                              0x004af20c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004af20c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1D3
                                                                                                                              • Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1E3
                                                                                                                              • GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1F6
                                                                                                                              • GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF200
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLastSleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1458359878-0
                                                                                                                              • Opcode ID: 132a67e1d44d9774a6928004e5d8cee8820d44842addde93f31c36794548402b
                                                                                                                              • Instruction ID: c6a2870ed3ca6a3ef6dac7de38143878fdab2d33d6efdb0808b7300bb595a527
                                                                                                                              • Opcode Fuzzy Hash: 132a67e1d44d9774a6928004e5d8cee8820d44842addde93f31c36794548402b
                                                                                                                              • Instruction Fuzzy Hash: 0CF02B37B04224A76724A5EBEC46D6FE298DEB33A8710457BFC04D7302C439CC4542A8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041FF94 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E0041FF94(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t33;
				int _t43;
				int _t64;
				intOrPtr _t72;
				intOrPtr _t74;
				signed int* _t77;
				signed int* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffe8;
				_v8 = 0;
				_t77 = __ecx;
				_t79 = __edx;
				_push(_t81);
				_push(0x420094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_v9 = 0;
				E00407E48( &_v8, __eax);
				E00407FB0( &_v8);
				_t33 = GetFileVersionInfoSizeW(E004084EC(_v8),  &_v16); // executed
				_t64 = _t33;
				if(_t64 == 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x42009b);
					return E00407A20( &_v8);
				} else {
					_v20 = E004053F0(_t64);
					_push(_t81);
					_push(0x420077);
					_push( *[fs:edx]);
					 *[fs:edx] = _t83;
					_t43 = GetFileVersionInfoW(E004084EC(_v8), _v16, _t64, _v20); // executed
					if(_t43 != 0 && VerQueryValueW(_v20, 0x4200a8,  &_v24,  &_v28) != 0) {
						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
						_v9 = 1;
					}
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x42007e);
					return E0040540C(_v20);
				}
			}



















                                                                                                                              0x0041ff95
                                                                                                                              0x0041ff97
                                                                                                                              0x0041ff9f
                                                                                                                              0x0041ffa2
                                                                                                                              0x0041ffa4
                                                                                                                              0x0041ffaa
                                                                                                                              0x0041ffab
                                                                                                                              0x0041ffb0
                                                                                                                              0x0041ffb3
                                                                                                                              0x0041ffb6
                                                                                                                              0x0041ffbf
                                                                                                                              0x0041ffc7
                                                                                                                              0x0041ffd9
                                                                                                                              0x0041ffde
                                                                                                                              0x0041ffe2
                                                                                                                              0x00420080
                                                                                                                              0x00420083
                                                                                                                              0x00420086
                                                                                                                              0x00420093
                                                                                                                              0x0041ffe8
                                                                                                                              0x0041ffef
                                                                                                                              0x0041fff4
                                                                                                                              0x0041fff5
                                                                                                                              0x0041fffa
                                                                                                                              0x0041fffd
                                                                                                                              0x00420012
                                                                                                                              0x00420019
                                                                                                                              0x00420041
                                                                                                                              0x0042004a
                                                                                                                              0x0042005b
                                                                                                                              0x0042005d
                                                                                                                              0x0042005d
                                                                                                                              0x00420063
                                                                                                                              0x00420066
                                                                                                                              0x00420069
                                                                                                                              0x00420076
                                                                                                                              0x00420076

                                                                                                                              APIs
                                                                                                                              • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00420094), ref: 0041FFD9
                                                                                                                              • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 00420012
                                                                                                                              • VerQueryValueW.VERSION(?,004200A8,?,?,00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 0042002C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2179348866-0
                                                                                                                              • Opcode ID: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
                                                                                                                              • Instruction ID: 087fa93cc02b824bee97242c1a4c1e6fbe52d07f241be95d6751b2a9bfa32856
                                                                                                                              • Opcode Fuzzy Hash: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
                                                                                                                              • Instruction Fuzzy Hash: 19314771A042199FD710DFA9D941DAFB7F8EB48700B91447AF944E3252D778DD00C765
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B110 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E0040B110(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				E00407B04(_v12);
				_push(_t84);
				_push(0x40b227);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00407A20(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040B22E);
					return E00407A80( &_v28, 6);
				}
				E00407E48( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040AE34(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L00403730();
						E0040A7E4(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040AF60(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x4bdc0c;
							if( *0x4bdc0c == 0) {
								L00403738();
								E0040A7E4(_t46, _t60,  &_v28, _t79, _t81);
								E0040AF60(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040B044(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040AF60(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E004088AC(_v12, _t60, 1,  &_v20);
				goto L7;
			}

















                                                                                                                              0x0040b110
                                                                                                                              0x0040b110
                                                                                                                              0x0040b113
                                                                                                                              0x0040b115
                                                                                                                              0x0040b117
                                                                                                                              0x0040b119
                                                                                                                              0x0040b11b
                                                                                                                              0x0040b11d
                                                                                                                              0x0040b11f
                                                                                                                              0x0040b120
                                                                                                                              0x0040b121
                                                                                                                              0x0040b123
                                                                                                                              0x0040b126
                                                                                                                              0x0040b12c
                                                                                                                              0x0040b134
                                                                                                                              0x0040b13b
                                                                                                                              0x0040b13c
                                                                                                                              0x0040b141
                                                                                                                              0x0040b144
                                                                                                                              0x0040b149
                                                                                                                              0x0040b152
                                                                                                                              0x0040b20c
                                                                                                                              0x0040b20e
                                                                                                                              0x0040b211
                                                                                                                              0x0040b214
                                                                                                                              0x0040b226
                                                                                                                              0x0040b226
                                                                                                                              0x0040b15e
                                                                                                                              0x0040b163
                                                                                                                              0x0040b168
                                                                                                                              0x0040b16d
                                                                                                                              0x0040b16d
                                                                                                                              0x0040b16f
                                                                                                                              0x0040b174
                                                                                                                              0x0040b19b
                                                                                                                              0x0040b1a1
                                                                                                                              0x0040b1aa
                                                                                                                              0x0040b1bb
                                                                                                                              0x0040b1c3
                                                                                                                              0x0040b1d0
                                                                                                                              0x0040b1d5
                                                                                                                              0x0040b1d8
                                                                                                                              0x0040b1da
                                                                                                                              0x0040b1e1
                                                                                                                              0x0040b1e3
                                                                                                                              0x0040b1eb
                                                                                                                              0x0040b1f8
                                                                                                                              0x0040b1f8
                                                                                                                              0x0040b1e1
                                                                                                                              0x0040b1fd
                                                                                                                              0x0040b200
                                                                                                                              0x0040b207
                                                                                                                              0x0040b207
                                                                                                                              0x0040b1ac
                                                                                                                              0x0040b1b4
                                                                                                                              0x0040b1b4
                                                                                                                              0x00000000
                                                                                                                              0x0040b1aa
                                                                                                                              0x0040b176
                                                                                                                              0x0040b196
                                                                                                                              0x0040b197
                                                                                                                              0x0040b199
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b199
                                                                                                                              0x0040b185
                                                                                                                              0x0040b18f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetUserDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1BB
                                                                                                                              • GetSystemDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1E3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DefaultLanguage$SystemUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 384301227-0
                                                                                                                              • Opcode ID: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
                                                                                                                              • Instruction ID: e5bcb09f7540d0846d638ab8db7cc306f2a88a3609992180fc1e837192b0f5a6
                                                                                                                              • Opcode Fuzzy Hash: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
                                                                                                                              • Instruction Fuzzy Hash: B0313070A142499BDB10EBA5C891AAEB7B5EF48304F50857BE400B73D1DB7CAD41CB9E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B234 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E0040B234(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40b2ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00408550( &_v536, _t49);
				_push(_v536);
				E0040858C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040B110(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004084EC(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040B2F5);
				E00407A80( &_v540, 2);
				return E00407A20( &_v8);
			}











                                                                                                                              0x0040b241
                                                                                                                              0x0040b247
                                                                                                                              0x0040b24d
                                                                                                                              0x0040b250
                                                                                                                              0x0040b254
                                                                                                                              0x0040b255
                                                                                                                              0x0040b25a
                                                                                                                              0x0040b25d
                                                                                                                              0x0040b270
                                                                                                                              0x0040b27d
                                                                                                                              0x0040b288
                                                                                                                              0x0040b29a
                                                                                                                              0x0040b2a8
                                                                                                                              0x0040b2a9
                                                                                                                              0x0040b2b2
                                                                                                                              0x0040b2c1
                                                                                                                              0x0040b2c6
                                                                                                                              0x0040b2ca
                                                                                                                              0x0040b2cd
                                                                                                                              0x0040b2d0
                                                                                                                              0x0040b2e0
                                                                                                                              0x0040b2ed

                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileLibraryLoadModuleName
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1159719554-0
                                                                                                                              • Opcode ID: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
                                                                                                                              • Instruction ID: c66d7809fa1512833e1e01641763b0ecb7dd00f0751393a0e64d94d028879d96
                                                                                                                              • Opcode Fuzzy Hash: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
                                                                                                                              • Instruction Fuzzy Hash: 35116070A4421CABDB10EB55CD86BDE77B8DB04304F5144BEE508B32C1DA785F848AA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00427154 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E00427154(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E00427108(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x4271b1);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004084EC(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E004271B8);
					return E00427144( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                                                                              0x00427155
                                                                                                                              0x00427157
                                                                                                                              0x0042716c
                                                                                                                              0x00427177
                                                                                                                              0x00427178
                                                                                                                              0x0042717d
                                                                                                                              0x00427180
                                                                                                                              0x0042718b
                                                                                                                              0x00427190
                                                                                                                              0x00427198
                                                                                                                              0x0042719d
                                                                                                                              0x004271a0
                                                                                                                              0x004271a3
                                                                                                                              0x004271b0
                                                                                                                              0x0042716e
                                                                                                                              0x00427170
                                                                                                                              0x004271c9
                                                                                                                              0x004271c9

                                                                                                                              APIs
                                                                                                                              • DeleteFileW.KERNEL32(00000000,00000000,004271B1,?,0000000D,00000000), ref: 0042718B
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,004271B1,?,0000000D,00000000), ref: 00427193
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2018770650-0
                                                                                                                              • Opcode ID: 6bce5fda464dbdacec63520f594f5bcb5d9fb2b97579abb83185b4526990ec2d
                                                                                                                              • Instruction ID: b2b9a58b343adce66678156e8009272800f6ed28378062f2bcdc1a6b1bb3db77
                                                                                                                              • Opcode Fuzzy Hash: 6bce5fda464dbdacec63520f594f5bcb5d9fb2b97579abb83185b4526990ec2d
                                                                                                                              • Instruction Fuzzy Hash: 7AF0C831B08228ABDB01EFB5AC424AEB7E8DF0971479149BBE804E3341E6395D209698
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421230 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E00421230(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x4212a2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x421284);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004084EC(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x42128b);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                                                                                              0x00421231
                                                                                                                              0x00421233
                                                                                                                              0x00421237
                                                                                                                              0x0042123a
                                                                                                                              0x0042123f
                                                                                                                              0x00421244
                                                                                                                              0x00421245
                                                                                                                              0x0042124a
                                                                                                                              0x0042124d
                                                                                                                              0x00421250
                                                                                                                              0x00421255
                                                                                                                              0x00421256
                                                                                                                              0x0042125b
                                                                                                                              0x0042125e
                                                                                                                              0x00421269
                                                                                                                              0x0042126e
                                                                                                                              0x00421273
                                                                                                                              0x00421276
                                                                                                                              0x00421279
                                                                                                                              0x0042127e
                                                                                                                              0x00421280
                                                                                                                              0x00421283

                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNEL32 ref: 0042123A
                                                                                                                              • LoadLibraryW.KERNEL32(00000000,00000000,00421284,?,00000000,004212A2), ref: 00421269
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLibraryLoadMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2987862817-0
                                                                                                                              • Opcode ID: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
                                                                                                                              • Instruction ID: 4174928c950a8c4d8a753a2a73b5e5f46ee32f9a8ef6f103d2b3a03bcfaff51e
                                                                                                                              • Opcode Fuzzy Hash: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
                                                                                                                              • Instruction Fuzzy Hash: 15F08270A14744BFDB115F779C5282BBAACE709B047A348BAF800F2691E53C48208574
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004052D4 Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004052D4() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x004BBADC;
				while(_t28 != 0x4bbad8) {
					_t2 = _t28 + 4; // 0x4bbad8
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x4b7080;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x4bbad8 = 0x4bbad8;
				 *0x004BBADC = 0x4bbad8;
				_t26 = 0x400;
				_t23 = 0x4bbb78;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x4bbb78
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x4bbaf4 = 0;
				E00405884(0x4bbaf8, 0x80);
				_t18 = 0;
				 *0x4bbaf0 = 0;
				_t31 =  *0x004BDB80;
				while(_t31 != 0x4bdb7c) {
					_t10 = _t31 + 4; // 0x4bdb7c
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x4bdb7c = 0x4bdb7c;
				 *0x004BDB80 = 0x4bdb7c;
				return _t18;
			}











                                                                                                                              0x004052e2
                                                                                                                              0x004052f9
                                                                                                                              0x004052e7
                                                                                                                              0x004052f2
                                                                                                                              0x004052f7
                                                                                                                              0x004052f7
                                                                                                                              0x004052fd
                                                                                                                              0x00405302
                                                                                                                              0x00405307
                                                                                                                              0x00405309
                                                                                                                              0x0040530e
                                                                                                                              0x00405311
                                                                                                                              0x0040531a
                                                                                                                              0x0040531d
                                                                                                                              0x00405320
                                                                                                                              0x00405320
                                                                                                                              0x00405323
                                                                                                                              0x00405325
                                                                                                                              0x00405328
                                                                                                                              0x0040532d
                                                                                                                              0x00405332
                                                                                                                              0x00405332
                                                                                                                              0x00405334
                                                                                                                              0x00405336
                                                                                                                              0x00405336
                                                                                                                              0x00405339
                                                                                                                              0x0040533c
                                                                                                                              0x0040533c
                                                                                                                              0x00405341
                                                                                                                              0x00405352
                                                                                                                              0x00405357
                                                                                                                              0x00405359
                                                                                                                              0x0040535e
                                                                                                                              0x00405375
                                                                                                                              0x00405363
                                                                                                                              0x0040536e
                                                                                                                              0x00405373
                                                                                                                              0x00405373
                                                                                                                              0x00405379
                                                                                                                              0x0040537b
                                                                                                                              0x00405382

                                                                                                                              APIs
                                                                                                                              • VirtualFree.KERNEL32(004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 004052F2
                                                                                                                              • VirtualFree.KERNEL32(004BDB7C,00000000,00008000,004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 0040536E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1263568516-0
                                                                                                                              • Opcode ID: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
                                                                                                                              • Instruction ID: 8dfda0fc8014d777c4f42bdf36328f4fb77b4e1ecbcf9529c7d2d9386e1eba40
                                                                                                                              • Opcode Fuzzy Hash: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
                                                                                                                              • Instruction Fuzzy Hash: A5116D71A046008FC7689F199840B67BBE4EB88754F15C0BFE549EB791D7B8AC018F9C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004232EC Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004232EC(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00407BA8(_t10, _t7, _t17, _t20);
			}








                                                                                                                              0x004232f3
                                                                                                                              0x0042330b
                                                                                                                              0x00423313
                                                                                                                              0x00423317
                                                                                                                              0x00423320
                                                                                                                              0x00423312
                                                                                                                              0x00423312
                                                                                                                              0x00423312
                                                                                                                              0x00000000
                                                                                                                              0x00423322
                                                                                                                              0x00423322
                                                                                                                              0x00423326
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00423326
                                                                                                                              0x00000000
                                                                                                                              0x00423320
                                                                                                                              0x00423339

                                                                                                                              APIs
                                                                                                                              • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,00423C1E,00000000,00423C6F,?,00423E28), ref: 0042330B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FormatMessage
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1306739567-0
                                                                                                                              • Opcode ID: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
                                                                                                                              • Instruction ID: 75fedbff241bec6efc8727d26b236f8c34027f11b3bdd8370f626a5f6d270aaf
                                                                                                                              • Opcode Fuzzy Hash: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
                                                                                                                              • Instruction Fuzzy Hash: 89E0D86075432121F624A9052C03B7B2129A7C0B12FE084367A80DE3D5DEADAF55525E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00422A18 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 31%
                                                                                                                              			E00422A18(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x422a5e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004229AC(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004084EC(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00422A65);
				return E00407A20( &_v8);
			}






                                                                                                                              0x00422a1b
                                                                                                                              0x00422a22
                                                                                                                              0x00422a23
                                                                                                                              0x00422a28
                                                                                                                              0x00422a2b
                                                                                                                              0x00422a33
                                                                                                                              0x00422a41
                                                                                                                              0x00422a4a
                                                                                                                              0x00422a4d
                                                                                                                              0x00422a50
                                                                                                                              0x00422a5d

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,00422A5E,?,?,00000000,?,00422A71,00422DE2,00000000,00422E27,?,?,00000000,00000000), ref: 00422A41
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
                                                                                                                              • Instruction ID: ce0c41168f735205187e46b6c3e9294348714fcf51f30dd0002a5427be662740
                                                                                                                              • Opcode Fuzzy Hash: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
                                                                                                                              • Instruction Fuzzy Hash: D7E09231704308BBD721EB76DE9291AB7ECD788700BA14876B500E7682E6B86E108418
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00423DA8 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00423DA8(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E004084EC(__edx),  *(0x4b92e0 + (_a8 & 0x000000ff) * 4),  *(0x4b92ec + (_a4 & 0x000000ff) * 4), 0,  *(0x4b92fc + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}




                                                                                                                              0x00423de5
                                                                                                                              0x00423ded

                                                                                                                              APIs
                                                                                                                              • CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00423DE5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 823142352-0
                                                                                                                              • Opcode ID: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
                                                                                                                              • Instruction ID: 37fe8146f2431012b4276926014d9d5fd10bf57e8855788e2bc853c5fce69268
                                                                                                                              • Opcode Fuzzy Hash: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
                                                                                                                              • Instruction Fuzzy Hash: 81E048716441283FD6149ADE7C91F76779C9709754F404563F684D7281C4A59D1086FC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409FA8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00409FA8(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040B234(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}












                                                                                                                              0x00409fb0
                                                                                                                              0x00409fb2
                                                                                                                              0x00409fb6
                                                                                                                              0x00409fc6
                                                                                                                              0x00409fcf
                                                                                                                              0x00409fd4
                                                                                                                              0x00409fd6
                                                                                                                              0x00409fdb
                                                                                                                              0x00409fe0
                                                                                                                              0x00409fe0
                                                                                                                              0x00409fdb
                                                                                                                              0x00409fee

                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 00409FC6
                                                                                                                                • Part of subcall function 0040B234: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
                                                                                                                                • Part of subcall function 0040B234: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileModuleName$LibraryLoad
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4113206344-0
                                                                                                                              • Opcode ID: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
                                                                                                                              • Instruction ID: 1beb63cefa55d3dba2b36e2095187d50c135a0cf4330adb642bee8d6847d8901
                                                                                                                              • Opcode Fuzzy Hash: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
                                                                                                                              • Instruction Fuzzy Hash: 7BE0C971A013119BCB10DE58C8C5A4A3798AB08754F044AA6AD24DF387D3B5DD1487D5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00423ED8 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00423ED8(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E00423CAC( *_t7);
				}
				return _t4;
			}





                                                                                                                              0x00423ed9
                                                                                                                              0x00423edf
                                                                                                                              0x00423ee6
                                                                                                                              0x00000000
                                                                                                                              0x00423eea
                                                                                                                              0x00423ef0

                                                                                                                              APIs
                                                                                                                              • SetEndOfFile.KERNEL32(?,7FB90010,004B6358,00000000), ref: 00423EDF
                                                                                                                                • Part of subcall function 00423CAC: GetLastError.KERNEL32(004237FC,00423D4F,?,?,00000000,?,004B5F76,00000001,00000000,00000002,00000000,004B659E,?,00000000,004B65E2), ref: 00423CAF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFileLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 734332943-0
                                                                                                                              • Opcode ID: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
                                                                                                                              • Instruction ID: ae15968ab9cd064c61534cde2c099b4aac4a7b80231ae1acb8e6de6fcc6ca8bf
                                                                                                                              • Opcode Fuzzy Hash: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
                                                                                                                              • Instruction Fuzzy Hash: 58C04C61300210478B04EEBBD5C190666E85B582157414466B904DB216E67DD9158615
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040CAA4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040CAA4() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}





                                                                                                                              0x0040caa8
                                                                                                                              0x0040cab4

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InfoSystem
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 31276548-0
                                                                                                                              • Opcode ID: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
                                                                                                                              • Instruction ID: 4f21eec972071caf62eebbeb90550a79e4d7a8082c8b53f17589c9beddeb5e45
                                                                                                                              • Opcode Fuzzy Hash: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
                                                                                                                              • Instruction Fuzzy Hash: CDA012984088002AC404AB194C4340F39C819C1114FC40224745CB62C2E61D866403DB
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403BCC Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00403BCC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E00403B60(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x4bbaf0 = 0;
					return 0;
				} else {
					_t10 =  *0x4bbadc; // 0x4bbad8
					_t14 = _t4;
					 *_t14 = 0x4bbad8;
					 *0x4bbadc = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x4bbaf0 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x4bbaec = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                                                                              0x00403bce
                                                                                                                              0x00403bd0
                                                                                                                              0x00403be3
                                                                                                                              0x00403bea
                                                                                                                              0x00403c3c
                                                                                                                              0x00403c45
                                                                                                                              0x00403bec
                                                                                                                              0x00403bec
                                                                                                                              0x00403bf2
                                                                                                                              0x00403bf4
                                                                                                                              0x00403bfa
                                                                                                                              0x00403bff
                                                                                                                              0x00403c02
                                                                                                                              0x00403c06
                                                                                                                              0x00403c11
                                                                                                                              0x00403c1e
                                                                                                                              0x00403c26
                                                                                                                              0x00403c28
                                                                                                                              0x00403c35
                                                                                                                              0x00403c39
                                                                                                                              0x00403c39

                                                                                                                              APIs
                                                                                                                              • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,004041E3,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000), ref: 00403BE3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4275171209-0
                                                                                                                              • Opcode ID: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
                                                                                                                              • Instruction ID: ee114c9f451a66722181258b66a673b4223530c98f306d9f720d31c7abdd50f3
                                                                                                                              • Opcode Fuzzy Hash: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
                                                                                                                              • Instruction Fuzzy Hash: 71F087F2F002404FE7249F799D40742BAE8E709315B10827EE908EB799E7F488018B88
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403CF6 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E00403CF6(void* __eax) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t26;
				signed int _t29;
				signed int _t30;
				void* _t34;
				intOrPtr _t35;
				signed int _t39;
				void* _t41;
				void* _t42;

				_push(_t29);
				_t42 = _t41 + 0xffffffdc;
				_t34 = __eax - 0x10;
				E00403C48();
				_t13 = _t34;
				 *_t42 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t26 =  *(_t13 + 0xc);
				if((_t26 & 0x00000008) != 0) {
					_t22 = _t34;
					_t39 = _t26 & 0xfffffff0;
					_t30 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t35 = _v44.RegionSize;
						if(_t39 > _t35) {
							_t39 = _t39 - _t35;
							_t22 = _t22 + _t35;
							continue;
						}
						goto L10;
					}
					_t30 = _t30 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t30 = _t29 | 0xffffffff;
					} else {
						_t30 = 0;
					}
				}
				L10:
				if(_t30 == 0) {
					 *_v48 =  *_t42;
					 *( *_t42 + 4) = _v48;
				}
				 *0x4bdb78 = 0;
				return _t30;
			}
















                                                                                                                              0x00403cfa
                                                                                                                              0x00403cfc
                                                                                                                              0x00403d01
                                                                                                                              0x00403d04
                                                                                                                              0x00403d09
                                                                                                                              0x00403d0d
                                                                                                                              0x00403d13
                                                                                                                              0x00403d17
                                                                                                                              0x00403d1d
                                                                                                                              0x00403d39
                                                                                                                              0x00403d3d
                                                                                                                              0x00403d40
                                                                                                                              0x00403d42
                                                                                                                              0x00403d4a
                                                                                                                              0x00403d5e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403d65
                                                                                                                              0x00403d6b
                                                                                                                              0x00403d6d
                                                                                                                              0x00403d6f
                                                                                                                              0x00000000
                                                                                                                              0x00403d6f
                                                                                                                              0x00000000
                                                                                                                              0x00403d6b
                                                                                                                              0x00403d60
                                                                                                                              0x00403d1f
                                                                                                                              0x00403d27
                                                                                                                              0x00403d2e
                                                                                                                              0x00403d34
                                                                                                                              0x00403d30
                                                                                                                              0x00403d30
                                                                                                                              0x00403d30
                                                                                                                              0x00403d2e
                                                                                                                              0x00403d73
                                                                                                                              0x00403d75
                                                                                                                              0x00403d7e
                                                                                                                              0x00403d87
                                                                                                                              0x00403d87
                                                                                                                              0x00403d8a
                                                                                                                              0x00403d9a

                                                                                                                              APIs
                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00403D27
                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00403D4A
                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00403D57
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Virtual$Free$Query
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 778034434-0
                                                                                                                              • Opcode ID: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
                                                                                                                              • Instruction ID: 6789628300bf7aa479fe1b8b627d7daf3441881ad106b622f2e79b23e4dc796b
                                                                                                                              • Opcode Fuzzy Hash: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
                                                                                                                              • Instruction Fuzzy Hash: C5F06D353046005FD311DF1AC844B17BBE9EFC5711F15C67AE888973A1E635DD018796
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 0040A928 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E0040A928(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040A904(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040A904(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040A34C( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040A904(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040A34C(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040A34C( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040A34C(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040A34C(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                                                                              0x0040a934
                                                                                                                              0x0040a937
                                                                                                                              0x0040a93d
                                                                                                                              0x0040a94a
                                                                                                                              0x0040a94e
                                                                                                                              0x0040a98d
                                                                                                                              0x0040a994
                                                                                                                              0x0040a9d4
                                                                                                                              0x00000000
                                                                                                                              0x0040a996
                                                                                                                              0x0040a99e
                                                                                                                              0x0040a9af
                                                                                                                              0x0040a9b5
                                                                                                                              0x0040a9bb
                                                                                                                              0x0040a9c3
                                                                                                                              0x0040a9c9
                                                                                                                              0x0040a9d7
                                                                                                                              0x0040a9d9
                                                                                                                              0x0040a9dc
                                                                                                                              0x0040a9de
                                                                                                                              0x0040a9e0
                                                                                                                              0x0040a9e0
                                                                                                                              0x0040a9e3
                                                                                                                              0x0040a9eb
                                                                                                                              0x0040a9fc
                                                                                                                              0x0040aac3
                                                                                                                              0x0040aa0e
                                                                                                                              0x0040aa12
                                                                                                                              0x0040aa14
                                                                                                                              0x0040aa16
                                                                                                                              0x0040aa18
                                                                                                                              0x0040aa18
                                                                                                                              0x0040aa23
                                                                                                                              0x0040aa33
                                                                                                                              0x0040aa37
                                                                                                                              0x0040aa39
                                                                                                                              0x0040aa3b
                                                                                                                              0x0040aa3d
                                                                                                                              0x0040aa3d
                                                                                                                              0x0040aa43
                                                                                                                              0x0040aa5b
                                                                                                                              0x0040aa62
                                                                                                                              0x0040aa68
                                                                                                                              0x0040aa84
                                                                                                                              0x0040aa86
                                                                                                                              0x0040aaad
                                                                                                                              0x0040aabf
                                                                                                                              0x0040aac1
                                                                                                                              0x00000000
                                                                                                                              0x0040aac1
                                                                                                                              0x0040aa84
                                                                                                                              0x0040aa62
                                                                                                                              0x00000000
                                                                                                                              0x0040aa23
                                                                                                                              0x0040aad9
                                                                                                                              0x0040aad9
                                                                                                                              0x0040a9eb
                                                                                                                              0x0040a9c9
                                                                                                                              0x0040a9b5
                                                                                                                              0x0040a99e
                                                                                                                              0x0040a950
                                                                                                                              0x0040a95b
                                                                                                                              0x0040a95f
                                                                                                                              0x00000000
                                                                                                                              0x0040a961
                                                                                                                              0x0040a961
                                                                                                                              0x0040a96c
                                                                                                                              0x0040a970
                                                                                                                              0x0040a975
                                                                                                                              0x00000000
                                                                                                                              0x0040a977
                                                                                                                              0x0040a983
                                                                                                                              0x0040a983
                                                                                                                              0x0040a975
                                                                                                                              0x0040a95f
                                                                                                                              0x0040aade
                                                                                                                              0x0040aae7

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,004162BC,?,?), ref: 0040A945
                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040A956
                                                                                                                              • FindFirstFileW.KERNEL32(?,?,kernel32.dll,004162BC,?,?), ref: 0040AA56
                                                                                                                              • FindClose.KERNEL32(?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA68
                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA74
                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AAB9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                              • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                              • API String ID: 1930782624-3908791685
                                                                                                                              • Opcode ID: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
                                                                                                                              • Instruction ID: 0568a8f2c4c85ac628058e700237ad117df8c3680498263a44950cac296231c5
                                                                                                                              • Opcode Fuzzy Hash: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
                                                                                                                              • Instruction Fuzzy Hash: 7841A071B003189BCB20DE98CD85A9EB3B5AB44310F1485B69945F72C1EB7CAE51CF4A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004AF110 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E004AF110() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0041FF2C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                                                                                              0x004af11b
                                                                                                                              0x004af178
                                                                                                                              0x004af17c
                                                                                                                              0x004af184
                                                                                                                              0x00000000
                                                                                                                              0x004af186
                                                                                                                              0x004af12d
                                                                                                                              0x004af13f
                                                                                                                              0x004af144
                                                                                                                              0x004af14c
                                                                                                                              0x004af166
                                                                                                                              0x004af172
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004af174
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetCurrentProcess.KERNEL32(00000028), ref: 004AF120
                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004AF126
                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004AF13F
                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF166
                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF16B
                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 004AF17C
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                              • API String ID: 107509674-3733053543
                                                                                                                              • Opcode ID: dbd0b99069aff0d6788c9efc2bbd2c2bb6d4dae2a155ecb9c3cc528dabbfbf9f
                                                                                                                              • Instruction ID: 15d82be9bc359c8987119149698676c325083c88dcd196a4f2f9cd1a299335ef
                                                                                                                              • Opcode Fuzzy Hash: dbd0b99069aff0d6788c9efc2bbd2c2bb6d4dae2a155ecb9c3cc528dabbfbf9f
                                                                                                                              • Instruction Fuzzy Hash: 75F06D70684301B5E610A6F2CD07F6B21C89B56B58FA00D3EBA84E91C2D7BDD81D42BF
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004AF9F0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004AF9F0() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E004AF834();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E004AF834();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E004AF834();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E004AF834();
				}
				return _t12;
			}






                                                                                                                              0x004af9ff
                                                                                                                              0x004afa03
                                                                                                                              0x004afa05
                                                                                                                              0x004afa05
                                                                                                                              0x004afa15
                                                                                                                              0x004afa17
                                                                                                                              0x004afa17
                                                                                                                              0x004afa24
                                                                                                                              0x004afa28
                                                                                                                              0x004afa2a
                                                                                                                              0x004afa2a
                                                                                                                              0x004afa35
                                                                                                                              0x004afa39
                                                                                                                              0x004afa3b
                                                                                                                              0x004afa3b
                                                                                                                              0x004afa43

                                                                                                                              APIs
                                                                                                                              • FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000,004B659E,?,00000000,004B65E2), ref: 004AF9FA
                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000,004B659E), ref: 004AFA0D
                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000), ref: 004AFA1F
                                                                                                                              • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002), ref: 004AFA30
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Resource$FindLoadLockSizeof
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3473537107-0
                                                                                                                              • Opcode ID: 128b44542abe6d6e0e09835f67cf23f4a4e4be27e5836866f54195567a651b81
                                                                                                                              • Instruction ID: 8c15b2061d88d30e204a2d131290402b8da5209396f43898e5d703764eea749b
                                                                                                                              • Opcode Fuzzy Hash: 128b44542abe6d6e0e09835f67cf23f4a4e4be27e5836866f54195567a651b81
                                                                                                                              • Instruction Fuzzy Hash: FCE07E8074634625FA6436F718D7BAE00084B36B4DF40593FFA08A92D2EEAC8C19522E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A4CC Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E0040A4CC(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				short _v182;
				short _v352;
				char _v356;
				char _v360;
				char _v364;
				int _t58;
				signed int _t61;
				intOrPtr _t70;
				signed short _t80;
				void* _t83;
				void* _t85;
				void* _t86;

				_t77 = __edi;
				_push(__edi);
				_v356 = 0;
				_v360 = 0;
				_v364 = 0;
				_v8 = __edx;
				_t80 = __eax;
				_push(_t83);
				_push(0x40a631);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xfffffe98;
				E00407A20(_v8);
				_t85 = _t80 -  *0x4b7a08; // 0x404
				if(_t85 >= 0) {
					_t86 = _t80 -  *0x4b7c08; // 0x7c68
					if(_t86 <= 0) {
						_t77 = 0x40;
						_v12 = 0;
						if(0x40 >= _v12) {
							do {
								_t61 = _t77 + _v12 >> 1;
								if(_t80 >=  *((intOrPtr*)(0x4b7a08 + _t61 * 8))) {
									__eflags = _t80 -  *((intOrPtr*)(0x4b7a08 + _t61 * 8));
									if(__eflags <= 0) {
										E0040A3EC( *((intOrPtr*)(0x4b7a0c + _t61 * 8)), _t61, _v8, _t77, _t80, __eflags);
									} else {
										_v12 = _t61 + 1;
										goto L8;
									}
								} else {
									_t77 = _t61 - 1;
									goto L8;
								}
								goto L9;
								L8:
							} while (_t77 >= _v12);
						}
					}
				}
				L9:
				if( *_v8 == 0 && IsValidLocale(_t80 & 0x0000ffff, 2) != 0) {
					_t58 = _t80 & 0x0000ffff;
					GetLocaleInfoW(_t58, 0x59,  &_v182, 0x55);
					GetLocaleInfoW(_t58, 0x5a,  &_v352, 0x55);
					E0040858C( &_v356, 0x55,  &_v182);
					_push(_v356);
					_push(0x40a64c);
					E0040858C( &_v360, 0x55,  &_v352);
					_push(_v360);
					_push(E0040A65C);
					E0040858C( &_v364, 0x55,  &_v182);
					_push(_v364);
					E004087C4(_v8, _t58, 5, _t77, _t80);
				}
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(E0040A638);
				return E00407A80( &_v364, 3);
			}

















                                                                                                                              0x0040a4cc
                                                                                                                              0x0040a4d7
                                                                                                                              0x0040a4da
                                                                                                                              0x0040a4e0
                                                                                                                              0x0040a4e6
                                                                                                                              0x0040a4ec
                                                                                                                              0x0040a4ef
                                                                                                                              0x0040a4f3
                                                                                                                              0x0040a4f4
                                                                                                                              0x0040a4f9
                                                                                                                              0x0040a4fc
                                                                                                                              0x0040a502
                                                                                                                              0x0040a507
                                                                                                                              0x0040a50e
                                                                                                                              0x0040a510
                                                                                                                              0x0040a517
                                                                                                                              0x0040a519
                                                                                                                              0x0040a520
                                                                                                                              0x0040a526
                                                                                                                              0x0040a528
                                                                                                                              0x0040a52d
                                                                                                                              0x0040a537
                                                                                                                              0x0040a53e
                                                                                                                              0x0040a546
                                                                                                                              0x0040a558
                                                                                                                              0x0040a548
                                                                                                                              0x0040a549
                                                                                                                              0x00000000
                                                                                                                              0x0040a549
                                                                                                                              0x0040a539
                                                                                                                              0x0040a53b
                                                                                                                              0x00000000
                                                                                                                              0x0040a53b
                                                                                                                              0x00000000
                                                                                                                              0x0040a55f
                                                                                                                              0x0040a55f
                                                                                                                              0x0040a528
                                                                                                                              0x0040a526
                                                                                                                              0x0040a517
                                                                                                                              0x0040a564
                                                                                                                              0x0040a56a
                                                                                                                              0x0040a58e
                                                                                                                              0x0040a592
                                                                                                                              0x0040a5a3
                                                                                                                              0x0040a5b9
                                                                                                                              0x0040a5be
                                                                                                                              0x0040a5c4
                                                                                                                              0x0040a5da
                                                                                                                              0x0040a5df
                                                                                                                              0x0040a5e5
                                                                                                                              0x0040a5fb
                                                                                                                              0x0040a600
                                                                                                                              0x0040a60e
                                                                                                                              0x0040a60e
                                                                                                                              0x0040a615
                                                                                                                              0x0040a618
                                                                                                                              0x0040a61b
                                                                                                                              0x0040a630

                                                                                                                              APIs
                                                                                                                              • IsValidLocale.KERNEL32(?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A576
                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A592
                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,0040A631,?,004162BC,?,00000000), ref: 0040A5A3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Locale$Info$Valid
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1826331170-0
                                                                                                                              • Opcode ID: 62325bdbcd9f8bf22caa424e6d98428fadf2f4ef7d6ad95b5286de9b97f55654
                                                                                                                              • Instruction ID: 92a11a0233c3b219485afac9e49f2dea99407596d6f7a83949ef3a6145fdf69e
                                                                                                                              • Opcode Fuzzy Hash: 62325bdbcd9f8bf22caa424e6d98428fadf2f4ef7d6ad95b5286de9b97f55654
                                                                                                                              • Instruction Fuzzy Hash: 3831AE70A00308ABDF20DB64DD81BDEBBB9FB48701F5005BBA508B32D1D6395E90CE1A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A4DC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041A4DC(WCHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				WCHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t46;
				intOrPtr _t48;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceW(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t46 = _v24;
				_t31 = E004095A8(_v28, _t46, _v16, 0);
				_t37 = _a8;
				 *_t37 = _t31;
				 *((intOrPtr*)(_t37 + 4)) = _t46;
				_t48 = _v24;
				_t34 = E004095A8(_v28, _t48, _v20, 0);
				_t38 = _a12;
				 *_t38 = _t34;
				 *((intOrPtr*)(_t38 + 4)) = _t48;
				return _t26;
			}

















                                                                                                                              0x0041a4e3
                                                                                                                              0x0041a4e8
                                                                                                                              0x0041a4ea
                                                                                                                              0x0041a4ea
                                                                                                                              0x0041a4fd
                                                                                                                              0x0041a50c
                                                                                                                              0x0041a50f
                                                                                                                              0x0041a51c
                                                                                                                              0x0041a51f
                                                                                                                              0x0041a524
                                                                                                                              0x0041a527
                                                                                                                              0x0041a529
                                                                                                                              0x0041a536
                                                                                                                              0x0041a539
                                                                                                                              0x0041a53e
                                                                                                                              0x0041a541
                                                                                                                              0x0041a543
                                                                                                                              0x0041a54c

                                                                                                                              APIs
                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 0041A4FD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DiskFreeSpace
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1705453755-0
                                                                                                                              • Opcode ID: 35fab30d3ed47bb79bc7b5801678cd6b626cb6661b26d0a6d4a2aa78d0844cce
                                                                                                                              • Instruction ID: 14c90aad059d6341cd8fbca9d1c94cd423dd62e4f1f0ed92fc39ecac232c4210
                                                                                                                              • Opcode Fuzzy Hash: 35fab30d3ed47bb79bc7b5801678cd6b626cb6661b26d0a6d4a2aa78d0844cce
                                                                                                                              • Instruction Fuzzy Hash: 7711C0B5A01209AFDB04CF9ACD819EFB7F9EFC8304B14C569A505E7255E6319E018B94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E034 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041E034(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				short _v516;
				void* __ebp;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoW(__eax, __edx,  &_v516, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E00407E00(_t10, _t18);
				}
				return E00407BA8(_t10, _t5 - 1,  &_v516, _t19);
			}








                                                                                                                              0x0041e03f
                                                                                                                              0x0041e041
                                                                                                                              0x0041e052
                                                                                                                              0x0041e057
                                                                                                                              0x0041e059
                                                                                                                              0x00000000
                                                                                                                              0x0041e071
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InfoLocale
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2299586839-0
                                                                                                                              • Opcode ID: d1249f9bfb9152180de995f4510b089303b0330b3d36e5e1fa950d916a740853
                                                                                                                              • Instruction ID: c90943d4e22265a1f7ecf9aede9ac9faa011377f579ac525cbc4109061889d1c
                                                                                                                              • Opcode Fuzzy Hash: d1249f9bfb9152180de995f4510b089303b0330b3d36e5e1fa950d916a740853
                                                                                                                              • Instruction Fuzzy Hash: C7E09235B0421427E314A55A9C86AE7725D9B48340F40457FBD05D7382EDB9AE8042E9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E080 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			E0041E080(int __eax, signed int __ecx, int __edx) {
				short _v16;
				signed int _t5;
				signed int _t10;

				_push(__ecx);
				_t10 = __ecx;
				if(GetLocaleInfoW(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t10;
				} else {
					_t5 = _v16 & 0x0000ffff;
				}
				return _t5;
			}






                                                                                                                              0x0041e083
                                                                                                                              0x0041e084
                                                                                                                              0x0041e09a
                                                                                                                              0x0041e0a2
                                                                                                                              0x0041e09c
                                                                                                                              0x0041e09c
                                                                                                                              0x0041e09c
                                                                                                                              0x0041e0a8

                                                                                                                              APIs
                                                                                                                              • GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InfoLocale
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2299586839-0
                                                                                                                              • Opcode ID: c2a2e253f202cad765f8f9b35123567cb33a3e9031303696ff7b3b42dc5ba059
                                                                                                                              • Instruction ID: 961adf842b5e4829a7f1cb68f4be235500f18d0b61d537998bbd462cca006134
                                                                                                                              • Opcode Fuzzy Hash: c2a2e253f202cad765f8f9b35123567cb33a3e9031303696ff7b3b42dc5ba059
                                                                                                                              • Instruction Fuzzy Hash: 45D05EBA31923476E214915B6E85DB75ADCCBC87A2F14483BBE4CC6241D2A4CC46A275
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004AF218 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004AF218(signed int __eax) {
				short _v8;
				signed int _t6;

				_t6 = GetLocaleInfoW(__eax & 0x0000ffff, 0x20001004,  &_v8, 2);
				if(_t6 <= 0) {
					return _t6 | 0xffffffff;
				}
				return _v8;
			}





                                                                                                                              0x004af22e
                                                                                                                              0x004af235
                                                                                                                              0x00000000
                                                                                                                              0x004af23c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,004AF318), ref: 004AF22E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InfoLocale
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2299586839-0
                                                                                                                              • Opcode ID: 91ef75d91c3bf0fbfb4c903f00eadddcc0e9dd42321a82c412adf8826a4a964a
                                                                                                                              • Instruction ID: 3cbbb47bc5e3852376f83ef88ad8e7e21f22c900a58d153b56eed97a123c5839
                                                                                                                              • Opcode Fuzzy Hash: 91ef75d91c3bf0fbfb4c903f00eadddcc0e9dd42321a82c412adf8826a4a964a
                                                                                                                              • Instruction Fuzzy Hash: E8D0A5F55442087DF504C1DA5D82FB673DCD705374F500767F654C52C1D567EE015219
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C3D8 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041C3D8() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear & 0x0000ffff;
			}




                                                                                                                              0x0041c3dc
                                                                                                                              0x0041c3e8

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: LocalTime
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 481472006-0
                                                                                                                              • Opcode ID: 2bbd9f916a85fd19aaf3e135de3c6f6031220cebfdbc254b78c71648618a48a1
                                                                                                                              • Instruction ID: 79eafb11b28f80ce797d6e9fe134e5764476c7cb5db39d72cf417c4d7be8b418
                                                                                                                              • Opcode Fuzzy Hash: 2bbd9f916a85fd19aaf3e135de3c6f6031220cebfdbc254b78c71648618a48a1
                                                                                                                              • Instruction Fuzzy Hash: DAA0122080582011D140331A0C0313530405900620FC40F55BCF8542D1E93D013440D7
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004255DC Relevance: .5, Instructions: 545COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004255DC(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v25;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				char _v64;
				char* _v68;
				void* _v72;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v88;
				char _v89;
				char _v96;
				signed int _v100;
				signed int _v104;
				short* _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char _v136;
				signed int _t370;
				void* _t375;
				signed int _t377;
				signed int _t381;
				signed int _t389;
				signed int _t395;
				signed int _t411;
				intOrPtr _t422;
				signed int _t426;
				signed int _t435;
				void* _t448;
				signed int _t458;
				char _t460;
				signed int _t474;
				char* _t503;
				signed int _t508;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t622;

				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v20 =  *((intOrPtr*)(_v8 + 0x10));
				_v24 = 0;
				_v32 = (1 <<  *(_v8 + 8)) - 1;
				_v36 = (1 <<  *(_v8 + 4)) - 1;
				_v40 =  *_v8;
				_t617 =  *((intOrPtr*)(_v8 + 0x34));
				_t474 =  *(_v8 + 0x44);
				_v44 =  *((intOrPtr*)(_v8 + 0x38));
				_v48 =  *((intOrPtr*)(_v8 + 0x3c));
				_v52 =  *((intOrPtr*)(_v8 + 0x40));
				_v56 =  *((intOrPtr*)(_v8 + 0x48));
				_v60 =  *((intOrPtr*)(_v8 + 0x2c));
				_v64 =  *((intOrPtr*)(_v8 + 0x30));
				_v68 =  *((intOrPtr*)(_v8 + 0x1c));
				_v72 =  *((intOrPtr*)(_v8 + 0xc));
				_t616 =  *((intOrPtr*)(_v8 + 0x28));
				_v128 =  *((intOrPtr*)(_v8 + 0x20));
				_v124 =  *((intOrPtr*)(_v8 + 0x24));
				_v120 = _v12;
				_v136 =  *((intOrPtr*)(_v8 + 0x14));
				_v132 =  *((intOrPtr*)(_v8 + 0x18));
				 *_a4 = 0;
				if(_v56 == 0xffffffff) {
					return 0;
				}
				__eflags = _v72;
				if(_v72 == 0) {
					_v68 =  &_v76;
					_v72 = 1;
					_v76 =  *((intOrPtr*)(_v8 + 0x4c));
				}
				__eflags = _v56 - 0xfffffffe;
				if(_v56 != 0xfffffffe) {
					L12:
					_v108 = _v16 + _v24;
					while(1) {
						__eflags = _v56;
						if(_v56 == 0) {
							break;
						}
						__eflags = _v24 - _a8;
						if(_v24 < _a8) {
							_t458 = _t616 - _t617;
							__eflags = _t458 - _v72;
							if(_t458 >= _v72) {
								_t458 = _t458 + _v72;
								__eflags = _t458;
							}
							_t460 =  *((intOrPtr*)(_v68 + _t458));
							 *((char*)(_v68 + _t616)) = _t460;
							 *_v108 = _t460;
							_v24 = _v24 + 1;
							_v108 = _v108 + 1;
							_t616 = _t616 + 1;
							__eflags = _t616 - _v72;
							if(_t616 == _v72) {
								_t616 = 0;
								__eflags = 0;
							}
							_t116 =  &_v56;
							 *_t116 = _v56 - 1;
							__eflags =  *_t116;
							continue;
						}
						break;
					}
					__eflags = _t616;
					if(_t616 != 0) {
						_v25 =  *((intOrPtr*)(_v68 + _t616 - 1));
					} else {
						_v25 =  *((intOrPtr*)(_v68 + _v72 - 1));
					}
					__eflags = 0;
					_v116 = 0;
					_v112 = 0;
					while(1) {
						L24:
						_v108 = _v16 + _v24;
						__eflags = _v24 - _a8;
						if(_v24 >= _a8) {
							break;
						} else {
							goto L25;
						}
						while(1) {
							L25:
							_v88 = _v24 + _v60 & _v32;
							__eflags = _v116;
							if(_v116 != 0) {
								break;
							}
							__eflags = _v112;
							if(_v112 == 0) {
								_t370 = E00425334((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88,  &_v136);
								__eflags = _t370;
								if(_t370 != 0) {
									_t375 = E00425334(_t474 + _t474 + _v20 + 0x180,  &_v136);
									__eflags = _t375 != 1;
									if(_t375 != 1) {
										_v52 = _v48;
										_v48 = _v44;
										_v44 = _t617;
										__eflags = _t474 - 7;
										if(__eflags >= 0) {
											_t377 = 0xa;
										} else {
											_t377 = 7;
										}
										_t474 = _t377;
										_v56 = E004254E4(_v20 + 0x664, _v88,  &_v136, __eflags);
										_t503 =  &_v136;
										__eflags = _v56 - 4;
										if(_v56 >= 4) {
											_t381 = 3;
										} else {
											_t381 = _v56;
										}
										_v100 = E004253BC((_t381 << 6) + (_t381 << 6) + _v20 + 0x360, _t503, 6);
										__eflags = _v100 - 4;
										if(_v100 < 4) {
											_t618 = _v100;
										} else {
											_v104 = (_v100 >> 1) - 1;
											_t524 = _v104;
											_t622 = (_v100 & 0x00000001 | 0x00000002) << _v104;
											__eflags = _v100 - 0xe;
											if(_v100 >= 0xe) {
												_t395 = E004252D4( &_v136, _t524, _v104 + 0xfffffffc);
												_t618 = _t622 + (_t395 << 4) + E00425400(_v20 + 0x644,  &_v136, 4);
											} else {
												_t618 = _t622 + E00425400(_t622 + _t622 + _v20 + 0x560 - _v100 + _v100 + 0xfffffffe,  &_v136, _v104);
											}
										}
										_t617 = _t618 + 1;
										__eflags = _t617;
										if(_t617 != 0) {
											L82:
											_v56 = _v56 + 2;
											__eflags = _t617 - _v64;
											if(_t617 <= _v64) {
												__eflags = _v72 - _v64 - _v56;
												if(_v72 - _v64 <= _v56) {
													_v64 = _v72;
												} else {
													_v64 = _v64 + _v56;
												}
												while(1) {
													_t389 = _t616 - _t617;
													__eflags = _t389 - _v72;
													if(_t389 >= _v72) {
														_t389 = _t389 + _v72;
														__eflags = _t389;
													}
													_v25 =  *((intOrPtr*)(_v68 + _t389));
													 *((char*)(_v68 + _t616)) = _v25;
													_t616 = _t616 + 1;
													__eflags = _t616 - _v72;
													if(_t616 == _v72) {
														_t616 = 0;
														__eflags = 0;
													}
													_v56 = _v56 - 1;
													 *_v108 = _v25;
													_v24 = _v24 + 1;
													_v108 = _v108 + 1;
													__eflags = _v56;
													if(_v56 == 0) {
														break;
													}
													__eflags = _v24 - _a8;
													if(_v24 < _a8) {
														continue;
													}
													break;
												}
												L93:
												__eflags = _v24 - _a8;
												if(_v24 < _a8) {
													continue;
												}
												goto L94;
											}
											return 1;
										} else {
											_v56 = 0xffffffff;
											goto L94;
										}
									}
									_t411 = E00425334(_t474 + _t474 + _v20 + 0x198,  &_v136);
									__eflags = _t411;
									if(_t411 != 0) {
										__eflags = E00425334(_t474 + _t474 + _v20 + 0x1b0,  &_v136);
										if(__eflags != 0) {
											__eflags = E00425334(_t474 + _t474 + _v20 + 0x1c8,  &_v136);
											if(__eflags != 0) {
												_t422 = _v52;
												_v52 = _v48;
											} else {
												_t422 = _v48;
											}
											_v48 = _v44;
										} else {
											_t422 = _v44;
										}
										_v44 = _t617;
										_t617 = _t422;
										L65:
										_v56 = E004254E4(_v20 + 0xa68, _v88,  &_v136, __eflags);
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t426 = 0xb;
										} else {
											_t426 = 8;
										}
										_t474 = _t426;
										goto L82;
									}
									__eflags = E00425334((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88 + 0x1e0,  &_v136);
									if(__eflags != 0) {
										goto L65;
									}
									__eflags = _v64;
									if(_v64 != 0) {
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t508 = 0xb;
										} else {
											_t508 = 9;
										}
										_t474 = _t508;
										_t435 = _t616 - _t617;
										__eflags = _t435 - _v72;
										if(_t435 >= _v72) {
											_t435 = _t435 + _v72;
											__eflags = _t435;
										}
										_v25 =  *((intOrPtr*)(_v68 + _t435));
										 *((char*)(_v68 + _t616)) = _v25;
										_t616 = _t616 + 1;
										__eflags = _t616 - _v72;
										if(_t616 == _v72) {
											_t616 = 0;
											__eflags = 0;
										}
										 *_v108 = _v25;
										_v24 = _v24 + 1;
										__eflags = _v64 - _v72;
										if(_v64 < _v72) {
											_v64 = _v64 + 1;
										}
										goto L24;
									}
									return 1;
								}
								_t448 = (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + _v20 + 0xe6c;
								__eflags = _t474 - 7;
								if(__eflags < 0) {
									_v25 = E00425444(_t448,  &_v136, __eflags);
								} else {
									_v96 = _t616 - _t617;
									__eflags = _v96 - _v72;
									if(__eflags >= 0) {
										_t161 =  &_v96;
										 *_t161 = _v96 + _v72;
										__eflags =  *_t161;
									}
									_v89 =  *((intOrPtr*)(_v68 + _v96));
									_v25 = E00425470(_t448, _v89,  &_v136, __eflags);
								}
								 *_v108 = _v25;
								_v24 = _v24 + 1;
								_v108 = _v108 + 1;
								__eflags = _v64 - _v72;
								if(_v64 < _v72) {
									_t180 =  &_v64;
									 *_t180 = _v64 + 1;
									__eflags =  *_t180;
								}
								 *((char*)(_v68 + _t616)) = _v25;
								_t616 = _t616 + 1;
								__eflags = _t616 - _v72;
								if(_t616 == _v72) {
									_t616 = 0;
									__eflags = 0;
								}
								__eflags = _t474 - 4;
								if(_t474 >= 4) {
									__eflags = _t474 - 0xa;
									if(_t474 >= 0xa) {
										_t474 = _t474 - 6;
									} else {
										_t474 = _t474 - 3;
									}
								} else {
									_t474 = 0;
								}
								goto L93;
							}
							return 1;
						}
						return _v116;
					}
					L94:
					 *((intOrPtr*)(_v8 + 0x20)) = _v128;
					 *((intOrPtr*)(_v8 + 0x24)) = _v124;
					 *((intOrPtr*)(_v8 + 0x28)) = _t616;
					 *((intOrPtr*)(_v8 + 0x2c)) = _v60 + _v24;
					 *((intOrPtr*)(_v8 + 0x30)) = _v64;
					 *((intOrPtr*)(_v8 + 0x34)) = _t617;
					 *((intOrPtr*)(_v8 + 0x38)) = _v44;
					 *((intOrPtr*)(_v8 + 0x3c)) = _v48;
					 *((intOrPtr*)(_v8 + 0x40)) = _v52;
					 *(_v8 + 0x44) = _t474;
					 *((intOrPtr*)(_v8 + 0x48)) = _v56;
					 *((char*)(_v8 + 0x4c)) = _v76;
					 *((intOrPtr*)(_v8 + 0x14)) = _v136;
					 *((intOrPtr*)(_v8 + 0x18)) = _v132;
					 *_a4 = _v24;
					__eflags = 0;
					return 0;
				}
				_v80 = (0x300 <<  *(_v8 + 4) + _v40) + 0x736;
				_v84 = 0;
				_v108 = _v20;
				__eflags = _v84 - _v80;
				if(_v84 >= _v80) {
					L7:
					_v52 = 1;
					_v48 = 1;
					_v44 = 1;
					_t617 = 1;
					_v60 = 0;
					_v64 = 0;
					_t474 = 0;
					_t616 = 0;
					 *((char*)(_v68 + _v72 - 1)) = 0;
					E00425294( &_v136);
					__eflags = _v116;
					if(_v116 != 0) {
						return _v116;
					}
					__eflags = _v112;
					if(_v112 == 0) {
						__eflags = 0;
						_v56 = 0;
						goto L12;
					} else {
						return 1;
					}
				} else {
					goto L6;
				}
				do {
					L6:
					 *_v108 = 0x400;
					_v84 = _v84 + 1;
					_v108 = _v108 + 2;
					__eflags = _v84 - _v80;
				} while (_v84 < _v80);
				goto L7;
			}
























































                                                                                                                              0x004255e8
                                                                                                                              0x004255eb
                                                                                                                              0x004255ee
                                                                                                                              0x004255f9
                                                                                                                              0x004255fc
                                                                                                                              0x0042560d
                                                                                                                              0x0042561e
                                                                                                                              0x00425626
                                                                                                                              0x0042562f
                                                                                                                              0x00425635
                                                                                                                              0x0042563b
                                                                                                                              0x00425644
                                                                                                                              0x0042564d
                                                                                                                              0x00425656
                                                                                                                              0x0042565f
                                                                                                                              0x00425668
                                                                                                                              0x00425671
                                                                                                                              0x0042567a
                                                                                                                              0x00425683
                                                                                                                              0x00425689
                                                                                                                              0x00425692
                                                                                                                              0x00425698
                                                                                                                              0x004256a1
                                                                                                                              0x004256af
                                                                                                                              0x004256b5
                                                                                                                              0x004256bb
                                                                                                                              0x00000000
                                                                                                                              0x004256bd
                                                                                                                              0x004256c4
                                                                                                                              0x004256c8
                                                                                                                              0x004256cd
                                                                                                                              0x004256d0
                                                                                                                              0x004256dd
                                                                                                                              0x004256dd
                                                                                                                              0x004256e0
                                                                                                                              0x004256e4
                                                                                                                              0x00425785
                                                                                                                              0x0042578e
                                                                                                                              0x004257c3
                                                                                                                              0x004257c3
                                                                                                                              0x004257c7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004257cc
                                                                                                                              0x004257cf
                                                                                                                              0x00425795
                                                                                                                              0x00425797
                                                                                                                              0x0042579a
                                                                                                                              0x0042579c
                                                                                                                              0x0042579c
                                                                                                                              0x0042579c
                                                                                                                              0x004257a9
                                                                                                                              0x004257aa
                                                                                                                              0x004257b0
                                                                                                                              0x004257b2
                                                                                                                              0x004257b5
                                                                                                                              0x004257b8
                                                                                                                              0x004257b9
                                                                                                                              0x004257bc
                                                                                                                              0x004257be
                                                                                                                              0x004257be
                                                                                                                              0x004257be
                                                                                                                              0x004257c0
                                                                                                                              0x004257c0
                                                                                                                              0x004257c0
                                                                                                                              0x00000000
                                                                                                                              0x004257c0
                                                                                                                              0x00000000
                                                                                                                              0x004257cf
                                                                                                                              0x004257d1
                                                                                                                              0x004257d3
                                                                                                                              0x004257eb
                                                                                                                              0x004257d5
                                                                                                                              0x004257df
                                                                                                                              0x004257df
                                                                                                                              0x004257f0
                                                                                                                              0x004257f2
                                                                                                                              0x004257f5
                                                                                                                              0x004257f8
                                                                                                                              0x004257f8
                                                                                                                              0x00425801
                                                                                                                              0x00425807
                                                                                                                              0x0042580a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00425810
                                                                                                                              0x00425810
                                                                                                                              0x00425819
                                                                                                                              0x0042581c
                                                                                                                              0x00425820
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042582a
                                                                                                                              0x0042582e
                                                                                                                              0x00425851
                                                                                                                              0x00425856
                                                                                                                              0x00425858
                                                                                                                              0x00425931
                                                                                                                              0x00425936
                                                                                                                              0x00425937
                                                                                                                              0x00425a77
                                                                                                                              0x00425a7d
                                                                                                                              0x00425a80
                                                                                                                              0x00425a83
                                                                                                                              0x00425a86
                                                                                                                              0x00425a8f
                                                                                                                              0x00425a88
                                                                                                                              0x00425a88
                                                                                                                              0x00425a88
                                                                                                                              0x00425a94
                                                                                                                              0x00425aac
                                                                                                                              0x00425aaf
                                                                                                                              0x00425ab5
                                                                                                                              0x00425ab9
                                                                                                                              0x00425ac0
                                                                                                                              0x00425abb
                                                                                                                              0x00425abb
                                                                                                                              0x00425abb
                                                                                                                              0x00425adc
                                                                                                                              0x00425adf
                                                                                                                              0x00425ae3
                                                                                                                              0x00425b5c
                                                                                                                              0x00425ae5
                                                                                                                              0x00425aeb
                                                                                                                              0x00425aee
                                                                                                                              0x00425afa
                                                                                                                              0x00425afc
                                                                                                                              0x00425b00
                                                                                                                              0x00425b36
                                                                                                                              0x00425b58
                                                                                                                              0x00425b02
                                                                                                                              0x00425b26
                                                                                                                              0x00425b26
                                                                                                                              0x00425b00
                                                                                                                              0x00425b5f
                                                                                                                              0x00425b5f
                                                                                                                              0x00425b60
                                                                                                                              0x00425b6b
                                                                                                                              0x00425b6b
                                                                                                                              0x00425b6f
                                                                                                                              0x00425b72
                                                                                                                              0x00425b84
                                                                                                                              0x00425b87
                                                                                                                              0x00425b94
                                                                                                                              0x00425b89
                                                                                                                              0x00425b8c
                                                                                                                              0x00425b8c
                                                                                                                              0x00425b97
                                                                                                                              0x00425b99
                                                                                                                              0x00425b9b
                                                                                                                              0x00425b9e
                                                                                                                              0x00425ba0
                                                                                                                              0x00425ba0
                                                                                                                              0x00425ba0
                                                                                                                              0x00425ba9
                                                                                                                              0x00425bb2
                                                                                                                              0x00425bb5
                                                                                                                              0x00425bb6
                                                                                                                              0x00425bb9
                                                                                                                              0x00425bbb
                                                                                                                              0x00425bbb
                                                                                                                              0x00425bbb
                                                                                                                              0x00425bbd
                                                                                                                              0x00425bc6
                                                                                                                              0x00425bc8
                                                                                                                              0x00425bcb
                                                                                                                              0x00425bce
                                                                                                                              0x00425bd2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00425bd7
                                                                                                                              0x00425bda
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00425bda
                                                                                                                              0x00425bdc
                                                                                                                              0x00425bdf
                                                                                                                              0x00425be2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00425be2
                                                                                                                              0x00000000
                                                                                                                              0x00425b62
                                                                                                                              0x00425b62
                                                                                                                              0x00000000
                                                                                                                              0x00425b62
                                                                                                                              0x00425b60
                                                                                                                              0x0042594f
                                                                                                                              0x00425954
                                                                                                                              0x00425956
                                                                                                                              0x00425a06
                                                                                                                              0x00425a08
                                                                                                                              0x00425a26
                                                                                                                              0x00425a28
                                                                                                                              0x00425a2f
                                                                                                                              0x00425a35
                                                                                                                              0x00425a2a
                                                                                                                              0x00425a2a
                                                                                                                              0x00425a2a
                                                                                                                              0x00425a3b
                                                                                                                              0x00425a0a
                                                                                                                              0x00425a0a
                                                                                                                              0x00425a0a
                                                                                                                              0x00425a3e
                                                                                                                              0x00425a41
                                                                                                                              0x00425a43
                                                                                                                              0x00425a59
                                                                                                                              0x00425a5c
                                                                                                                              0x00425a5f
                                                                                                                              0x00425a68
                                                                                                                              0x00425a61
                                                                                                                              0x00425a61
                                                                                                                              0x00425a61
                                                                                                                              0x00425a6d
                                                                                                                              0x00000000
                                                                                                                              0x00425a6d
                                                                                                                              0x0042597d
                                                                                                                              0x0042597f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00425985
                                                                                                                              0x00425989
                                                                                                                              0x00425995
                                                                                                                              0x00425998
                                                                                                                              0x004259a1
                                                                                                                              0x0042599a
                                                                                                                              0x0042599a
                                                                                                                              0x0042599a
                                                                                                                              0x004259a6
                                                                                                                              0x004259aa
                                                                                                                              0x004259ac
                                                                                                                              0x004259af
                                                                                                                              0x004259b1
                                                                                                                              0x004259b1
                                                                                                                              0x004259b1
                                                                                                                              0x004259ba
                                                                                                                              0x004259c3
                                                                                                                              0x004259c6
                                                                                                                              0x004259c7
                                                                                                                              0x004259ca
                                                                                                                              0x004259cc
                                                                                                                              0x004259cc
                                                                                                                              0x004259cc
                                                                                                                              0x004259d4
                                                                                                                              0x004259d6
                                                                                                                              0x004259dc
                                                                                                                              0x004259df
                                                                                                                              0x004259e5
                                                                                                                              0x004259e5
                                                                                                                              0x00000000
                                                                                                                              0x004259df
                                                                                                                              0x00000000
                                                                                                                              0x0042598b
                                                                                                                              0x00425888
                                                                                                                              0x0042588d
                                                                                                                              0x00425890
                                                                                                                              0x004258d1
                                                                                                                              0x00425892
                                                                                                                              0x00425896
                                                                                                                              0x0042589c
                                                                                                                              0x0042589f
                                                                                                                              0x004258a4
                                                                                                                              0x004258a4
                                                                                                                              0x004258a4
                                                                                                                              0x004258a4
                                                                                                                              0x004258b0
                                                                                                                              0x004258c1
                                                                                                                              0x004258c1
                                                                                                                              0x004258da
                                                                                                                              0x004258dc
                                                                                                                              0x004258df
                                                                                                                              0x004258e5
                                                                                                                              0x004258e8
                                                                                                                              0x004258ea
                                                                                                                              0x004258ea
                                                                                                                              0x004258ea
                                                                                                                              0x004258ea
                                                                                                                              0x004258f3
                                                                                                                              0x004258f6
                                                                                                                              0x004258f7
                                                                                                                              0x004258fa
                                                                                                                              0x004258fc
                                                                                                                              0x004258fc
                                                                                                                              0x004258fc
                                                                                                                              0x004258fe
                                                                                                                              0x00425901
                                                                                                                              0x0042590a
                                                                                                                              0x0042590d
                                                                                                                              0x00425917
                                                                                                                              0x0042590f
                                                                                                                              0x0042590f
                                                                                                                              0x0042590f
                                                                                                                              0x00425903
                                                                                                                              0x00425903
                                                                                                                              0x00425903
                                                                                                                              0x00000000
                                                                                                                              0x00425901
                                                                                                                              0x00000000
                                                                                                                              0x00425830
                                                                                                                              0x00000000
                                                                                                                              0x00425822
                                                                                                                              0x00425be8
                                                                                                                              0x00425bee
                                                                                                                              0x00425bf7
                                                                                                                              0x00425bfd
                                                                                                                              0x00425c09
                                                                                                                              0x00425c12
                                                                                                                              0x00425c18
                                                                                                                              0x00425c21
                                                                                                                              0x00425c2a
                                                                                                                              0x00425c33
                                                                                                                              0x00425c39
                                                                                                                              0x00425c42
                                                                                                                              0x00425c4b
                                                                                                                              0x00425c57
                                                                                                                              0x00425c60
                                                                                                                              0x00425c69
                                                                                                                              0x00425c6b
                                                                                                                              0x00000000
                                                                                                                              0x00425c6b
                                                                                                                              0x00425701
                                                                                                                              0x00425704
                                                                                                                              0x0042570c
                                                                                                                              0x00425712
                                                                                                                              0x00425715
                                                                                                                              0x0042572e
                                                                                                                              0x00425735
                                                                                                                              0x00425738
                                                                                                                              0x0042573b
                                                                                                                              0x0042573e
                                                                                                                              0x00425740
                                                                                                                              0x00425745
                                                                                                                              0x00425748
                                                                                                                              0x00425750
                                                                                                                              0x00425752
                                                                                                                              0x0042575d
                                                                                                                              0x00425762
                                                                                                                              0x00425766
                                                                                                                              0x00000000
                                                                                                                              0x00425768
                                                                                                                              0x00425770
                                                                                                                              0x00425774
                                                                                                                              0x00425780
                                                                                                                              0x00425782
                                                                                                                              0x00000000
                                                                                                                              0x00425776
                                                                                                                              0x00000000
                                                                                                                              0x00425776
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00425717
                                                                                                                              0x00425717
                                                                                                                              0x0042571a
                                                                                                                              0x0042571f
                                                                                                                              0x00425722
                                                                                                                              0x00425729
                                                                                                                              0x00425729
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                                              • Instruction ID: 61b87226b6134f121ca287378b5d435c32ef56f555bf4f4916e7d2b2d6d49e77
                                                                                                                              • Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                                              • Instruction Fuzzy Hash: E932E274E00629DFCB14CF99D981AEDBBB2BF88314F64816AD815AB341D734AE42CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004323DC Relevance: .4, Instructions: 408COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004323DC(signed int* __eax, intOrPtr __ecx, signed int __edx) {
				signed int* _v8;
				signed int* _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				unsigned int* _t96;
				unsigned int* _t106;
				signed int* _t108;
				signed int _t109;

				_t109 = __edx;
				_v16 = __ecx;
				_v12 = __eax;
				_t106 =  &_v24;
				_t108 =  &_v28;
				_t96 =  &_v20;
				 *_t96 = __edx + 0xdeadbeef + _v16;
				 *_t106 =  *_t96;
				 *_t108 =  *_t96;
				_v8 = _v12;
				if((_v8 & 0x00000003) != 0) {
					if(__edx <= 0xc) {
						L20:
						if(_t109 > 0xc) {
							L23:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 0x18);
							L24:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 0x10);
							L25:
							 *_t108 =  *_t108 + ((_v8[2] & 0x000000ff) << 8);
							L26:
							 *_t108 =  *_t108 + (_v8[2] & 0x000000ff);
							L27:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 0x18);
							L28:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 0x10);
							L29:
							 *_t106 =  *_t106 + ((_v8[1] & 0x000000ff) << 8);
							L30:
							 *_t106 =  *_t106 + (_v8[1] & 0x000000ff);
							L31:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 0x18);
							L32:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 0x10);
							L33:
							 *_t96 =  *_t96 + ((_v8[0] & 0x000000ff) << 8);
							L34:
							 *_t96 =  *_t96 + ( *_v8 & 0x000000ff);
							L35:
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x0000000e |  *_t106 >> 0x00000012);
							 *_t96 =  *_t96 ^  *_t108;
							 *_t96 =  *_t96 - ( *_t108 << 0x0000000b |  *_t108 >> 0x00000015);
							 *_t106 =  *_t106 ^  *_t96;
							 *_t106 =  *_t106 - ( *_t96 << 0x00000019 |  *_t96 >> 0x00000007);
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x00000010 |  *_t106 >> 0x00000010);
							 *_t96 =  *_t96 ^  *_t108;
							 *_t96 =  *_t96 - ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
							 *_t106 =  *_t106 ^  *_t96;
							 *_t106 =  *_t106 - ( *_t96 << 0x0000000e |  *_t96 >> 0x00000012);
							 *_t108 =  *_t108 ^  *_t106;
							 *_t108 =  *_t108 - ( *_t106 << 0x00000018 |  *_t106 >> 0x00000008);
							return  *_t108;
						}
						switch( *((intOrPtr*)(_t109 * 4 +  &M00432749))) {
							case 0:
								return  *_t108;
							case 1:
								goto L34;
							case 2:
								goto L33;
							case 3:
								goto L32;
							case 4:
								goto L31;
							case 5:
								goto L30;
							case 6:
								goto L29;
							case 7:
								goto L28;
							case 8:
								goto L27;
							case 9:
								goto L26;
							case 0xa:
								goto L25;
							case 0xb:
								goto L24;
							case 0xc:
								goto L23;
						}
					} else {
						goto L19;
					}
					do {
						L19:
						 *_t96 =  *_t96 + ( *_v8 & 0x000000ff) + ((_v8[0] & 0x000000ff) << 8) + ((_v8[0] & 0x000000ff) << 0x10) + ((_v8[0] & 0x000000ff) << 0x18);
						 *_t106 =  *_t106 + (_v8[1] & 0x000000ff) + ((_v8[1] & 0x000000ff) << 8) + ((_v8[1] & 0x000000ff) << 0x10) + ((_v8[1] & 0x000000ff) << 0x18);
						 *_t108 =  *_t108 + (_v8[2] & 0x000000ff) + ((_v8[2] & 0x000000ff) << 8) + ((_v8[2] & 0x000000ff) << 0x10) + ((_v8[2] & 0x000000ff) << 0x18);
						 *_t96 =  *_t96 -  *_t108;
						 *_t96 =  *_t96 ^ ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
						 *_t108 =  *_t108 +  *_t106;
						 *_t106 =  *_t106 -  *_t96;
						 *_t106 =  *_t106 ^ ( *_t96 << 0x00000006 |  *_t96 >> 0x0000001a);
						 *_t96 =  *_t96 +  *_t108;
						 *_t108 =  *_t108 -  *_t106;
						 *_t108 =  *_t108 ^ ( *_t106 << 0x00000008 |  *_t106 >> 0x00000018);
						 *_t106 =  *_t106 +  *_t96;
						 *_t96 =  *_t96 -  *_t108;
						 *_t96 =  *_t96 ^ ( *_t108 << 0x00000010 |  *_t108 >> 0x00000010);
						 *_t108 =  *_t108 +  *_t106;
						 *_t106 =  *_t106 -  *_t96;
						 *_t106 =  *_t106 ^ ( *_t96 << 0x00000013 |  *_t96 >> 0x0000000d);
						 *_t96 =  *_t96 +  *_t108;
						 *_t108 =  *_t108 -  *_t106;
						 *_t108 =  *_t108 ^ ( *_t106 << 0x00000004 |  *_t106 >> 0x0000001c);
						 *_t106 =  *_t106 +  *_t96;
						_t109 = _t109 - 0xc;
						_v8 =  &(_v8[3]);
					} while (_t109 > 0xc);
					goto L20;
				}
				if(__edx <= 0xc) {
					L3:
					if(_t109 > 0xc) {
						goto L35;
					}
					switch( *((intOrPtr*)(_t109 * 4 +  &M004324DD))) {
						case 0:
							return  *_t108;
						case 1:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x000000ff;
							 *__eax =  *__eax + ( *_v8 & 0x000000ff);
							goto L35;
						case 2:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x0000ffff;
							 *__eax =  *__eax + ( *_v8 & 0x0000ffff);
							goto L35;
						case 3:
							_v8 =  *_v8;
							__edx =  *_v8 & 0x00ffffff;
							 *__eax =  *__eax + ( *_v8 & 0x00ffffff);
							goto L35;
						case 4:
							_v8 =  *_v8;
							 *__eax =  *__eax +  *_v8;
							goto L35;
						case 5:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 6:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 7:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							__edx =  *(__edx + 4);
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 8:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx + __edx;
							goto L35;
						case 9:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xa:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xb:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							__edx =  *(__edx + 8);
							 *__ecx =  *__ecx + __edx;
							goto L35;
						case 0xc:
							__edx = _v8;
							 *__eax =  *__eax +  *__edx;
							 *__ebx =  *__ebx +  *(__edx + 4);
							 *__ecx =  *__ecx + __edx;
							goto L35;
					}
				} else {
					goto L2;
				}
				do {
					L2:
					 *_t96 =  *_t96 +  *_v8;
					 *_t106 =  *_t106 + _v8[1];
					 *_t108 =  *_t108 + _v8[2];
					 *_t96 =  *_t96 -  *_t108;
					 *_t96 =  *_t96 ^ ( *_t108 << 0x00000004 |  *_t108 >> 0x0000001c);
					 *_t108 =  *_t108 +  *_t106;
					 *_t106 =  *_t106 -  *_t96;
					 *_t106 =  *_t106 ^ ( *_t96 << 0x00000006 |  *_t96 >> 0x0000001a);
					 *_t96 =  *_t96 +  *_t108;
					 *_t108 =  *_t108 -  *_t106;
					 *_t108 =  *_t108 ^ ( *_t106 << 0x00000008 |  *_t106 >> 0x00000018);
					 *_t106 =  *_t106 +  *_t96;
					 *_t96 =  *_t96 -  *_t108;
					 *_t96 =  *_t96 ^ ( *_t108 << 0x00000010 |  *_t108 >> 0x00000010);
					 *_t108 =  *_t108 +  *_t106;
					 *_t106 =  *_t106 -  *_t96;
					 *_t106 =  *_t106 ^ ( *_t96 << 0x00000013 |  *_t96 >> 0x0000000d);
					 *_t96 =  *_t96 +  *_t108;
					 *_t108 =  *_t108 -  *_t106;
					 *_t108 =  *_t108 ^ ( *_t106 << 0x00000004 |  *_t106 >> 0x0000001c);
					 *_t106 =  *_t106 +  *_t96;
					_t109 = _t109 - 0xc;
					_v8 = _v8 + 0xc;
				} while (_t109 > 0xc);
				goto L3;
			}













                                                                                                                              0x004323dc
                                                                                                                              0x004323e5
                                                                                                                              0x004323e8
                                                                                                                              0x004323eb
                                                                                                                              0x004323ee
                                                                                                                              0x004323f1
                                                                                                                              0x004323ff
                                                                                                                              0x00432403
                                                                                                                              0x00432407
                                                                                                                              0x0043240c
                                                                                                                              0x00432413
                                                                                                                              0x0043261d
                                                                                                                              0x0043273d
                                                                                                                              0x00432740
                                                                                                                              0x00432784
                                                                                                                              0x0043278e
                                                                                                                              0x00432790
                                                                                                                              0x0043279a
                                                                                                                              0x0043279c
                                                                                                                              0x004327a6
                                                                                                                              0x004327a8
                                                                                                                              0x004327af
                                                                                                                              0x004327b1
                                                                                                                              0x004327bb
                                                                                                                              0x004327bd
                                                                                                                              0x004327c7
                                                                                                                              0x004327c9
                                                                                                                              0x004327d3
                                                                                                                              0x004327d5
                                                                                                                              0x004327dc
                                                                                                                              0x004327de
                                                                                                                              0x004327e8
                                                                                                                              0x004327ea
                                                                                                                              0x004327f4
                                                                                                                              0x004327f6
                                                                                                                              0x00432800
                                                                                                                              0x00432802
                                                                                                                              0x00432808
                                                                                                                              0x0043280a
                                                                                                                              0x0043280c
                                                                                                                              0x0043281a
                                                                                                                              0x0043281e
                                                                                                                              0x0043282c
                                                                                                                              0x00432830
                                                                                                                              0x0043283e
                                                                                                                              0x00432842
                                                                                                                              0x00432850
                                                                                                                              0x00432854
                                                                                                                              0x00432862
                                                                                                                              0x00432866
                                                                                                                              0x00432874
                                                                                                                              0x00432878
                                                                                                                              0x00432886
                                                                                                                              0x00000000
                                                                                                                              0x00432888
                                                                                                                              0x00432742
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00432623
                                                                                                                              0x00432623
                                                                                                                              0x0043264d
                                                                                                                              0x0043267a
                                                                                                                              0x004326a7
                                                                                                                              0x004326ab
                                                                                                                              0x004326b9
                                                                                                                              0x004326bd
                                                                                                                              0x004326c1
                                                                                                                              0x004326cf
                                                                                                                              0x004326d3
                                                                                                                              0x004326d7
                                                                                                                              0x004326e5
                                                                                                                              0x004326e9
                                                                                                                              0x004326ed
                                                                                                                              0x004326fb
                                                                                                                              0x004326ff
                                                                                                                              0x00432703
                                                                                                                              0x00432711
                                                                                                                              0x00432715
                                                                                                                              0x00432719
                                                                                                                              0x00432727
                                                                                                                              0x0043272b
                                                                                                                              0x0043272d
                                                                                                                              0x00432730
                                                                                                                              0x00432734
                                                                                                                              0x00000000
                                                                                                                              0x00432623
                                                                                                                              0x0043241c
                                                                                                                              0x004324cd
                                                                                                                              0x004324d0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004324d6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0043251b
                                                                                                                              0x0043251d
                                                                                                                              0x00432523
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0043252d
                                                                                                                              0x0043252f
                                                                                                                              0x00432535
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0043253f
                                                                                                                              0x00432541
                                                                                                                              0x00432547
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00432551
                                                                                                                              0x00432553
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0043255a
                                                                                                                              0x0043255f
                                                                                                                              0x00432561
                                                                                                                              0x0043256a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00432571
                                                                                                                              0x00432576
                                                                                                                              0x00432578
                                                                                                                              0x00432581
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00432588
                                                                                                                              0x0043258d
                                                                                                                              0x0043258f
                                                                                                                              0x00432598
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0043259f
                                                                                                                              0x004325a4
                                                                                                                              0x004325a9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004325b0
                                                                                                                              0x004325b5
                                                                                                                              0x004325ba
                                                                                                                              0x004325bc
                                                                                                                              0x004325c5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004325cc
                                                                                                                              0x004325d1
                                                                                                                              0x004325d6
                                                                                                                              0x004325d8
                                                                                                                              0x004325e1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004325e8
                                                                                                                              0x004325ed
                                                                                                                              0x004325f2
                                                                                                                              0x004325f4
                                                                                                                              0x004325fd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00432604
                                                                                                                              0x00432609
                                                                                                                              0x0043260e
                                                                                                                              0x00432613
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00432422
                                                                                                                              0x00432422
                                                                                                                              0x00432427
                                                                                                                              0x0043242f
                                                                                                                              0x00432437
                                                                                                                              0x0043243b
                                                                                                                              0x00432449
                                                                                                                              0x0043244d
                                                                                                                              0x00432451
                                                                                                                              0x0043245f
                                                                                                                              0x00432463
                                                                                                                              0x00432467
                                                                                                                              0x00432475
                                                                                                                              0x00432479
                                                                                                                              0x0043247d
                                                                                                                              0x0043248b
                                                                                                                              0x0043248f
                                                                                                                              0x00432493
                                                                                                                              0x004324a1
                                                                                                                              0x004324a5
                                                                                                                              0x004324a9
                                                                                                                              0x004324b7
                                                                                                                              0x004324bb
                                                                                                                              0x004324bd
                                                                                                                              0x004324c0
                                                                                                                              0x004324c4
                                                                                                                              0x00000000

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 33b0767fec04d2cc36286a41c43eb0d38f805e6e14f2767db37a63931b683382
                                                                                                                              • Instruction ID: db30b7f2ad9068286955554028b9aaa685d7675e6c5eb7ed9f8bac599936a457
                                                                                                                              • Opcode Fuzzy Hash: 33b0767fec04d2cc36286a41c43eb0d38f805e6e14f2767db37a63931b683382
                                                                                                                              • Instruction Fuzzy Hash: 9402E032900235DFDB96CF69C140149B7B6FF8A32472A82D2D854AB229D270BE52DFD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E9C4 Relevance: .2, Instructions: 195COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3027258f69a45e47f11e6ef411682183d8681a3ba960b00656adada6bea5bd6d
                                                                                                                              • Instruction ID: d9bdd0ffc78bce1da46a164adb44ca0a352dc4e9e15995579375b7a7492e944c
                                                                                                                              • Opcode Fuzzy Hash: 3027258f69a45e47f11e6ef411682183d8681a3ba960b00656adada6bea5bd6d
                                                                                                                              • Instruction Fuzzy Hash: FB61A7456AE7C66FCB07C33008B81D6AF61AE9325478B53EFC8C58A493D10D281EE363
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405AE0 Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                                                                                              • Instruction ID: c1f34be03cf0569538104f0038f02cfb84df381903d0011f2ebedd3a3241928c
                                                                                                                              • Opcode Fuzzy Hash: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                                                                                              • Instruction Fuzzy Hash: 76C0E9B550D6066E975C8F1AB480815FBE5FAC8324364C22EA01C83644D73154518A64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00427874 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00427874() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x4c1134 = E00427848("VariantChangeTypeEx", E00427264, _t91);
				 *0x4c1138 = E00427848("VarNeg", E004272AC, _t91);
				 *0x4c113c = E00427848("VarNot", E004272AC, _t91);
				 *0x4c1140 = E00427848("VarAdd", E004272B8, _t91);
				 *0x4c1144 = E00427848("VarSub", E004272B8, _t91);
				 *0x4c1148 = E00427848("VarMul", E004272B8, _t91);
				 *0x4c114c = E00427848("VarDiv", E004272B8, _t91);
				 *0x4c1150 = E00427848("VarIdiv", E004272B8, _t91);
				 *0x4c1154 = E00427848("VarMod", E004272B8, _t91);
				 *0x4c1158 = E00427848("VarAnd", E004272B8, _t91);
				 *0x4c115c = E00427848("VarOr", E004272B8, _t91);
				 *0x4c1160 = E00427848("VarXor", E004272B8, _t91);
				 *0x4c1164 = E00427848("VarCmp", E004272C4, _t91);
				 *0x4c1168 = E00427848("VarI4FromStr", E004272D0, _t91);
				 *0x4c116c = E00427848("VarR4FromStr", E0042733C, _t91);
				 *0x4c1170 = E00427848("VarR8FromStr", E004273AC, _t91);
				 *0x4c1174 = E00427848("VarDateFromStr", E0042741C, _t91);
				 *0x4c1178 = E00427848("VarCyFromStr", E0042748C, _t91);
				 *0x4c117c = E00427848("VarBoolFromStr", E004274FC, _t91);
				 *0x4c1180 = E00427848("VarBstrFromCy", E0042757C, _t91);
				 *0x4c1184 = E00427848("VarBstrFromDate", E00427624, _t91);
				_t46 = E00427848("VarBstrFromBool", E004277B4, _t91);
				 *0x4c1188 = _t46;
				return _t46;
			}






                                                                                                                              0x00427882
                                                                                                                              0x00427896
                                                                                                                              0x004278ac
                                                                                                                              0x004278c2
                                                                                                                              0x004278d8
                                                                                                                              0x004278ee
                                                                                                                              0x00427904
                                                                                                                              0x0042791a
                                                                                                                              0x00427930
                                                                                                                              0x00427946
                                                                                                                              0x0042795c
                                                                                                                              0x00427972
                                                                                                                              0x00427988
                                                                                                                              0x0042799e
                                                                                                                              0x004279b4
                                                                                                                              0x004279ca
                                                                                                                              0x004279e0
                                                                                                                              0x004279f6
                                                                                                                              0x00427a0c
                                                                                                                              0x00427a22
                                                                                                                              0x00427a38
                                                                                                                              0x00427a4e
                                                                                                                              0x00427a5e
                                                                                                                              0x00427a64
                                                                                                                              0x00427a6b

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 0042787D
                                                                                                                                • Part of subcall function 00427848: GetProcAddress.KERNEL32(00000000), ref: 00427861
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                              • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                              • API String ID: 1646373207-1918263038
                                                                                                                              • Opcode ID: 3edd394f2c42f1ee7728dbbd964d2d48b2f407ea9c7b21d0b846acf91e36c10d
                                                                                                                              • Instruction ID: afb448a43cf45882875cbd5333393c9475fd06a837c60371df2c799b3a2ca9d5
                                                                                                                              • Opcode Fuzzy Hash: 3edd394f2c42f1ee7728dbbd964d2d48b2f407ea9c7b21d0b846acf91e36c10d
                                                                                                                              • Instruction Fuzzy Hash: 4741442078D2689A53007BAA3C0692A7B9CD64A7243E0E07FF5048B766DF7CAC40867D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E7CC Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E0041E7CC(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				signed int _t53;
				signed int _t56;
				signed int _t71;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x41ea61);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x4ba590; // 0x4bb8f8
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E0040554C(0x1a);
				}
				E00406688(E0040690C( *0x4be7e4, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x41ea44);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x4be7dc = 0;
				_push(0);
				E00409C00();
				_t142 = _t141 + 4;
				E0041E034(_t93, 0x41ea7c, 0x100b,  &_v12);
				_t127 = E0041A1C4(0x41ea7c, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x4be7dc = 1;
						_push(1);
						E00409C00();
						_t142 = _t142 + 4;
						E00407E00( *0x4be7e0, L"B.C.");
						 *((intOrPtr*)( *0x4be7e0 + 4)) = 0;
						_t71 =  *0x4be7e0;
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E0041C1C4(1, 1, 1, __eflags, _t161);
						_v20 = E00405790();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						 *((long long*)( *0x4be7e0 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
						_t78 =  *0x4be7e0;
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								 *((intOrPtr*)( *0x4be7e0 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
					_t85 =  *0x4be7e0;
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							 *((intOrPtr*)( *0x4be7e0 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
				}
				_t94 =  *0x4be7e0;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E00409C00();
				_t53 =  *0x4be7e0;
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t106 =  *0x416e18; // 0x416e1c
						E00408F5C( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106,  *0x4be7e0 + (_t95 + _t95 * 2) * 8);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x41e600; // 0x41e604
				E00409D24(0x4be7e0, _t116);
				_t56 =  *0x4be7e0;
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x4be7dc = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x41ea4b);
				return E00406868( *0x4be7e4, _t105, _t127);
			}


































                                                                                                                              0x0041e7cc
                                                                                                                              0x0041e7cc
                                                                                                                              0x0041e7cc
                                                                                                                              0x0041e7cd
                                                                                                                              0x0041e7cf
                                                                                                                              0x0041e7d4
                                                                                                                              0x0041e7d7
                                                                                                                              0x0041e7da
                                                                                                                              0x0041e7dd
                                                                                                                              0x0041e7e1
                                                                                                                              0x0041e7e2
                                                                                                                              0x0041e7e7
                                                                                                                              0x0041e7ea
                                                                                                                              0x0041e7ed
                                                                                                                              0x0041e7f2
                                                                                                                              0x0041e7f5
                                                                                                                              0x0041e7f9
                                                                                                                              0x0041e7f9
                                                                                                                              0x0041e80b
                                                                                                                              0x0041e812
                                                                                                                              0x0041e813
                                                                                                                              0x0041e818
                                                                                                                              0x0041e81b
                                                                                                                              0x0041e820
                                                                                                                              0x0041e826
                                                                                                                              0x0041e837
                                                                                                                              0x0041e83c
                                                                                                                              0x0041e84f
                                                                                                                              0x0041e861
                                                                                                                              0x0041e86b
                                                                                                                              0x0041e8c8
                                                                                                                              0x0041e8cb
                                                                                                                              0x0041e8d6
                                                                                                                              0x0041e8dc
                                                                                                                              0x0041e8ed
                                                                                                                              0x0041e8f2
                                                                                                                              0x0041e8ff
                                                                                                                              0x0041e90b
                                                                                                                              0x0041e90e
                                                                                                                              0x0041e913
                                                                                                                              0x0041e91a
                                                                                                                              0x0041e92d
                                                                                                                              0x0041e937
                                                                                                                              0x0041e93a
                                                                                                                              0x0041e93d
                                                                                                                              0x0041e945
                                                                                                                              0x0041e948
                                                                                                                              0x0041e957
                                                                                                                              0x0041e95c
                                                                                                                              0x0041e961
                                                                                                                              0x0041e963
                                                                                                                              0x0041e965
                                                                                                                              0x0041e965
                                                                                                                              0x0041e968
                                                                                                                              0x0041e968
                                                                                                                              0x0041e96c
                                                                                                                              0x0041e96d
                                                                                                                              0x0041e96f
                                                                                                                              0x0041e971
                                                                                                                              0x0041e976
                                                                                                                              0x0041e97f
                                                                                                                              0x0041e987
                                                                                                                              0x0041e988
                                                                                                                              0x0041e988
                                                                                                                              0x0041e988
                                                                                                                              0x0041e976
                                                                                                                              0x0041e999
                                                                                                                              0x0041e999
                                                                                                                              0x0041e86d
                                                                                                                              0x0041e87b
                                                                                                                              0x0041e880
                                                                                                                              0x0041e887
                                                                                                                              0x0041e88c
                                                                                                                              0x0041e88c
                                                                                                                              0x0041e890
                                                                                                                              0x0041e893
                                                                                                                              0x0041e895
                                                                                                                              0x0041e896
                                                                                                                              0x0041e898
                                                                                                                              0x0041e8a1
                                                                                                                              0x0041e8a9
                                                                                                                              0x0041e8aa
                                                                                                                              0x0041e8aa
                                                                                                                              0x0041e898
                                                                                                                              0x0041e8bb
                                                                                                                              0x0041e8bb
                                                                                                                              0x0041e9a3
                                                                                                                              0x0041e9a7
                                                                                                                              0x0041e9ac
                                                                                                                              0x0041e9ac
                                                                                                                              0x0041e9ae
                                                                                                                              0x0041e9c2
                                                                                                                              0x0041e9ca
                                                                                                                              0x0041e9d1
                                                                                                                              0x0041e9d6
                                                                                                                              0x0041e9d6
                                                                                                                              0x0041e9da
                                                                                                                              0x0041e9dd
                                                                                                                              0x0041e9df
                                                                                                                              0x0041e9e0
                                                                                                                              0x0041e9e2
                                                                                                                              0x0041e9e2
                                                                                                                              0x0041e9fa
                                                                                                                              0x0041ea00
                                                                                                                              0x0041ea05
                                                                                                                              0x0041ea06
                                                                                                                              0x0041ea06
                                                                                                                              0x0041e9e2
                                                                                                                              0x0041ea0e
                                                                                                                              0x0041ea14
                                                                                                                              0x0041ea19
                                                                                                                              0x0041ea20
                                                                                                                              0x0041ea25
                                                                                                                              0x0041ea25
                                                                                                                              0x0041ea27
                                                                                                                              0x0041ea2e
                                                                                                                              0x0041ea30
                                                                                                                              0x0041ea31
                                                                                                                              0x0041ea34
                                                                                                                              0x0041ea43

                                                                                                                              APIs
                                                                                                                              • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E870
                                                                                                                              • EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E87B
                                                                                                                              • GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8B0
                                                                                                                              • EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8BB
                                                                                                                              • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E94C
                                                                                                                              • EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E957
                                                                                                                              • GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E98E
                                                                                                                              • EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E999
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CalendarEnumInfoLocaleThread
                                                                                                                              • String ID: B.C.$ToA$K$K$K
                                                                                                                              • API String ID: 683597275-1724967715
                                                                                                                              • Opcode ID: 30548e6079ac2033bf0e04708f2267278c7844b43060e3a4cc9a960100252a35
                                                                                                                              • Instruction ID: 5f9a2d1895d99171d8daf0119b8bb3b5d98f795b9e196a74a36fcd0882631485
                                                                                                                              • Opcode Fuzzy Hash: 30548e6079ac2033bf0e04708f2267278c7844b43060e3a4cc9a960100252a35
                                                                                                                              • Instruction Fuzzy Hash: 3061D7786002009FD710EF2BCC85AD677A9FB84354B518A7AFC019B3A6CB78DC41CB99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A250 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040A250() {
				signed int _t2;
				_Unknown_base(*)()* _t8;

				InitializeCriticalSection(0x4bdc10);
				 *0x4bdc28 = 0x7f;
				_t2 = GetVersion() & 0x000000ff;
				 *0x4bdc0c = _t2 - 6 >= 0;
				if( *0x4bdc0c != 0) {
					 *0x4bdc00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
					 *0x4bdc04 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
					 *0x4bdc08 = _t8;
					return _t8;
				}
				return _t2;
			}





                                                                                                                              0x0040a255
                                                                                                                              0x0040a25a
                                                                                                                              0x0040a268
                                                                                                                              0x0040a270
                                                                                                                              0x0040a27e
                                                                                                                              0x0040a295
                                                                                                                              0x0040a2af
                                                                                                                              0x0040a2c4
                                                                                                                              0x0040a2c9
                                                                                                                              0x00000000
                                                                                                                              0x0040a2c9
                                                                                                                              0x0040a2ce

                                                                                                                              APIs
                                                                                                                              • InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
                                                                                                                              • GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
                                                                                                                              • String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
                                                                                                                              • API String ID: 74573329-1403180336
                                                                                                                              • Opcode ID: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
                                                                                                                              • Instruction ID: d84369935ce7e940d286def53580bf621e493dc20acbcc0033f4522394103be5
                                                                                                                              • Opcode Fuzzy Hash: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
                                                                                                                              • Instruction Fuzzy Hash: F9F098A49853413DD6207F769D07B292D685A0170AF644AFFB410763D3EEFE4190E71E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E0AC Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E0041E0AC(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x41e391);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x416f50; // 0x416f54
				E00409D24(_t151 + 0xbc, _t172);
				E0041E7CC(_t214, _t151, _t151, _t211, _t214, _t224);
				E0041E4A0(_t214, _t151, _t151, _t211, _t214);
				E0041E55C(_t214, _t151, _t151, _t211, _t214);
				E0041E034(_t214, 0, 0x14,  &_v20);
				E00407E00(_t151, _v20);
				E0041E034(_t214, 0x41e3ac, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E0041A1C4(0x41e3ac, 0, _t219);
				E0041E034(_t214, 0x41e3ac, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E0041A1C4(0x41e3ac, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E0041E080(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E0041E080(_t214, 0x2e, 0xe);
				E0041E034(_t214, 0x41e3ac, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E0041A1C4(0x41e3ac, 0, _t219);
				_t212 = E0041E080(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E0041EB18(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E00407E00(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E0041EB18(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E00407E00(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E0041E080(_t214, 0x3a, 0x1e);
				E0041E034(_t214, 0x41e400, 0x28,  &_v44);
				E00407E00(_t151 + 0x14, _v44);
				E0041E034(_t214, 0x41e414, 0x29,  &_v48);
				E00407E00(_t151 + 0x18, _v48);
				E00407A20( &_v12);
				E00407A20( &_v16);
				E0041E034(_t214, 0x41e3ac, 0x25,  &_v52);
				_t121 = E0041A1C4(0x41e3ac, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E00407E48( &_v8, 0x41e438);
				} else {
					E00407E48( &_v8, 0x41e428);
				}
				E0041E034(_t214, 0x41e3ac, 0x23,  &_v56);
				_t128 = E0041A1C4(0x41e3ac, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E0041E034(_t214, 0x41e3ac, 0x1005,  &_v60);
					if(E0041A1C4(0x41e3ac, 0, _t221) != 0) {
						E00407E48( &_v12, L"AMPM ");
					} else {
						E00407E48( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004087C4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004087C4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E0041E080(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x41e398);
				return E00407A80( &_v60, 0xe);
			}





























                                                                                                                              0x0041e0ac
                                                                                                                              0x0041e0ac
                                                                                                                              0x0041e0ad
                                                                                                                              0x0041e0af
                                                                                                                              0x0041e0b4
                                                                                                                              0x0041e0b4
                                                                                                                              0x0041e0b6
                                                                                                                              0x0041e0b8
                                                                                                                              0x0041e0b8
                                                                                                                              0x0041e0bd
                                                                                                                              0x0041e0be
                                                                                                                              0x0041e0c0
                                                                                                                              0x0041e0c4
                                                                                                                              0x0041e0c5
                                                                                                                              0x0041e0ca
                                                                                                                              0x0041e0cd
                                                                                                                              0x0041e0d3
                                                                                                                              0x0041e0d8
                                                                                                                              0x0041e0da
                                                                                                                              0x0041e0e1
                                                                                                                              0x0041e0e1
                                                                                                                              0x0041e0e9
                                                                                                                              0x0041e0ef
                                                                                                                              0x0041e0f8
                                                                                                                              0x0041e101
                                                                                                                              0x0041e10a
                                                                                                                              0x0041e11c
                                                                                                                              0x0041e126
                                                                                                                              0x0041e13b
                                                                                                                              0x0041e14a
                                                                                                                              0x0041e15d
                                                                                                                              0x0041e16c
                                                                                                                              0x0041e182
                                                                                                                              0x0041e199
                                                                                                                              0x0041e1b0
                                                                                                                              0x0041e1bf
                                                                                                                              0x0041e1d2
                                                                                                                              0x0041e1d4
                                                                                                                              0x0041e1d8
                                                                                                                              0x0041e1e9
                                                                                                                              0x0041e1f4
                                                                                                                              0x0041e1fd
                                                                                                                              0x0041e20e
                                                                                                                              0x0041e219
                                                                                                                              0x0041e22e
                                                                                                                              0x0041e242
                                                                                                                              0x0041e24d
                                                                                                                              0x0041e262
                                                                                                                              0x0041e26d
                                                                                                                              0x0041e275
                                                                                                                              0x0041e27d
                                                                                                                              0x0041e292
                                                                                                                              0x0041e29c
                                                                                                                              0x0041e2a1
                                                                                                                              0x0041e2a3
                                                                                                                              0x0041e2bc
                                                                                                                              0x0041e2a5
                                                                                                                              0x0041e2ad
                                                                                                                              0x0041e2ad
                                                                                                                              0x0041e2d1
                                                                                                                              0x0041e2db
                                                                                                                              0x0041e2e0
                                                                                                                              0x0041e2e2
                                                                                                                              0x0041e2f4
                                                                                                                              0x0041e305
                                                                                                                              0x0041e31e
                                                                                                                              0x0041e307
                                                                                                                              0x0041e30f
                                                                                                                              0x0041e30f
                                                                                                                              0x0041e305
                                                                                                                              0x0041e323
                                                                                                                              0x0041e326
                                                                                                                              0x0041e329
                                                                                                                              0x0041e32e
                                                                                                                              0x0041e339
                                                                                                                              0x0041e33e
                                                                                                                              0x0041e341
                                                                                                                              0x0041e344
                                                                                                                              0x0041e349
                                                                                                                              0x0041e354
                                                                                                                              0x0041e369
                                                                                                                              0x0041e36d
                                                                                                                              0x0041e378
                                                                                                                              0x0041e37b
                                                                                                                              0x0041e37e
                                                                                                                              0x0041e390

                                                                                                                              APIs
                                                                                                                              • IsValidLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0D3
                                                                                                                              • GetThreadLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0DC
                                                                                                                                • Part of subcall function 0041E080: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093
                                                                                                                                • Part of subcall function 0041E034: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Locale$Info$ThreadValid
                                                                                                                              • String ID: AMPM$2$:mm$:mm:ss$AMPM $ToA$m/d/yy$mmmm d, yyyy
                                                                                                                              • API String ID: 233154393-2808312488
                                                                                                                              • Opcode ID: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
                                                                                                                              • Instruction ID: 756c878950b08f5201d8436663b045c7a1b9734561897f0b9d621fb0846820d7
                                                                                                                              • Opcode Fuzzy Hash: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
                                                                                                                              • Instruction Fuzzy Hash: 887134387011199BDB05EB67C841BDE76AADF88304F50807BF904AB246DB3DDD82879E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A7E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E0040A7E4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40a8e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x4bdc10);
				if(_t28 !=  *0x4bdc28) {
					LeaveCriticalSection(0x4bdc10);
					E00407A20(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x4bdc0c == 0) {
							_t18 = E0040A4CC(_t28, _t28, _t44, __edi, _t44);
							L00403738();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004086E4(_t44, E0040A900);
								}
								L00403738();
								E0040A4CC(_t18, _t28,  &_v8, _t42, _t44);
								E004086E4(_t44, _v8);
							}
						} else {
							E0040A6C8(_t28, _t44);
						}
					}
					EnterCriticalSection(0x4bdc10);
					 *0x4bdc28 = _t28;
					E0040A34C(0x4bdc2a, E004084EC( *_t44), 0xaa);
					LeaveCriticalSection(0x4bdc10);
				} else {
					E0040858C(_t44, 0x55, 0x4bdc2a);
					LeaveCriticalSection(0x4bdc10);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040A8EF);
				return E00407A20( &_v8);
			}









                                                                                                                              0x0040a7e4
                                                                                                                              0x0040a7e7
                                                                                                                              0x0040a7e9
                                                                                                                              0x0040a7ea
                                                                                                                              0x0040a7eb
                                                                                                                              0x0040a7ed
                                                                                                                              0x0040a7f1
                                                                                                                              0x0040a7f2
                                                                                                                              0x0040a7f7
                                                                                                                              0x0040a7fa
                                                                                                                              0x0040a802
                                                                                                                              0x0040a80e
                                                                                                                              0x0040a835
                                                                                                                              0x0040a83c
                                                                                                                              0x0040a84e
                                                                                                                              0x0040a857
                                                                                                                              0x0040a868
                                                                                                                              0x0040a86d
                                                                                                                              0x0040a875
                                                                                                                              0x0040a87a
                                                                                                                              0x0040a883
                                                                                                                              0x0040a883
                                                                                                                              0x0040a888
                                                                                                                              0x0040a890
                                                                                                                              0x0040a89a
                                                                                                                              0x0040a89a
                                                                                                                              0x0040a859
                                                                                                                              0x0040a85d
                                                                                                                              0x0040a85d
                                                                                                                              0x0040a857
                                                                                                                              0x0040a8a4
                                                                                                                              0x0040a8a9
                                                                                                                              0x0040a8c3
                                                                                                                              0x0040a8cd
                                                                                                                              0x0040a810
                                                                                                                              0x0040a81c
                                                                                                                              0x0040a826
                                                                                                                              0x0040a826
                                                                                                                              0x0040a8d4
                                                                                                                              0x0040a8d7
                                                                                                                              0x0040a8da
                                                                                                                              0x0040a8e7

                                                                                                                              APIs
                                                                                                                              • EnterCriticalSection.KERNEL32(004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000,00000000), ref: 0040A802
                                                                                                                              • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A826
                                                                                                                              • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A835
                                                                                                                              • IsValidLocale.KERNEL32(00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A847
                                                                                                                              • EnterCriticalSection.KERNEL32(004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8A4
                                                                                                                              • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8CD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                                                                              • String ID: en-US,en,
                                                                                                                              • API String ID: 975949045-3579323720
                                                                                                                              • Opcode ID: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
                                                                                                                              • Instruction ID: af4c48ae6f9d4b9345a2e7437780db60bfff4a38cfd5d6d0e3948ff18df55379
                                                                                                                              • Opcode Fuzzy Hash: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
                                                                                                                              • Instruction Fuzzy Hash: 31218461B1031077DA11BB668C03B5E29A89B44705BA0887BB140B32D2EEBD8D52D66F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0042301C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E0042301C(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x423116);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0041FF2C() != 2) {
						if(E00422FF4(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					} else {
						if(E00422FF4(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					}
					E0040873C( &_v20, _v8, 0x42322c);
					E00405920(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0042311D);
				E00407A20( &_v20);
				return E00407A20( &_v8);
			}










                                                                                                                              0x00423022
                                                                                                                              0x00423025
                                                                                                                              0x00423028
                                                                                                                              0x0042302d
                                                                                                                              0x0042302e
                                                                                                                              0x00423033
                                                                                                                              0x00423036
                                                                                                                              0x00423049
                                                                                                                              0x00423050
                                                                                                                              0x00423063
                                                                                                                              0x004230b8
                                                                                                                              0x004230c5
                                                                                                                              0x004230ce
                                                                                                                              0x004230ce
                                                                                                                              0x00423065
                                                                                                                              0x00423080
                                                                                                                              0x0042308d
                                                                                                                              0x00423096
                                                                                                                              0x00423096
                                                                                                                              0x00423080
                                                                                                                              0x004230de
                                                                                                                              0x004230e9
                                                                                                                              0x004230f4
                                                                                                                              0x004230f4
                                                                                                                              0x00423052
                                                                                                                              0x00423052
                                                                                                                              0x00423054
                                                                                                                              0x004230fa
                                                                                                                              0x004230fd
                                                                                                                              0x00423100
                                                                                                                              0x00423108
                                                                                                                              0x00423115

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423043
                                                                                                                                • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423096
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressCloseHandleModuleProc
                                                                                                                              • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                              • API String ID: 4190037839-2401316094
                                                                                                                              • Opcode ID: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
                                                                                                                              • Instruction ID: 05790bdd6973bc135d390eb6e5b6569f0703c8ea8b4006eead18837270f0a894
                                                                                                                              • Opcode Fuzzy Hash: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
                                                                                                                              • Instruction Fuzzy Hash: 39217930B00228ABDB10EEB5DD42A9F73F4EB44345FA04477A500E3281DB7CAB41962D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040D218 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E0040D218(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x4b7c40, 8 << 2);
				_pop(_t194);
				_v56 =  *0x4b7c40;
				_v52 = E0040D6C8( *0x004B7C44);
				_v48 = E0040D6D8( *0x004B7C48);
				_v44 = E0040D6E8( *0x004B7C4C);
				_v40 = E0040D6F8( *0x004B7C50);
				_v36 = E0040D6F8( *0x004B7C54);
				_v32 = E0040D6F8( *0x004B7C58);
				_v28 =  *0x004B7C5C;
				memcpy( &_v92, 0x4b7c60, 9 << 2);
				_t196 = _t194;
				_v88 = 0x4b7c60;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x4b7c84; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040D708( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x4be640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x4be640 != 0) {
							_t191 =  *0x4be640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x4be644 != 0) {
									_t191 =  *0x4be644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x4b7c8c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x4be640 != 0) {
						_t142 =  *0x4be640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040CBA0(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x4b7c3c; // 0x0
									 *_v20 = _t126;
									 *0x4b7c3c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x4be644 != 0) {
							_t142 =  *0x4be644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x4b7c88; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x4be640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x4be640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x4be640(5,  &_v92);
						}
						return _t191;
					}
				}
			}







































                                                                                                                              0x0040d22c
                                                                                                                              0x0040d232
                                                                                                                              0x0040d234
                                                                                                                              0x0040d237
                                                                                                                              0x0040d244
                                                                                                                              0x0040d251
                                                                                                                              0x0040d25e
                                                                                                                              0x0040d26b
                                                                                                                              0x0040d278
                                                                                                                              0x0040d285
                                                                                                                              0x0040d28e
                                                                                                                              0x0040d29c
                                                                                                                              0x0040d29e
                                                                                                                              0x0040d29f
                                                                                                                              0x0040d2a5
                                                                                                                              0x0040d2ab
                                                                                                                              0x0040d2b2
                                                                                                                              0x0040d2b4
                                                                                                                              0x0040d2ba
                                                                                                                              0x0040d2c0
                                                                                                                              0x0040d2d0
                                                                                                                              0x00000000
                                                                                                                              0x0040d2d5
                                                                                                                              0x0040d2e2
                                                                                                                              0x0040d2e7
                                                                                                                              0x0040d2e9
                                                                                                                              0x0040d2eb
                                                                                                                              0x0040d2eb
                                                                                                                              0x0040d2f1
                                                                                                                              0x0040d2f4
                                                                                                                              0x0040d2fc
                                                                                                                              0x0040d306
                                                                                                                              0x0040d309
                                                                                                                              0x0040d30e
                                                                                                                              0x0040d329
                                                                                                                              0x0040d310
                                                                                                                              0x0040d31c
                                                                                                                              0x0040d31c
                                                                                                                              0x0040d32c
                                                                                                                              0x0040d335
                                                                                                                              0x0040d34e
                                                                                                                              0x0040d350
                                                                                                                              0x0040d412
                                                                                                                              0x0040d412
                                                                                                                              0x0040d41c
                                                                                                                              0x0040d42a
                                                                                                                              0x0040d42a
                                                                                                                              0x0040d42e
                                                                                                                              0x0040d47b
                                                                                                                              0x0040d47d
                                                                                                                              0x0040d484
                                                                                                                              0x0040d48e
                                                                                                                              0x0040d49c
                                                                                                                              0x0040d49c
                                                                                                                              0x0040d4a0
                                                                                                                              0x0040d4a2
                                                                                                                              0x0040d4a7
                                                                                                                              0x0040d4ad
                                                                                                                              0x0040d4bd
                                                                                                                              0x0040d4c2
                                                                                                                              0x0040d4c2
                                                                                                                              0x0040d4a0
                                                                                                                              0x00000000
                                                                                                                              0x0040d430
                                                                                                                              0x0040d434
                                                                                                                              0x0040d46f
                                                                                                                              0x0040d479
                                                                                                                              0x00000000
                                                                                                                              0x0040d43c
                                                                                                                              0x0040d43f
                                                                                                                              0x0040d447
                                                                                                                              0x00000000
                                                                                                                              0x0040d460
                                                                                                                              0x0040d466
                                                                                                                              0x0040d46b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d4c5
                                                                                                                              0x0040d4c8
                                                                                                                              0x00000000
                                                                                                                              0x0040d4c8
                                                                                                                              0x0040d447
                                                                                                                              0x0040d434
                                                                                                                              0x0040d42e
                                                                                                                              0x0040d35d
                                                                                                                              0x0040d36b
                                                                                                                              0x0040d36b
                                                                                                                              0x0040d36f
                                                                                                                              0x0040d37a
                                                                                                                              0x0040d37a
                                                                                                                              0x0040d37e
                                                                                                                              0x0040d3cb
                                                                                                                              0x0040d3d7
                                                                                                                              0x0040d40d
                                                                                                                              0x0040d3d9
                                                                                                                              0x0040d3dd
                                                                                                                              0x0040d3e3
                                                                                                                              0x0040d3e8
                                                                                                                              0x0040d3ed
                                                                                                                              0x0040d3f4
                                                                                                                              0x0040d3fa
                                                                                                                              0x0040d3ff
                                                                                                                              0x0040d404
                                                                                                                              0x0040d404
                                                                                                                              0x0040d3ed
                                                                                                                              0x0040d3dd
                                                                                                                              0x00000000
                                                                                                                              0x0040d380
                                                                                                                              0x0040d385
                                                                                                                              0x0040d38f
                                                                                                                              0x0040d39d
                                                                                                                              0x0040d39d
                                                                                                                              0x0040d3a1
                                                                                                                              0x00000000
                                                                                                                              0x0040d3a3
                                                                                                                              0x0040d3a3
                                                                                                                              0x0040d3a8
                                                                                                                              0x0040d3ae
                                                                                                                              0x0040d3be
                                                                                                                              0x00000000
                                                                                                                              0x0040d3c3
                                                                                                                              0x0040d3a1
                                                                                                                              0x0040d337
                                                                                                                              0x0040d343
                                                                                                                              0x0040d347
                                                                                                                              0x00000000
                                                                                                                              0x0040d349
                                                                                                                              0x0040d4ca
                                                                                                                              0x0040d4d1
                                                                                                                              0x0040d4d5
                                                                                                                              0x0040d4d8
                                                                                                                              0x0040d4db
                                                                                                                              0x0040d4e4
                                                                                                                              0x0040d4e4
                                                                                                                              0x00000000
                                                                                                                              0x0040d4ea
                                                                                                                              0x0040d347

                                                                                                                              APIs
                                                                                                                              • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040D2D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionRaise
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3997070919-0
                                                                                                                              • Opcode ID: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
                                                                                                                              • Instruction ID: 6bdc8742f8c12d3c05e6aa795b4e0fa0c425ed74332de7fca684440f38d882f1
                                                                                                                              • Opcode Fuzzy Hash: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
                                                                                                                              • Instruction Fuzzy Hash: 7CA16F75D002089FDB14DFE9D881BAEB7B5BB88300F14423AE505B73C1DB78A949CB59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004047B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E004047B0(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x4bb058 == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403780();
				} else {
					_t7 = E00407EF0(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x4b7078; // 0x403920
					_t12 = E00407EF0(_t11);
					_t13 =  *0x4b7078; // 0x403920
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00407EF0(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                                                                              0x004047b0
                                                                                                                              0x004047b3
                                                                                                                              0x004047b5
                                                                                                                              0x004047be
                                                                                                                              0x00404821
                                                                                                                              0x00404826
                                                                                                                              0x00404827
                                                                                                                              0x00404828
                                                                                                                              0x0040482a
                                                                                                                              0x004047c0
                                                                                                                              0x004047c9
                                                                                                                              0x004047d8
                                                                                                                              0x004047e4
                                                                                                                              0x004047e9
                                                                                                                              0x004047ef
                                                                                                                              0x004047fd
                                                                                                                              0x0040480b
                                                                                                                              0x0040481a
                                                                                                                              0x0040481a
                                                                                                                              0x00404832

                                                                                                                              APIs
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D2
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D8
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047F7
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047FD
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?), ref: 00404814
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000), ref: 0040481A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleWrite
                                                                                                                              • String ID: 9@
                                                                                                                              • API String ID: 3320372497-3209974744
                                                                                                                              • Opcode ID: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
                                                                                                                              • Instruction ID: 9b3b4e35e49a927b8991458b20a1a8ec0ccf5b925403b1971dfbe1b0899ab5f0
                                                                                                                              • Opcode Fuzzy Hash: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
                                                                                                                              • Instruction Fuzzy Hash: 2001AEE25492103DE110F7A69C85F57168C8B4472AF10467F7218F35D2C9395D44927E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041F0F4 Relevance: 12.1, APIs: 8, Instructions: 97filewindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 62%
                                                                                                                              			E0041F0F4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41f219);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041EEFC(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x4ba6c0; // 0x4bb058
				if( *_t17 == 0) {
					_t19 =  *0x4ba4f8; // 0x40e710
					_t11 = _t19 + 4; // 0xffed
					LoadStringW(E00409FF0( *0x4be634),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x4ba524; // 0x4bb340
					E00405564(E00405820(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E00409C00();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41f234, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41f220);
				_t57 =  *0x41f0c4; // 0x41f0c8
				return E00409D24( &_v8, _t57);
			}
















                                                                                                                              0x0041f0fd
                                                                                                                              0x0041f0fe
                                                                                                                              0x0041f101
                                                                                                                              0x0041f106
                                                                                                                              0x0041f107
                                                                                                                              0x0041f10c
                                                                                                                              0x0041f10f
                                                                                                                              0x0041f122
                                                                                                                              0x0041f124
                                                                                                                              0x0041f12c
                                                                                                                              0x0041f1ca
                                                                                                                              0x0041f1cf
                                                                                                                              0x0041f1de
                                                                                                                              0x0041f1f8
                                                                                                                              0x0041f132
                                                                                                                              0x0041f132
                                                                                                                              0x0041f13c
                                                                                                                              0x0041f15a
                                                                                                                              0x0041f15c
                                                                                                                              0x0041f16b
                                                                                                                              0x0041f188
                                                                                                                              0x0041f1a0
                                                                                                                              0x0041f1ba
                                                                                                                              0x0041f1ba
                                                                                                                              0x0041f1ff
                                                                                                                              0x0041f202
                                                                                                                              0x0041f205
                                                                                                                              0x0041f20d
                                                                                                                              0x0041f218

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0041EEFC: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
                                                                                                                                • Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
                                                                                                                                • Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
                                                                                                                                • Part of subcall function 0041EEFC: LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041F219), ref: 0041F155
                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F188
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F19A
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F1A0
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041F1B4
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041F1BA
                                                                                                                              • LoadStringW.USER32(00000000,0000FFED,?,00000040), ref: 0041F1DE
                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041F1F8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 135118572-0
                                                                                                                              • Opcode ID: 7bf27a680bd44ec5315003c7bd75f7b580991028cc1534cfff61cb99441fed85
                                                                                                                              • Instruction ID: 441773961034998e17761d3334fa1b60ae8bad0ad03d42d5622a75f3c8f76c28
                                                                                                                              • Opcode Fuzzy Hash: 7bf27a680bd44ec5315003c7bd75f7b580991028cc1534cfff61cb99441fed85
                                                                                                                              • Instruction Fuzzy Hash: 7D31CF75640204BFE714E796CC42FDA77ACEB08704F9044BABA04F71D2DA786E548B6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404464 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E00404464(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403EE8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403AA4(_t202, _t218, _t150);
										E0040426C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403EE8(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403A74(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040426C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403EE8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403A74(_t217, _t207, _t109);
									E0040426C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x4bb059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403AC0(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403B00(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x4bbae8 = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x4bbae8 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x4bb059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403AC0(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403B00(_t217 + _t238, _t174, _t161);
									}
									 *0x4bbae8 = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403EE8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403AA4(_t217, _t213, _t140);
											E0040426C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403EE8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040426C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403EE8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040426C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                                                                              0x00404464
                                                                                                                              0x00404464
                                                                                                                              0x00404464
                                                                                                                              0x0040446c
                                                                                                                              0x0040446e
                                                                                                                              0x004044fc
                                                                                                                              0x004044ff
                                                                                                                              0x0040476c
                                                                                                                              0x0040476d
                                                                                                                              0x0040476e
                                                                                                                              0x00404771
                                                                                                                              0x00403d9c
                                                                                                                              0x00403d9d
                                                                                                                              0x00403d9e
                                                                                                                              0x00403d9f
                                                                                                                              0x00403da0
                                                                                                                              0x00403da3
                                                                                                                              0x00403da5
                                                                                                                              0x00403dac
                                                                                                                              0x00403db5
                                                                                                                              0x00403dba
                                                                                                                              0x00403ea1
                                                                                                                              0x00403ea3
                                                                                                                              0x00403eb6
                                                                                                                              0x00403eb8
                                                                                                                              0x00403eba
                                                                                                                              0x00403ebc
                                                                                                                              0x00403ec2
                                                                                                                              0x00403ec6
                                                                                                                              0x00403ec6
                                                                                                                              0x00403ec9
                                                                                                                              0x00403ec9
                                                                                                                              0x00403ed2
                                                                                                                              0x00403ed9
                                                                                                                              0x00403ed9
                                                                                                                              0x00403ea5
                                                                                                                              0x00403ea5
                                                                                                                              0x00403eaa
                                                                                                                              0x00403eaa
                                                                                                                              0x00403dc0
                                                                                                                              0x00403dc9
                                                                                                                              0x00403dcf
                                                                                                                              0x00403dcb
                                                                                                                              0x00403dcb
                                                                                                                              0x00403dcb
                                                                                                                              0x00403ddb
                                                                                                                              0x00403dea
                                                                                                                              0x00403df7
                                                                                                                              0x00403e67
                                                                                                                              0x00403e6e
                                                                                                                              0x00403e70
                                                                                                                              0x00403e72
                                                                                                                              0x00403e74
                                                                                                                              0x00403e7a
                                                                                                                              0x00403e7e
                                                                                                                              0x00403e7e
                                                                                                                              0x00403e81
                                                                                                                              0x00403e81
                                                                                                                              0x00403e91
                                                                                                                              0x00403e98
                                                                                                                              0x00403e98
                                                                                                                              0x00403df9
                                                                                                                              0x00403df9
                                                                                                                              0x00403e05
                                                                                                                              0x00403e0b
                                                                                                                              0x00000000
                                                                                                                              0x00403e0d
                                                                                                                              0x00403e1e
                                                                                                                              0x00403e22
                                                                                                                              0x00403e24
                                                                                                                              0x00403e24
                                                                                                                              0x00403e3a
                                                                                                                              0x00000000
                                                                                                                              0x00403e52
                                                                                                                              0x00403e54
                                                                                                                              0x00403e57
                                                                                                                              0x00403e60
                                                                                                                              0x00403e63
                                                                                                                              0x00403e63
                                                                                                                              0x00403e3a
                                                                                                                              0x00403e0b
                                                                                                                              0x00403df7
                                                                                                                              0x00403ee7
                                                                                                                              0x00404777
                                                                                                                              0x00404777
                                                                                                                              0x00404779
                                                                                                                              0x00404779
                                                                                                                              0x00404505
                                                                                                                              0x00404507
                                                                                                                              0x0040450a
                                                                                                                              0x0040450b
                                                                                                                              0x0040450e
                                                                                                                              0x00404511
                                                                                                                              0x00404514
                                                                                                                              0x00404516
                                                                                                                              0x00404517
                                                                                                                              0x0040462c
                                                                                                                              0x0040462f
                                                                                                                              0x00404631
                                                                                                                              0x00404724
                                                                                                                              0x0040472f
                                                                                                                              0x00404736
                                                                                                                              0x00404738
                                                                                                                              0x0040473b
                                                                                                                              0x00404740
                                                                                                                              0x00404741
                                                                                                                              0x00404743
                                                                                                                              0x00000000
                                                                                                                              0x00404745
                                                                                                                              0x00404745
                                                                                                                              0x0040474b
                                                                                                                              0x0040474d
                                                                                                                              0x0040474d
                                                                                                                              0x00404750
                                                                                                                              0x00404758
                                                                                                                              0x0040475f
                                                                                                                              0x0040476a
                                                                                                                              0x0040476a
                                                                                                                              0x00404637
                                                                                                                              0x00404637
                                                                                                                              0x0040463a
                                                                                                                              0x0040463d
                                                                                                                              0x0040463f
                                                                                                                              0x00000000
                                                                                                                              0x00404645
                                                                                                                              0x00404645
                                                                                                                              0x0040464c
                                                                                                                              0x004046a9
                                                                                                                              0x004046a9
                                                                                                                              0x004046ae
                                                                                                                              0x004046b4
                                                                                                                              0x004046b9
                                                                                                                              0x004046ba
                                                                                                                              0x004046ba
                                                                                                                              0x004046c6
                                                                                                                              0x004046d7
                                                                                                                              0x004046dd
                                                                                                                              0x004046dd
                                                                                                                              0x004046df
                                                                                                                              0x004046ec
                                                                                                                              0x004046f3
                                                                                                                              0x004046f7
                                                                                                                              0x004046f9
                                                                                                                              0x004046ff
                                                                                                                              0x00404701
                                                                                                                              0x00404703
                                                                                                                              0x00404703
                                                                                                                              0x004046e1
                                                                                                                              0x004046e1
                                                                                                                              0x004046e5
                                                                                                                              0x004046e5
                                                                                                                              0x00404708
                                                                                                                              0x00404708
                                                                                                                              0x0040470a
                                                                                                                              0x0040470d
                                                                                                                              0x00404714
                                                                                                                              0x00404716
                                                                                                                              0x0040471a
                                                                                                                              0x0040464e
                                                                                                                              0x0040464e
                                                                                                                              0x00404653
                                                                                                                              0x0040465b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040465d
                                                                                                                              0x0040465f
                                                                                                                              0x00404666
                                                                                                                              0x00000000
                                                                                                                              0x00404668
                                                                                                                              0x0040466c
                                                                                                                              0x00404671
                                                                                                                              0x00404672
                                                                                                                              0x00404678
                                                                                                                              0x00404680
                                                                                                                              0x00404686
                                                                                                                              0x0040468b
                                                                                                                              0x0040468c
                                                                                                                              0x00000000
                                                                                                                              0x0040468c
                                                                                                                              0x00404680
                                                                                                                              0x00000000
                                                                                                                              0x00404666
                                                                                                                              0x00404695
                                                                                                                              0x00404698
                                                                                                                              0x0040469b
                                                                                                                              0x0040469d
                                                                                                                              0x0040471d
                                                                                                                              0x0040471d
                                                                                                                              0x00000000
                                                                                                                              0x0040469f
                                                                                                                              0x0040469f
                                                                                                                              0x004046a2
                                                                                                                              0x004046a5
                                                                                                                              0x004046a7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004046a7
                                                                                                                              0x0040469d
                                                                                                                              0x0040464c
                                                                                                                              0x0040463f
                                                                                                                              0x0040451d
                                                                                                                              0x00404520
                                                                                                                              0x00404522
                                                                                                                              0x0040452c
                                                                                                                              0x00404532
                                                                                                                              0x00404549
                                                                                                                              0x00404549
                                                                                                                              0x00404555
                                                                                                                              0x0040455b
                                                                                                                              0x0040455d
                                                                                                                              0x00404564
                                                                                                                              0x00404566
                                                                                                                              0x0040456b
                                                                                                                              0x00404573
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404575
                                                                                                                              0x00404577
                                                                                                                              0x0040457e
                                                                                                                              0x00000000
                                                                                                                              0x00404580
                                                                                                                              0x00404583
                                                                                                                              0x00404588
                                                                                                                              0x0040458e
                                                                                                                              0x00404596
                                                                                                                              0x0040459b
                                                                                                                              0x004045a0
                                                                                                                              0x00000000
                                                                                                                              0x004045a0
                                                                                                                              0x00404596
                                                                                                                              0x00000000
                                                                                                                              0x0040457e
                                                                                                                              0x004045a9
                                                                                                                              0x004045a9
                                                                                                                              0x004045a9
                                                                                                                              0x004045ae
                                                                                                                              0x004045b1
                                                                                                                              0x004045b3
                                                                                                                              0x004045b6
                                                                                                                              0x004045b9
                                                                                                                              0x004045c4
                                                                                                                              0x004045c6
                                                                                                                              0x004045c9
                                                                                                                              0x004045cb
                                                                                                                              0x004045cd
                                                                                                                              0x004045d3
                                                                                                                              0x004045d5
                                                                                                                              0x004045d5
                                                                                                                              0x004045bb
                                                                                                                              0x004045be
                                                                                                                              0x004045be
                                                                                                                              0x004045da
                                                                                                                              0x004045e0
                                                                                                                              0x004045e4
                                                                                                                              0x004045ea
                                                                                                                              0x004045f1
                                                                                                                              0x004045f1
                                                                                                                              0x004045f6
                                                                                                                              0x00404603
                                                                                                                              0x00404534
                                                                                                                              0x00404534
                                                                                                                              0x0040453a
                                                                                                                              0x00404604
                                                                                                                              0x00404608
                                                                                                                              0x0040460d
                                                                                                                              0x0040460f
                                                                                                                              0x00404611
                                                                                                                              0x00404619
                                                                                                                              0x00404620
                                                                                                                              0x00404625
                                                                                                                              0x00404625
                                                                                                                              0x0040462b
                                                                                                                              0x00404540
                                                                                                                              0x00404540
                                                                                                                              0x00404545
                                                                                                                              0x00404547
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00404547
                                                                                                                              0x0040453a
                                                                                                                              0x00404524
                                                                                                                              0x00404524
                                                                                                                              0x00404528
                                                                                                                              0x00404528
                                                                                                                              0x00404522
                                                                                                                              0x00404517
                                                                                                                              0x00404474
                                                                                                                              0x00404474
                                                                                                                              0x00404476
                                                                                                                              0x0040447a
                                                                                                                              0x0040447d
                                                                                                                              0x0040447f
                                                                                                                              0x004044b8
                                                                                                                              0x004044bc
                                                                                                                              0x004044bd
                                                                                                                              0x004044bf
                                                                                                                              0x004044c1
                                                                                                                              0x004044c3
                                                                                                                              0x004044c6
                                                                                                                              0x004044c8
                                                                                                                              0x004044ca
                                                                                                                              0x004044cf
                                                                                                                              0x004044d1
                                                                                                                              0x004044d3
                                                                                                                              0x004044d9
                                                                                                                              0x004044db
                                                                                                                              0x004044db
                                                                                                                              0x004044e2
                                                                                                                              0x004044e2
                                                                                                                              0x004044e5
                                                                                                                              0x004044e7
                                                                                                                              0x004044f0
                                                                                                                              0x004044f5
                                                                                                                              0x004044f5
                                                                                                                              0x004044f7
                                                                                                                              0x004044f8
                                                                                                                              0x004044f9
                                                                                                                              0x004044fa
                                                                                                                              0x00404481
                                                                                                                              0x00404481
                                                                                                                              0x00404488
                                                                                                                              0x0040448a
                                                                                                                              0x00404490
                                                                                                                              0x00404492
                                                                                                                              0x00404494
                                                                                                                              0x00404499
                                                                                                                              0x0040449b
                                                                                                                              0x0040449d
                                                                                                                              0x0040449f
                                                                                                                              0x004044a1
                                                                                                                              0x004044ac
                                                                                                                              0x004044b1
                                                                                                                              0x004044b1
                                                                                                                              0x004044b3
                                                                                                                              0x004044b4
                                                                                                                              0x004044b5
                                                                                                                              0x0040448c
                                                                                                                              0x0040448c
                                                                                                                              0x0040448d
                                                                                                                              0x0040448e
                                                                                                                              0x0040448e
                                                                                                                              0x0040448a
                                                                                                                              0x0040447f

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
                                                                                                                              • Instruction ID: a6f3f7862a5743fd60f07ae337b35688b7a953487e66f12862dc3ba09d14b1d9
                                                                                                                              • Opcode Fuzzy Hash: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
                                                                                                                              • Instruction Fuzzy Hash: 8CC115A27106000BD714AE7DDD8476AB68A9BC5716F28827FF244EB3D6DB7CCD418388
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041F7A0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E0041F7A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				void* _t64;
				intOrPtr _t65;
				long _t76;
				intOrPtr _t82;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t127;
				void* _t136;
				intOrPtr _t138;
				void* _t141;
				void* _t143;

				_t136 = __edi;
				_t140 = _t141;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t141);
				_push(0x41f9a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141 + 0xfffffd8c;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
				_t143 = _t64;
				if(_t143 < 0) {
					_t65 =  *0x4ba798; // 0x40e730
					E0040C9F0(_t65,  &_v8, _t140);
				} else {
					if(_t143 == 0) {
						_t107 =  *0x4ba670; // 0x40e738
						E0040C9F0(_t107,  &_v8, _t140);
					} else {
						if(_t64 == 7) {
							_t110 =  *0x4ba4d0; // 0x40e740
							E0040C9F0(_t110,  &_v8, _t140);
						} else {
							_t112 =  *0x4ba5c8; // 0x40e748
							E0040C9F0(_t112,  &_v8, _t140);
						}
					}
				}
				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
				_t138 = _v36.State;
				if(_t138 == 0x1000 || _t138 == 0x10000) {
					_t76 = GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105);
					_t147 = _t76;
					if(_t76 == 0) {
						goto L12;
					} else {
						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
						_v588 = 5;
						E0040858C( &_v600, 0x105,  &_v558);
						E0041A418(_v600, _t115,  &_v596, _t136, _t138, _t147);
						_v584 = _v596;
						_v580 = 0x11;
						_v576 = _v8;
						_v572 = 0x11;
						_v568 = _t115;
						_v564 = 5;
						_push( &_v592);
						_t103 =  *0x4ba6e0; // 0x40e810
						E0040C9F0(_t103,  &_v604, _t140, 3);
						E0041F2A0(_t115, _v604, 1, _t136, _t138);
					}
				} else {
					L12:
					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t115;
					_v608 = 5;
					_push( &_v628);
					_t82 =  *0x4ba67c; // 0x40e6d8
					E0040C9F0(_t82,  &_v632, _t140, 2);
					E0041F2A0(_t115, _v632, 1, _t136, _t138);
				}
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(0x41f9ad);
				E00407A20( &_v632);
				E00407A80( &_v604, 3);
				return E00407A20( &_v8);
			}






































                                                                                                                              0x0041f7a0
                                                                                                                              0x0041f7a1
                                                                                                                              0x0041f7ad
                                                                                                                              0x0041f7b3
                                                                                                                              0x0041f7b9
                                                                                                                              0x0041f7bf
                                                                                                                              0x0041f7c5
                                                                                                                              0x0041f7ca
                                                                                                                              0x0041f7cb
                                                                                                                              0x0041f7d0
                                                                                                                              0x0041f7d3
                                                                                                                              0x0041f7df
                                                                                                                              0x0041f7df
                                                                                                                              0x0041f7e2
                                                                                                                              0x0041f7f0
                                                                                                                              0x0041f7f5
                                                                                                                              0x0041f7e4
                                                                                                                              0x0041f7e4
                                                                                                                              0x0041f7ff
                                                                                                                              0x0041f804
                                                                                                                              0x0041f7e6
                                                                                                                              0x0041f7e9
                                                                                                                              0x0041f80e
                                                                                                                              0x0041f813
                                                                                                                              0x0041f7eb
                                                                                                                              0x0041f81d
                                                                                                                              0x0041f822
                                                                                                                              0x0041f822
                                                                                                                              0x0041f7e9
                                                                                                                              0x0041f7e4
                                                                                                                              0x0041f82d
                                                                                                                              0x0041f840
                                                                                                                              0x0041f845
                                                                                                                              0x0041f84e
                                                                                                                              0x0041f86c
                                                                                                                              0x0041f871
                                                                                                                              0x0041f873
                                                                                                                              0x00000000
                                                                                                                              0x0041f879
                                                                                                                              0x0041f882
                                                                                                                              0x0041f888
                                                                                                                              0x0041f8a0
                                                                                                                              0x0041f8b1
                                                                                                                              0x0041f8bc
                                                                                                                              0x0041f8c2
                                                                                                                              0x0041f8cc
                                                                                                                              0x0041f8d2
                                                                                                                              0x0041f8d9
                                                                                                                              0x0041f8df
                                                                                                                              0x0041f8ec
                                                                                                                              0x0041f8f5
                                                                                                                              0x0041f8fa
                                                                                                                              0x0041f90c
                                                                                                                              0x0041f911
                                                                                                                              0x0041f915
                                                                                                                              0x0041f915
                                                                                                                              0x0041f91e
                                                                                                                              0x0041f924
                                                                                                                              0x0041f92e
                                                                                                                              0x0041f934
                                                                                                                              0x0041f93b
                                                                                                                              0x0041f941
                                                                                                                              0x0041f94e
                                                                                                                              0x0041f957
                                                                                                                              0x0041f95c
                                                                                                                              0x0041f96e
                                                                                                                              0x0041f973
                                                                                                                              0x0041f977
                                                                                                                              0x0041f97a
                                                                                                                              0x0041f97d
                                                                                                                              0x0041f988
                                                                                                                              0x0041f998
                                                                                                                              0x0041f9a5

                                                                                                                              APIs
                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F9A6), ref: 0041F840
                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0041F9A6), ref: 0041F86C
                                                                                                                                • Part of subcall function 0040C9F0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040CA35
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileLoadModuleNameQueryStringVirtual
                                                                                                                              • String ID: 0@$8@$@@$H@
                                                                                                                              • API String ID: 902310565-4161625419
                                                                                                                              • Opcode ID: 2bcb5d97eafe9ae16bdb5e5d20f221eb3d58e794d65a866e62d276be447e8c2a
                                                                                                                              • Instruction ID: bbc3c026f35d1d6bea3ad9012fddeafd4c483e803022796d8e8ef386e34d3195
                                                                                                                              • Opcode Fuzzy Hash: 2bcb5d97eafe9ae16bdb5e5d20f221eb3d58e794d65a866e62d276be447e8c2a
                                                                                                                              • Instruction Fuzzy Hash: 69511874A04258DFCB10EF69CC89BCDB7F4AB48304F0042E6A808A7351D778AE85CF59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406688 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E00406688(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00406B30(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040688C(_t71);
								_t57 =  *0x4bb8f8; // 0x4b9284
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00406368( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                                                                              0x0040668f
                                                                                                                              0x00406691
                                                                                                                              0x00406693
                                                                                                                              0x00406696
                                                                                                                              0x00406696
                                                                                                                              0x0040669d
                                                                                                                              0x004066a4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066b2
                                                                                                                              0x004066b9
                                                                                                                              0x00406751
                                                                                                                              0x00406751
                                                                                                                              0x00406751
                                                                                                                              0x00406755
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406760
                                                                                                                              0x00406766
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406768
                                                                                                                              0x00406768
                                                                                                                              0x0040676d
                                                                                                                              0x00406773
                                                                                                                              0x0040677a
                                                                                                                              0x00406784
                                                                                                                              0x00406789
                                                                                                                              0x00406790
                                                                                                                              0x00406797
                                                                                                                              0x004067a5
                                                                                                                              0x004067b3
                                                                                                                              0x004067a7
                                                                                                                              0x004067af
                                                                                                                              0x004067af
                                                                                                                              0x004067a5
                                                                                                                              0x004067b9
                                                                                                                              0x004067db
                                                                                                                              0x004067e4
                                                                                                                              0x004067e8
                                                                                                                              0x004067ec
                                                                                                                              0x00000000
                                                                                                                              0x004067bb
                                                                                                                              0x004067bb
                                                                                                                              0x004067c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067cc
                                                                                                                              0x004067d2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004067d4
                                                                                                                              0x00000000
                                                                                                                              0x004067d4
                                                                                                                              0x004067bb
                                                                                                                              0x004067f1
                                                                                                                              0x004067f1
                                                                                                                              0x00406800
                                                                                                                              0x00406807
                                                                                                                              0x0040680a
                                                                                                                              0x0040680a
                                                                                                                              0x00000000
                                                                                                                              0x00406800
                                                                                                                              0x00000000
                                                                                                                              0x00406751
                                                                                                                              0x004066c4
                                                                                                                              0x004066ca
                                                                                                                              0x004066d0
                                                                                                                              0x0040672c
                                                                                                                              0x0040672f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406736
                                                                                                                              0x0040673e
                                                                                                                              0x00406744
                                                                                                                              0x0040674f
                                                                                                                              0x00000000
                                                                                                                              0x0040674f
                                                                                                                              0x00406746
                                                                                                                              0x00000000
                                                                                                                              0x00406746
                                                                                                                              0x00000000
                                                                                                                              0x004066d2
                                                                                                                              0x004066d5
                                                                                                                              0x00000000
                                                                                                                              0x004066e4
                                                                                                                              0x004066e4
                                                                                                                              0x004066e4
                                                                                                                              0x00000000
                                                                                                                              0x004066ed
                                                                                                                              0x004066f0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004066f5
                                                                                                                              0x0040671e
                                                                                                                              0x00406722
                                                                                                                              0x00406727
                                                                                                                              0x0040672a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040672a
                                                                                                                              0x004066fe
                                                                                                                              0x00406704
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040670b
                                                                                                                              0x0040670e
                                                                                                                              0x00406715
                                                                                                                              0x00000000
                                                                                                                              0x00406715
                                                                                                                              0x00406811
                                                                                                                              0x0040681c

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00406B30: GetCurrentThreadId.KERNEL32 ref: 00406B33
                                                                                                                              • GetTickCount.KERNEL32 ref: 004066BF
                                                                                                                              • GetTickCount.KERNEL32 ref: 004066D7
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00406706
                                                                                                                              • GetTickCount.KERNEL32 ref: 00406731
                                                                                                                              • GetTickCount.KERNEL32 ref: 00406768
                                                                                                                              • GetTickCount.KERNEL32 ref: 00406792
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00406802
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountTick$CurrentThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3968769311-0
                                                                                                                              • Opcode ID: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
                                                                                                                              • Instruction ID: 4198438d609b3d92ee1caba3903e9c970ac06421e97b93dd9799f90313ce3de1
                                                                                                                              • Opcode Fuzzy Hash: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
                                                                                                                              • Instruction Fuzzy Hash: 664182712083419ED721AE3CC58431BBAD5AF80358F16C93ED4DA973C1EB7988958756
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004971AC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 80%
                                                                                                                              			E004971AC(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E004062B0(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x4972a5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405CB8(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x495548
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B8, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x495548
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B8, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E0041DFB0(GetLastError(), _t49, 0, _t66);
						_v16 = _v20;
						_v12 = 0x11;
						_t55 =  *0x4ba740; // 0x40ea6c
						E0041F35C(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E0040711C();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x4972ac);
				return E00407A20( &_v20);
			}


















                                                                                                                              0x004971ac
                                                                                                                              0x004971ac
                                                                                                                              0x004971ac
                                                                                                                              0x004971ad
                                                                                                                              0x004971af
                                                                                                                              0x004971b6
                                                                                                                              0x004971bb
                                                                                                                              0x004971bd
                                                                                                                              0x004971c0
                                                                                                                              0x004971c0
                                                                                                                              0x004971c5
                                                                                                                              0x004971c7
                                                                                                                              0x004971ca
                                                                                                                              0x004971ce
                                                                                                                              0x004971cf
                                                                                                                              0x004971d4
                                                                                                                              0x004971d7
                                                                                                                              0x004971de
                                                                                                                              0x004971e3
                                                                                                                              0x004971e9
                                                                                                                              0x004971ee
                                                                                                                              0x004971f6
                                                                                                                              0x004971fa
                                                                                                                              0x004971fa
                                                                                                                              0x004971fa
                                                                                                                              0x004971fc
                                                                                                                              0x00497203
                                                                                                                              0x00497284
                                                                                                                              0x0049728c
                                                                                                                              0x00497205
                                                                                                                              0x00497209
                                                                                                                              0x0049722c
                                                                                                                              0x0049723e
                                                                                                                              0x0049720b
                                                                                                                              0x00497211
                                                                                                                              0x00497224
                                                                                                                              0x00497224
                                                                                                                              0x00497245
                                                                                                                              0x00497251
                                                                                                                              0x00497259
                                                                                                                              0x0049725c
                                                                                                                              0x00497266
                                                                                                                              0x00497273
                                                                                                                              0x00497278
                                                                                                                              0x00497278
                                                                                                                              0x00497245
                                                                                                                              0x00497291
                                                                                                                              0x00497294
                                                                                                                              0x00497297
                                                                                                                              0x004972a4

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(00000000,004972A5,?,00495544,00000000), ref: 00497247
                                                                                                                                • Part of subcall function 004078E0: CreateThread.KERNEL32(?,?,Function_000078A8,00000000,?,?), ref: 0040793A
                                                                                                                              • GetCurrentThread.KERNEL32 ref: 0049727F
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00497287
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Thread$Current$CreateErrorLast
                                                                                                                              • String ID: 0@G$XtI$l@
                                                                                                                              • API String ID: 3539746228-385768319
                                                                                                                              • Opcode ID: a4dc03de5b91be95089a9569e035fcfb45136a4f5e23dfed5c7514759ebadc63
                                                                                                                              • Instruction ID: 1159262e71bebd7e921a745d602ab6fc0c684f98ff6f66721209a3575415716a
                                                                                                                              • Opcode Fuzzy Hash: a4dc03de5b91be95089a9569e035fcfb45136a4f5e23dfed5c7514759ebadc63
                                                                                                                              • Instruction Fuzzy Hash: 2B31E2309287449EDB10EBB68C427AB7FE49F09304F40C87EE455973C1DA3CA545C799
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406424 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 36%
                                                                                                                              			E00406424(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00403808();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E004053F0(_v16);
						_push(_t41);
						_push(E004064D2);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00403808();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004064D9);
							return E0040540C(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E00407210();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}












                                                                                                                              0x00406425
                                                                                                                              0x00406427
                                                                                                                              0x0040642c
                                                                                                                              0x00406446
                                                                                                                              0x004064d9
                                                                                                                              0x004064d9
                                                                                                                              0x00000000
                                                                                                                              0x0040644c
                                                                                                                              0x0040644c
                                                                                                                              0x0040644f
                                                                                                                              0x00406450
                                                                                                                              0x00406452
                                                                                                                              0x00406459
                                                                                                                              0x00000000
                                                                                                                              0x00406465
                                                                                                                              0x0040646d
                                                                                                                              0x00406472
                                                                                                                              0x00406473
                                                                                                                              0x00406478
                                                                                                                              0x0040647b
                                                                                                                              0x00406481
                                                                                                                              0x00406485
                                                                                                                              0x00406486
                                                                                                                              0x0040648b
                                                                                                                              0x00406492
                                                                                                                              0x004064bc
                                                                                                                              0x004064be
                                                                                                                              0x004064c1
                                                                                                                              0x004064c4
                                                                                                                              0x004064d1
                                                                                                                              0x00406494
                                                                                                                              0x00406494
                                                                                                                              0x004064af
                                                                                                                              0x004064b2
                                                                                                                              0x004064ba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004064ba
                                                                                                                              0x004064a5
                                                                                                                              0x004064a8
                                                                                                                              0x004064e0
                                                                                                                              0x004064e6
                                                                                                                              0x004064e6
                                                                                                                              0x00406492
                                                                                                                              0x00406459
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00406439
                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040643F
                                                                                                                              • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040645B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressErrorHandleLastModuleProc
                                                                                                                              • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                                                                              • API String ID: 4275029093-79381301
                                                                                                                              • Opcode ID: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
                                                                                                                              • Instruction ID: 8f5f9a4eb212fab3c4852abc810e80ead921d34dcce11bc4c58bc7a6251dba94
                                                                                                                              • Opcode Fuzzy Hash: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
                                                                                                                              • Instruction Fuzzy Hash: 52116371D00208BEDB20EFA5D84576EBBA8EB40705F1184BBF815F32C1D67D9A908B1D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004076B8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 43%
                                                                                                                              			E004076B8(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x4bb058 == 0) {
					if( *0x4b7032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403780();
					}
					return _t3;
				} else {
					if( *0x4bb344 == 0xd7b2 &&  *0x4bb34c > 0) {
						 *0x4bb35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E00408240(0x40774c);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                                                                              0x004076c0
                                                                                                                              0x00407726
                                                                                                                              0x00407728
                                                                                                                              0x0040772a
                                                                                                                              0x0040772f
                                                                                                                              0x00407734
                                                                                                                              0x00407736
                                                                                                                              0x00407736
                                                                                                                              0x0040773c
                                                                                                                              0x004076c2
                                                                                                                              0x004076cb
                                                                                                                              0x004076db
                                                                                                                              0x004076db
                                                                                                                              0x004076f7
                                                                                                                              0x0040770a
                                                                                                                              0x0040771e
                                                                                                                              0x0040771e

                                                                                                                              APIs
                                                                                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                                                                              • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleWrite
                                                                                                                              • String ID: Error$Runtime error at 00000000
                                                                                                                              • API String ID: 3320372497-2970929446
                                                                                                                              • Opcode ID: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
                                                                                                                              • Instruction ID: db14fa18f2a627875cbdcf208ba1e0af1765c14dc112cf76e17f9611cef7a876
                                                                                                                              • Opcode Fuzzy Hash: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
                                                                                                                              • Instruction Fuzzy Hash: DFF0C2A1A8C24079FA2077A94C47F5A269C8740B16F108A3FF610B61D1C7FD6584937E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420524 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00420524(void* __ebx, void* __esi) {
				intOrPtr _t4;
				intOrPtr _t6;

				if(E0041FF68(6, 0) == 0) {
					_t4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"NTDLL.DLL"), L"RtlCompareUnicodeString");
					 *0x4be914 = _t4;
					 *0x4be910 = E00420428;
					return _t4;
				} else {
					_t6 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"CompareStringOrdinal");
					 *0x4be910 = _t6;
					return _t6;
				}
			}





                                                                                                                              0x00420532
                                                                                                                              0x0042055f
                                                                                                                              0x00420564
                                                                                                                              0x00420569
                                                                                                                              0x00420573
                                                                                                                              0x00420534
                                                                                                                              0x00420544
                                                                                                                              0x00420549
                                                                                                                              0x0042054e
                                                                                                                              0x0042054e

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,CompareStringOrdinal,004B5A2E,00000000,004B5A41), ref: 0042053E
                                                                                                                                • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                                                                              • GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlCompareUnicodeString,004B5A2E,00000000,004B5A41), ref: 00420559
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule$AddressProc
                                                                                                                              • String ID: CompareStringOrdinal$NTDLL.DLL$RtlCompareUnicodeString$kernel32.dll
                                                                                                                              • API String ID: 1883125708-3870080525
                                                                                                                              • Opcode ID: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
                                                                                                                              • Instruction ID: 4ba185d4141586243d2650af69d43cb091b5da9faf927984522c9bbe9ad7037f
                                                                                                                              • Opcode Fuzzy Hash: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
                                                                                                                              • Instruction Fuzzy Hash: 04E08CF0B4232036E644FB672C0769929C51B85709BD04A3F7004BA1D7DBBE42659E2E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0042931C Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E0042931C(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E00428FDC(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L00427254();
					return E00428FDC(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L00427828();
						_t123 = _t64;
						if(_t123 == 0) {
							E00428D34(_t110);
						}
						E00429278(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E00429294(_v788 - 1, _t125) != 0) {
								L00427840();
								E00428FDC(_v792);
								L00427840();
								E00428FDC( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004292C4(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L00427830();
							E00428FDC(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L00427838();
							E00428FDC(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                              0x0042931c
                                                                                                                              0x00429328
                                                                                                                              0x0042932e
                                                                                                                              0x00429334
                                                                                                                              0x00429344
                                                                                                                              0x0042934b
                                                                                                                              0x0042934b
                                                                                                                              0x00429356
                                                                                                                              0x00429364
                                                                                                                              0x004294ef
                                                                                                                              0x004294f6
                                                                                                                              0x004294f7
                                                                                                                              0x00000000
                                                                                                                              0x0042936a
                                                                                                                              0x0042936d
                                                                                                                              0x0042938b
                                                                                                                              0x0042936f
                                                                                                                              0x0042937a
                                                                                                                              0x0042937a
                                                                                                                              0x0042939a
                                                                                                                              0x004293a6
                                                                                                                              0x004293a9
                                                                                                                              0x00429416
                                                                                                                              0x0042941c
                                                                                                                              0x0042941d
                                                                                                                              0x00429423
                                                                                                                              0x00429424
                                                                                                                              0x00429426
                                                                                                                              0x0042942b
                                                                                                                              0x0042942f
                                                                                                                              0x00429431
                                                                                                                              0x00429431
                                                                                                                              0x0042943c
                                                                                                                              0x00429447
                                                                                                                              0x00429452
                                                                                                                              0x0042945b
                                                                                                                              0x0042945e
                                                                                                                              0x0042947a
                                                                                                                              0x00429481
                                                                                                                              0x0042948c
                                                                                                                              0x004294a3
                                                                                                                              0x004294a8
                                                                                                                              0x004294bc
                                                                                                                              0x004294c1
                                                                                                                              0x004294d4
                                                                                                                              0x004294d4
                                                                                                                              0x004294dd
                                                                                                                              0x00429460
                                                                                                                              0x00429460
                                                                                                                              0x00429461
                                                                                                                              0x00429467
                                                                                                                              0x0042946d
                                                                                                                              0x0042946f
                                                                                                                              0x00429471
                                                                                                                              0x00429474
                                                                                                                              0x00429477
                                                                                                                              0x00429477
                                                                                                                              0x0042947a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042947a
                                                                                                                              0x004293ab
                                                                                                                              0x004293ab
                                                                                                                              0x004293ac
                                                                                                                              0x004293ae
                                                                                                                              0x004293b4
                                                                                                                              0x004293b6
                                                                                                                              0x004293c5
                                                                                                                              0x004293c6
                                                                                                                              0x004293d0
                                                                                                                              0x004293d1
                                                                                                                              0x004293d6
                                                                                                                              0x004293e1
                                                                                                                              0x004293e2
                                                                                                                              0x004293ec
                                                                                                                              0x004293ed
                                                                                                                              0x004293f2
                                                                                                                              0x0042940d
                                                                                                                              0x0042940f
                                                                                                                              0x00429410
                                                                                                                              0x00429413
                                                                                                                              0x00429413
                                                                                                                              0x00000000
                                                                                                                              0x004293b4
                                                                                                                              0x004293a9

                                                                                                                              APIs
                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004293D1
                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004293ED
                                                                                                                              • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00429426
                                                                                                                              • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004294A3
                                                                                                                              • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004294BC
                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 004294F7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 351091851-0
                                                                                                                              • Opcode ID: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
                                                                                                                              • Instruction ID: 2fed5c09d90993a71d142947efe00684c7910c2ed580f9cb9a97fb5731140b2d
                                                                                                                              • Opcode Fuzzy Hash: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
                                                                                                                              • Instruction Fuzzy Hash: 4B51EE75A012299FCB21DB59D981BDAB3FCAF0C304F8041DAF548E7211D634AF858F65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004AFA44 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 34%
                                                                                                                              			E004AFA44(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t24;
				intOrPtr _t28;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_push(0);
				_push(0);
				_t24 = __eax;
				_push(_t35);
				_push(0x4aface);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				if(( *0x4c1d61 & 0x00000001) == 0) {
					E00407A20( &_v8);
				} else {
					E00407E48( &_v8, L"/ALLUSERS\r\nInstructs Setup to install in administrative install mode.\r\n/CURRENTUSER\r\nInstructs Setup to install in non administrative install mode.\r\n");
				}
				_push(L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/FORCECLOSEAPPLICATIONS\r\nInstructs Setup to force close when closing applications.\r\n/FORCENOCLOSEAPPLICATIONS\r\nPrevents Setup from force closing when closing applications.\r\n/LOGCLOSEAPPLICATIONS\r\nInstructs Setup to create extra logging when closing applications for debugging purposes.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n");
				_push(_v8);
				_push(_t24);
				_push(0x4b0f94);
				_push(L"For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				E004087C4( &_v12, _t24, 5, _t31, _t32);
				MessageBoxW(0, E004084EC(_v12), L"Setup", 0x10);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E004AFAD5);
				return E00407A80( &_v12, 2);
			}










                                                                                                                              0x004afa44
                                                                                                                              0x004afa44
                                                                                                                              0x004afa47
                                                                                                                              0x004afa49
                                                                                                                              0x004afa4c
                                                                                                                              0x004afa50
                                                                                                                              0x004afa51
                                                                                                                              0x004afa56
                                                                                                                              0x004afa59
                                                                                                                              0x004afa63
                                                                                                                              0x004afa77
                                                                                                                              0x004afa65
                                                                                                                              0x004afa6d
                                                                                                                              0x004afa6d
                                                                                                                              0x004afa7c
                                                                                                                              0x004afa81
                                                                                                                              0x004afa84
                                                                                                                              0x004afa85
                                                                                                                              0x004afa8a
                                                                                                                              0x004afa97
                                                                                                                              0x004afaae
                                                                                                                              0x004afab5
                                                                                                                              0x004afab8
                                                                                                                              0x004afabb
                                                                                                                              0x004afacd

                                                                                                                              APIs
                                                                                                                              • MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFAAE
                                                                                                                              Strings
                                                                                                                              • Setup, xrefs: 004AFA9E
                                                                                                                              • For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline, xrefs: 004AFA8A
                                                                                                                              • /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat, xrefs: 004AFA68
                                                                                                                              • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 004AFA7C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Message
                                                                                                                              • String ID: /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat$For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline$Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
                                                                                                                              • API String ID: 2030045667-3391638011
                                                                                                                              • Opcode ID: 66245cf56300a1c7c541050b9d52e7f7cee767bf73c9c42da64b4bca2bf40a85
                                                                                                                              • Instruction ID: 307a18092975e57fce7d36cb0845ad1ef4e0a75d88e156d2955b45763d379f25
                                                                                                                              • Opcode Fuzzy Hash: 66245cf56300a1c7c541050b9d52e7f7cee767bf73c9c42da64b4bca2bf40a85
                                                                                                                              • Instruction Fuzzy Hash: D701A230748308BBE711E7D1CD52FDEB6A8D74AB04FA0047BB904B25D1D6BC6A09852D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0042F9B8 Relevance: 7.8, APIs: 5, Instructions: 335COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E0042F9B8(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebx;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t360;
				void* _t362;
				intOrPtr _t363;

				_t367 = __fp0;
				_t358 = __edi;
				_t360 = _t362;
				_t363 = _t362 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E00430860(_t272,  &_v20) != 0) {
								_push( &_v14);
								_t273 =  *_v20;
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E00430860(_t275,  &_v24) != 0) {
											_push( &_v12);
											_t276 =  *_v24;
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E00428BF0(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L00427244();
													_push(_t360);
													_push(0x42fdb0);
													_push( *[fs:eax]);
													 *[fs:eax] = _t363;
													_t289 = _v12 & 0x0000ffff;
													E004299A4( &_v48, _t276, _v12 & 0x0000ffff, _v28, __edi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E00428AF8(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(0x42fde5);
													return E00429278( &_v48);
												}
											}
										} else {
											E00428BF0(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42fcf7);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t294 =  *_v32 & 0x0000ffff;
										E004299A4( &_v48, _t275,  *_v32 & 0x0000ffff, _v28, __edi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E00428AF8(_t294);
										}
										_v9 = E0042F7D0( &_v48, _v8, _v32, _t358, _t360, _t367);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42fc52);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t299 = _v14 & 0x0000ffff;
										E004299A4( &_v48, _t273, _v14 & 0x0000ffff, _v32, __edi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E00428AF8(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								}
							} else {
								E00428BF0(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F550(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E0042F53C(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E00430860( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								_t282 =  *_v24;
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L00427244();
									_push(_t360);
									_push(0x42fb63);
									_push( *[fs:eax]);
									 *[fs:eax] = _t363;
									_t306 =  *_v28 & 0x0000ffff;
									E004299A4( &_v48, _t282,  *_v28 & 0x0000ffff, _v32, __edi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E00428AF8(_t306);
									}
									_v9 = E0042F7D0(_v28, _v8,  &_v48, _t358, _t360, _t367);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(0x42fde5);
									return E00429278( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42facc);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t311 = _v12 & 0x0000ffff;
										E004299A4( &_v48, _t282, _v12 & 0x0000ffff, _v28, __edi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E00428AF8(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								}
							} else {
								E00428BF0(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F550(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E0042F53C(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}
























                                                                                                                              0x0042f9b8
                                                                                                                              0x0042f9b8
                                                                                                                              0x0042f9b9
                                                                                                                              0x0042f9bb
                                                                                                                              0x0042f9bf
                                                                                                                              0x0042f9c2
                                                                                                                              0x0042f9c5
                                                                                                                              0x0042f9c8
                                                                                                                              0x0042f9cf
                                                                                                                              0x0042f9dc
                                                                                                                              0x0042fb6d
                                                                                                                              0x0042fb73
                                                                                                                              0x0042fb8a
                                                                                                                              0x0042fbac
                                                                                                                              0x0042fbbb
                                                                                                                              0x0042fbc7
                                                                                                                              0x0042fbce
                                                                                                                              0x0042fc88
                                                                                                                              0x0042fc95
                                                                                                                              0x0042fd0a
                                                                                                                              0x0042fd19
                                                                                                                              0x0042fd25
                                                                                                                              0x0042fd2c
                                                                                                                              0x0042fde0
                                                                                                                              0x00000000
                                                                                                                              0x0042fd32
                                                                                                                              0x0042fd3c
                                                                                                                              0x0042fdd6
                                                                                                                              0x0042fddb
                                                                                                                              0x00000000
                                                                                                                              0x0042fd3e
                                                                                                                              0x0042fd41
                                                                                                                              0x0042fd42
                                                                                                                              0x0042fd49
                                                                                                                              0x0042fd4a
                                                                                                                              0x0042fd4f
                                                                                                                              0x0042fd52
                                                                                                                              0x0042fd55
                                                                                                                              0x0042fd5f
                                                                                                                              0x0042fd6c
                                                                                                                              0x0042fd6e
                                                                                                                              0x0042fd6e
                                                                                                                              0x0042fd92
                                                                                                                              0x0042fd97
                                                                                                                              0x0042fd9c
                                                                                                                              0x0042fd9f
                                                                                                                              0x0042fda2
                                                                                                                              0x0042fdaf
                                                                                                                              0x0042fdaf
                                                                                                                              0x0042fd3c
                                                                                                                              0x0042fd0c
                                                                                                                              0x0042fd0c
                                                                                                                              0x00000000
                                                                                                                              0x0042fd0c
                                                                                                                              0x0042fc97
                                                                                                                              0x0042fc9a
                                                                                                                              0x0042fc9b
                                                                                                                              0x0042fca2
                                                                                                                              0x0042fca3
                                                                                                                              0x0042fca8
                                                                                                                              0x0042fcab
                                                                                                                              0x0042fcb1
                                                                                                                              0x0042fcba
                                                                                                                              0x0042fcc9
                                                                                                                              0x0042fccb
                                                                                                                              0x0042fccb
                                                                                                                              0x0042fcde
                                                                                                                              0x0042fce3
                                                                                                                              0x0042fce6
                                                                                                                              0x0042fce9
                                                                                                                              0x0042fcf6
                                                                                                                              0x0042fcf6
                                                                                                                              0x0042fbd4
                                                                                                                              0x0042fbde
                                                                                                                              0x0042fc78
                                                                                                                              0x0042fc7d
                                                                                                                              0x00000000
                                                                                                                              0x0042fbe0
                                                                                                                              0x0042fbe3
                                                                                                                              0x0042fbe4
                                                                                                                              0x0042fbeb
                                                                                                                              0x0042fbec
                                                                                                                              0x0042fbf1
                                                                                                                              0x0042fbf4
                                                                                                                              0x0042fbf7
                                                                                                                              0x0042fc01
                                                                                                                              0x0042fc0e
                                                                                                                              0x0042fc10
                                                                                                                              0x0042fc10
                                                                                                                              0x0042fc34
                                                                                                                              0x0042fc39
                                                                                                                              0x0042fc3e
                                                                                                                              0x0042fc41
                                                                                                                              0x0042fc44
                                                                                                                              0x0042fc51
                                                                                                                              0x0042fc51
                                                                                                                              0x0042fbde
                                                                                                                              0x0042fbae
                                                                                                                              0x0042fbae
                                                                                                                              0x00000000
                                                                                                                              0x0042fbae
                                                                                                                              0x0042fb8c
                                                                                                                              0x0042fb98
                                                                                                                              0x00000000
                                                                                                                              0x0042fb98
                                                                                                                              0x0042fb75
                                                                                                                              0x0042fb7e
                                                                                                                              0x00000000
                                                                                                                              0x0042fb7e
                                                                                                                              0x0042f9e2
                                                                                                                              0x0042f9e5
                                                                                                                              0x0042f9fc
                                                                                                                              0x0042fa22
                                                                                                                              0x0042fa31
                                                                                                                              0x0042fa3d
                                                                                                                              0x0042fa44
                                                                                                                              0x0042fb02
                                                                                                                              0x0042fb03
                                                                                                                              0x0042fb0a
                                                                                                                              0x0042fb0b
                                                                                                                              0x0042fb10
                                                                                                                              0x0042fb13
                                                                                                                              0x0042fb19
                                                                                                                              0x0042fb22
                                                                                                                              0x0042fb35
                                                                                                                              0x0042fb37
                                                                                                                              0x0042fb37
                                                                                                                              0x0042fb4a
                                                                                                                              0x0042fb4f
                                                                                                                              0x0042fb52
                                                                                                                              0x0042fb55
                                                                                                                              0x0042fb62
                                                                                                                              0x0042fa4a
                                                                                                                              0x0042fa54
                                                                                                                              0x0042faf2
                                                                                                                              0x0042faf7
                                                                                                                              0x00000000
                                                                                                                              0x0042fa56
                                                                                                                              0x0042fa59
                                                                                                                              0x0042fa5a
                                                                                                                              0x0042fa61
                                                                                                                              0x0042fa62
                                                                                                                              0x0042fa67
                                                                                                                              0x0042fa6a
                                                                                                                              0x0042fa6d
                                                                                                                              0x0042fa77
                                                                                                                              0x0042fa88
                                                                                                                              0x0042fa8a
                                                                                                                              0x0042fa8a
                                                                                                                              0x0042faae
                                                                                                                              0x0042fab3
                                                                                                                              0x0042fab8
                                                                                                                              0x0042fabb
                                                                                                                              0x0042fabe
                                                                                                                              0x0042facb
                                                                                                                              0x0042facb
                                                                                                                              0x0042fa54
                                                                                                                              0x0042fa24
                                                                                                                              0x0042fa24
                                                                                                                              0x00000000
                                                                                                                              0x0042fa24
                                                                                                                              0x0042f9fe
                                                                                                                              0x0042fa0a
                                                                                                                              0x00000000
                                                                                                                              0x0042fa0a
                                                                                                                              0x0042f9e7
                                                                                                                              0x0042f9f0
                                                                                                                              0x0042fde5
                                                                                                                              0x0042fded
                                                                                                                              0x0042fded
                                                                                                                              0x0042f9e5

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c6922fb93c990c72bf9a49bf3daa94017bfe3b7264ddd93f55e738123a9900a9
                                                                                                                              • Instruction ID: 1b6310f250808118d38827de8a535e3b6e70e535f73b2508e71121fbf0c58563
                                                                                                                              • Opcode Fuzzy Hash: c6922fb93c990c72bf9a49bf3daa94017bfe3b7264ddd93f55e738123a9900a9
                                                                                                                              • Instruction Fuzzy Hash: 41D19D75E0011A9FCB00EFA9D4919FEB7B5EF48300BD080B6E801A7245D638AD4ADB69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041C790 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E0041C790(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x41c873);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E00407A20(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E00407E48( &_v8, L"yyyy");
				} else {
					E00407E48( &_v8, 0x41c88c);
				}
				_t32 = E004084EC(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E0040858C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E004088AC( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41c87a);
				return E00407A20( &_v8);
			}














                                                                                                                              0x0041c79d
                                                                                                                              0x0041c7a0
                                                                                                                              0x0041c7a2
                                                                                                                              0x0041c7a6
                                                                                                                              0x0041c7a7
                                                                                                                              0x0041c7ac
                                                                                                                              0x0041c7af
                                                                                                                              0x0041c7b4
                                                                                                                              0x0041c7c0
                                                                                                                              0x0041c7cb
                                                                                                                              0x0041c7d6
                                                                                                                              0x0041c7dd
                                                                                                                              0x0041c7f6
                                                                                                                              0x0041c7df
                                                                                                                              0x0041c7e7
                                                                                                                              0x0041c7e7
                                                                                                                              0x0041c80a
                                                                                                                              0x0041c823
                                                                                                                              0x0041c832
                                                                                                                              0x0041c838
                                                                                                                              0x0041c842
                                                                                                                              0x0041c846
                                                                                                                              0x0041c84b
                                                                                                                              0x0041c84b
                                                                                                                              0x0041c858
                                                                                                                              0x0041c858
                                                                                                                              0x0041c838
                                                                                                                              0x0041c85f
                                                                                                                              0x0041c862
                                                                                                                              0x0041c865
                                                                                                                              0x0041c872

                                                                                                                              APIs
                                                                                                                              • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C816
                                                                                                                              • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C81C
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DateFormatLocaleThread
                                                                                                                              • String ID: $yyyy
                                                                                                                              • API String ID: 3303714858-404527807
                                                                                                                              • Opcode ID: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
                                                                                                                              • Instruction ID: d4c72dfe3e93bc103dd676e1b73ac12d517b544291048ec360f079cc1ca068dc
                                                                                                                              • Opcode Fuzzy Hash: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
                                                                                                                              • Instruction Fuzzy Hash: 9A215335A442189BDB11EF95CDC1AAEB3B8EF08701F5144BBFC45E7281D7789E4087AA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041EEFC Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E0041EEFC(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				intOrPtr _t55;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41f0a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					GetModuleFileNameW( *0x4be634,  &_v1056, 0x105);
					_v12 = E0041EEF0(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E0041A57C( &_v534, 0x104, E00420608() + 2);
				_t83 = 0x41f0bc;
				_t100 = 0x41f0bc;
				_t95 =  *0x414db8; // 0x414e10
				if(E00405F30(_t102, _t95) != 0) {
					_t83 = E004084EC( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00407F04(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41f0c0;
					}
				}
				_t55 =  *0x4ba774; // 0x40e708
				_t18 = _t55 + 4; // 0xffec
				LoadStringW(E00409FF0( *0x4be634),  *_t18,  &_v1568, 0x100);
				E00405BE8( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A814(4,  &_v1636);
				E00407F04(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41f0af);
				return E00407A20( &_v1640);
			}





























                                                                                                                              0x0041ef0a
                                                                                                                              0x0041ef10
                                                                                                                              0x0041ef13
                                                                                                                              0x0041ef15
                                                                                                                              0x0041ef19
                                                                                                                              0x0041ef1a
                                                                                                                              0x0041ef1f
                                                                                                                              0x0041ef22
                                                                                                                              0x0041ef2f
                                                                                                                              0x0041ef3e
                                                                                                                              0x0041ef6e
                                                                                                                              0x0041ef7a
                                                                                                                              0x0041ef7f
                                                                                                                              0x0041ef85
                                                                                                                              0x0041ef85
                                                                                                                              0x0041efa7
                                                                                                                              0x0041efac
                                                                                                                              0x0041efb1
                                                                                                                              0x0041efb8
                                                                                                                              0x0041efc5
                                                                                                                              0x0041efcf
                                                                                                                              0x0041efd3
                                                                                                                              0x0041efda
                                                                                                                              0x0041efe4
                                                                                                                              0x0041efe4
                                                                                                                              0x0041efda
                                                                                                                              0x0041eff5
                                                                                                                              0x0041effa
                                                                                                                              0x0041f009
                                                                                                                              0x0041f016
                                                                                                                              0x0041f021
                                                                                                                              0x0041f027
                                                                                                                              0x0041f034
                                                                                                                              0x0041f03a
                                                                                                                              0x0041f044
                                                                                                                              0x0041f04a
                                                                                                                              0x0041f051
                                                                                                                              0x0041f057
                                                                                                                              0x0041f05e
                                                                                                                              0x0041f064
                                                                                                                              0x0041f080
                                                                                                                              0x0041f088
                                                                                                                              0x0041f091
                                                                                                                              0x0041f094
                                                                                                                              0x0041f097
                                                                                                                              0x0041f0a7

                                                                                                                              APIs
                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
                                                                                                                              • LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3990497365-0
                                                                                                                              • Opcode ID: b8be0fea34dc80bb7553a8da0885c656d5cafed23f6e23429f91232411ad397e
                                                                                                                              • Instruction ID: 1578eb45e464442e6080653f6025888c356fcaddc808aab3f6789ba0ce71ce89
                                                                                                                              • Opcode Fuzzy Hash: b8be0fea34dc80bb7553a8da0885c656d5cafed23f6e23429f91232411ad397e
                                                                                                                              • Instruction Fuzzy Hash: 3E412374A002589FDB20DF59CC81BCAB7F9AB58304F4044FAE508E7242D7799E95CF59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A6C8 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E0040A6C8(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x4bdc08()) {
					_v16 = E0040A684( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x4bdc04(4,  &_v32,  &_v20);
				}
				_t39 = E0040A684( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00408550(_t81, _t67);
					_t39 = E0040540C(_t67);
				}
				if(_v16 != 0) {
					 *0x4bdc04(0, 0,  &_v20);
					_t68 = E0040A684( &_v12);
					if(_v8 != _v12 || E0040A660(_v16, _v12, _t68) != 0) {
						 *0x4bdc04(8, _v16,  &_v20);
					}
					E0040540C(_t68);
					return E0040540C(_v16);
				}
				return _t39;
			}





















                                                                                                                              0x0040a6d0
                                                                                                                              0x0040a6d2
                                                                                                                              0x0040a6d6
                                                                                                                              0x0040a6e2
                                                                                                                              0x0040a6ec
                                                                                                                              0x0040a6ef
                                                                                                                              0x0040a6f1
                                                                                                                              0x0040a6f8
                                                                                                                              0x0040a6fb
                                                                                                                              0x0040a70c
                                                                                                                              0x0040a712
                                                                                                                              0x0040a715
                                                                                                                              0x0040a718
                                                                                                                              0x0040a71b
                                                                                                                              0x0040a721
                                                                                                                              0x0040a727
                                                                                                                              0x0040a737
                                                                                                                              0x0040a737
                                                                                                                              0x0040a740
                                                                                                                              0x0040a745
                                                                                                                              0x0040a749
                                                                                                                              0x0040a74e
                                                                                                                              0x0040a753
                                                                                                                              0x0040a755
                                                                                                                              0x0040a756
                                                                                                                              0x0040a75d
                                                                                                                              0x0040a765
                                                                                                                              0x0040a76a
                                                                                                                              0x0040a76a
                                                                                                                              0x0040a770
                                                                                                                              0x0040a773
                                                                                                                              0x0040a773
                                                                                                                              0x0040a75d
                                                                                                                              0x0040a77a
                                                                                                                              0x0040a781
                                                                                                                              0x0040a781
                                                                                                                              0x0040a78a
                                                                                                                              0x0040a794
                                                                                                                              0x0040a7a2
                                                                                                                              0x0040a7aa
                                                                                                                              0x0040a7c7
                                                                                                                              0x0040a7c7
                                                                                                                              0x0040a7cf
                                                                                                                              0x00000000
                                                                                                                              0x0040a7d7
                                                                                                                              0x0040a7e1

                                                                                                                              APIs
                                                                                                                              • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040A6D9
                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040A737
                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040A794
                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040A7C7
                                                                                                                                • Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040A745), ref: 0040A69B
                                                                                                                                • Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040A745), ref: 0040A6B8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Thread$LanguagesPreferred$Language
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2255706666-0
                                                                                                                              • Opcode ID: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
                                                                                                                              • Instruction ID: 64ac70e7ec2a8712ea9b0e83aabe60772fb1db60419ab041f5eb1837937ee239
                                                                                                                              • Opcode Fuzzy Hash: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
                                                                                                                              • Instruction Fuzzy Hash: 97317070E0021A9BDB10DFA9C884AAFB7B8EF04304F00867AE555E7291EB789E05CB55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00420BD8() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040E1A8(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x4b7e30 = _t1;
				}
				if( *0x4b7e30 == 0) {
					 *0x4b7e30 = E0041A4DC;
					return E0041A4DC;
				}
				return _t1;
			}






                                                                                                                              0x00420bde
                                                                                                                              0x00420be3
                                                                                                                              0x00420be7
                                                                                                                              0x00420bef
                                                                                                                              0x00420bf4
                                                                                                                              0x00420bf4
                                                                                                                              0x00420c00
                                                                                                                              0x00420c07
                                                                                                                              0x00000000
                                                                                                                              0x00420c07
                                                                                                                              0x00420c0d

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,00420CB4,00000000,00420CCC,?,?,00420C69), ref: 00420BDE
                                                                                                                                • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.827959153.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.827945875.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828258777.00000000004B7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828287634.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828320872.00000000004C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.828346200.00000000004C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                              • String ID: GetDiskFreeSpaceExW$kernel32.dll
                                                                                                                              • API String ID: 1646373207-1127948838
                                                                                                                              • Opcode ID: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
                                                                                                                              • Instruction ID: d69f2d486575a746b5ffe9d6a82661523d0842203aaa5c8b8dd0cb43f1f92830
                                                                                                                              • Opcode Fuzzy Hash: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
                                                                                                                              • Instruction Fuzzy Hash: 31D05EB03143165FE7056BB2ACC561636C6AB86304B900B7BA5046A243CBFDDC50434C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:12.3%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:1.7%
                                                                                                                              Total number of Nodes:1798
                                                                                                                              Total number of Limit Nodes:107
                                                                                                                              execution_graph 22293 42b8a3 SetErrorMode 22294 406ea1 CloseHandle 22295 406ec4 22294->22295 22296 406ec9 22294->22296 22308 406874 10 API calls 22295->22308 22298 406ed2 VirtualFree 22296->22298 22299 406eeb 22296->22299 22298->22299 22302 406df0 22299->22302 22303 406e15 22302->22303 22304 406e03 VirtualFree 22303->22304 22305 406e19 22303->22305 22304->22303 22306 406e95 22305->22306 22307 406e7f VirtualFree 22305->22307 22307->22305 22308->22296 22309 405a04 22310 405c64 22309->22310 22311 405a1c 22309->22311 22312 405d7c 22310->22312 22313 405c28 22310->22313 22320 405a2e 22311->22320 22325 405ab9 Sleep 22311->22325 22314 4057b0 VirtualAlloc 22312->22314 22315 405d85 22312->22315 22322 405c42 Sleep 22313->22322 22323 405c82 22313->22323 22317 4057eb 22314->22317 22318 4057db 22314->22318 22316 405a3d 22333 405764 Sleep Sleep 22318->22333 22320->22316 22321 405b1c 22320->22321 22328 405afd Sleep 22320->22328 22332 405b28 22321->22332 22334 4056e8 22321->22334 22322->22323 22324 405c58 Sleep 22322->22324 22327 405ca0 22323->22327 22329 4056e8 VirtualAlloc 22323->22329 22324->22313 22325->22320 22326 405acf Sleep 22325->22326 22326->22311 22328->22321 22331 405b13 Sleep 22328->22331 22329->22327 22331->22320 22333->22317 22338 40567c 22334->22338 22336 4056f1 VirtualAlloc 22337 405708 22336->22337 22337->22332 22339 40561c 22338->22339 22339->22336 22340 6ace20 22341 6ace42 22340->22341 22342 6ace30 FreeLibrary 22340->22342 22342->22341 22343 5b85f0 PeekMessageW 22344 5b86f2 22343->22344 22345 5b8611 22343->22345 22346 5b8617 IsWindowUnicode 22345->22346 22347 5b8621 22345->22347 22346->22347 22348 5b8648 PeekMessageA 22347->22348 22349 5b8632 PeekMessageW 22347->22349 22350 5b865c 22348->22350 22349->22350 22350->22344 22364 5ba368 GetCapture 22350->22364 22352 5b8697 22352->22344 22371 5b8488 22352->22371 22361 5b86d5 TranslateMessage 22362 5b86ea DispatchMessageA 22361->22362 22363 5b86e2 DispatchMessageW 22361->22363 22362->22344 22363->22344 22365 5ba38f 22364->22365 22366 5ba37d 22364->22366 22365->22352 22366->22365 22399 50e958 7 API calls 22366->22399 22368 5ba39a 22368->22365 22369 5ba3a0 GetParent 22368->22369 22400 50e958 7 API calls 22368->22400 22369->22365 22369->22368 22372 5b849c 22371->22372 22373 5b84b3 22371->22373 22372->22373 22401 5b9948 163 API calls 22372->22401 22373->22344 22375 5b8340 22373->22375 22376 5b838a 22375->22376 22377 5b8350 22375->22377 22376->22344 22379 5b8390 22376->22379 22377->22376 22378 5b8377 TranslateMDISysAccel 22377->22378 22378->22376 22380 5b83ab 22379->22380 22381 5b847e 22379->22381 22380->22381 22382 5b83b6 GetCapture 22380->22382 22381->22344 22394 5b82f8 22381->22394 22383 5b83c1 22382->22383 22384 5b8440 GetWindowThreadProcessId GetWindowThreadProcessId 22382->22384 22387 5b83f2 22383->22387 22389 5b83db GetParent 22383->22389 22390 5b83d2 22383->22390 22402 50e9b4 7 API calls 22383->22402 22384->22381 22385 5b8461 SendMessageW 22384->22385 22385->22381 22393 5b841d 22385->22393 22388 5b83f8 IsWindowUnicode 22387->22388 22387->22390 22391 5b8402 SendMessageW 22388->22391 22392 5b8421 SendMessageA 22388->22392 22389->22383 22390->22388 22391->22381 22391->22393 22392->22381 22392->22393 22393->22381 22395 5b8309 IsWindowUnicode 22394->22395 22396 5b833d 22394->22396 22397 5b832a IsDialogMessageA 22395->22397 22398 5b8315 IsDialogMessageW 22395->22398 22396->22344 22396->22361 22397->22396 22398->22396 22399->22368 22400->22368 22401->22373 22402->22383 22403 6c4660 22415 410ba8 GetModuleHandleW 22403->22415 22409 6c46d5 22426 6b9870 22409->22426 22411 6c46e7 22457 5b8250 22411->22457 22414 6c4767 22416 410be3 22415->22416 22465 409c2c 22416->22465 22419 6b9800 GetModuleHandleW 22486 414020 22419->22486 22421 6b9815 22422 5b8740 22421->22422 22423 5b874f 22422->22423 22425 5b876c 22422->22425 22424 5b8759 SendMessageW 22423->22424 22423->22425 22424->22425 22425->22409 22497 610358 14 API calls 22426->22497 22428 6b989e 22443 6b99a8 22428->22443 22498 5c6f50 13 API calls 22428->22498 22432 6b98bc 22433 6b990d 22432->22433 22455 6b98c2 22432->22455 22436 6b999c 22433->22436 22437 6b9917 22433->22437 22434 40a228 12 API calls 22435 6b9a23 22434->22435 22435->22411 22440 6b99aa 22436->22440 22441 6b99a4 22436->22441 22520 5c6fb0 14 API calls 22437->22520 22439 5c6fb0 14 API calls 22439->22455 22522 6b8998 136 API calls 22440->22522 22441->22443 22524 6b9138 284 API calls 22441->22524 22442 6b9927 22499 5cbfb8 22442->22499 22525 40a228 22443->22525 22447 6b99bf 22523 40a028 12 API calls 22447->22523 22449 6b9936 22521 5cbf50 106 API calls 22449->22521 22450 6b99de 22503 409ef8 22450->22503 22451 6b99c9 22451->22443 22452 6b98e2 22452->22433 22455->22433 22455->22439 22455->22452 22456 6b9964 22456->22411 22459 5b8264 22457->22459 22458 5b82a9 ShowWindow 22458->22414 22459->22458 22460 5b829c 22459->22460 22461 5b8288 22459->22461 22462 5b8278 SetWindowTextW 22459->22462 22548 40a5a8 22460->22548 22464 5b8295 SetWindowTextW 22461->22464 22462->22460 22464->22460 22466 409c64 22465->22466 22469 409bc0 22466->22469 22470 409c08 GetWindowLongW SetWindowLongW SetErrorMode 22469->22470 22471 409bd0 22469->22471 22470->22419 22471->22470 22473 5c857c FormatMessageW 22471->22473 22474 5c85a2 22473->22474 22477 40a350 22474->22477 22478 40a360 22477->22478 22481 40a1ec 22478->22481 22482 40a1f2 22481->22482 22483 40a20d 22481->22483 22482->22483 22485 406f28 12 API calls 22482->22485 22483->22471 22485->22483 22487 414054 22486->22487 22488 414048 GetProcAddress 22486->22488 22490 40a1ec 12 API calls 22487->22490 22489 4140a8 22488->22489 22491 40a1ec 12 API calls 22489->22491 22493 41406a 22490->22493 22492 4140bd 22491->22492 22492->22421 22494 414081 GetProcAddress 22493->22494 22495 40a1ec 12 API calls 22494->22495 22496 4140a0 22495->22496 22496->22421 22497->22428 22498->22432 22500 5cbfc2 22499->22500 22501 5cc007 22500->22501 22529 5cbf3c 107 API calls 22500->22529 22501->22449 22504 409f0e 22503->22504 22505 409f1f 22503->22505 22537 409e60 GetStdHandle WriteFile GetStdHandle WriteFile 22504->22537 22506 409f28 GetCurrentThreadId 22505->22506 22512 409f35 22505->22512 22506->22512 22508 409f18 22508->22505 22509 409fa4 22533 409b58 22509->22533 22512->22509 22530 406fd0 22512->22530 22513 409f8c 22513->22509 22515 406fd0 9 API calls 22513->22515 22514 409fa9 22516 409fcf FreeLibrary 22514->22516 22518 409fd5 22514->22518 22515->22513 22516->22518 22517 40a00e 22518->22517 22519 40a006 ExitProcess 22518->22519 22520->22442 22521->22456 22522->22447 22523->22451 22524->22450 22527 40a22e 22525->22527 22526 40a254 22526->22434 22527->22526 22547 406f28 12 API calls 22527->22547 22529->22501 22538 41063c 22530->22538 22532 406fd6 22532->22513 22534 409b67 22533->22534 22535 409b9c 22533->22535 22534->22535 22536 409b96 KiUserCallbackDispatcher 22534->22536 22535->22514 22536->22534 22537->22508 22539 410671 TlsGetValue 22538->22539 22540 41064b 22538->22540 22541 410656 22539->22541 22542 41067b 22539->22542 22540->22532 22546 4105f8 12 API calls 22541->22546 22542->22532 22544 41065b TlsGetValue 22545 41066a 22544->22545 22545->22532 22546->22544 22547->22527 22549 40a5ac 22548->22549 22550 40a5ec 22549->22550 22552 406f28 12 API calls 22549->22552 22550->22458 22552->22550 22553 40952e 22558 409611 22553->22558 22559 409541 22553->22559 22554 4095b4 22555 4095e4 RtlUnwind 22554->22555 22556 4095cf UnhandledExceptionFilter 22554->22556 22557 41063c 12 API calls 22555->22557 22556->22555 22556->22558 22557->22558 22559->22554 22559->22558 22560 409594 UnhandledExceptionFilter 22559->22560 22560->22558 22561 4095a9 22560->22561 22561->22555 22562 60c330 22569 60bf74 22562->22569 22564 60c346 22565 60c34a 22564->22565 22566 60c368 GetFileAttributesW GetLastError 22564->22566 22575 60bfb0 22566->22575 22570 60bf82 22569->22570 22571 60bf7e 22569->22571 22572 60bfa4 SetLastError 22570->22572 22573 60bf8b Wow64DisableWow64FsRedirection 22570->22573 22571->22564 22574 60bf9f 22572->22574 22573->22574 22574->22564 22576 60bfb5 Wow64RevertWow64FsRedirection 22575->22576 22577 60bfbf 22575->22577 22576->22577 22578 517b00 22579 517b2f 22578->22579 22584 510694 117 API calls 22579->22584 22581 517b41 22585 4f1b90 119 API calls 22581->22585 22583 517b46 22584->22581 22585->22583 22586 6ae698 22591 610424 58 API calls 22586->22591 22588 6ae6b8 22592 6ae3c8 22588->22592 22591->22588 22593 6ae3da 22592->22593 22594 6ae61d 22592->22594 22642 464cd0 22593->22642 22603 5c77c4 12 API calls 22604 6ae42c 22603->22604 22664 40bfac 22604->22664 22608 6ae454 22609 6ae489 22608->22609 22684 5c7f8c GetDC 22608->22684 22610 6ae4a8 22609->22610 22611 6ae499 22609->22611 22614 40a644 12 API calls 22610->22614 22687 40a644 22611->22687 22615 6ae4a6 22614->22615 22617 6ae4be 22615->22617 22618 6ae4cd 22615->22618 22616 6ae476 22616->22609 22621 40a5a8 12 API calls 22616->22621 22619 40a644 12 API calls 22617->22619 22620 40a644 12 API calls 22618->22620 22622 6ae4cb 22619->22622 22620->22622 22621->22609 22623 6ae4f2 22622->22623 22624 6ae4e3 22622->22624 22626 40a644 12 API calls 22623->22626 22625 40a644 12 API calls 22624->22625 22627 6ae4f0 22625->22627 22626->22627 22681 5c8fb8 22627->22681 22629 6ae527 22630 5c8fb8 12 API calls 22629->22630 22631 6ae540 22630->22631 22632 5c8fb8 12 API calls 22631->22632 22633 6ae559 22632->22633 22634 5c8fb8 12 API calls 22633->22634 22635 6ae572 22634->22635 22636 5b8250 14 API calls 22635->22636 22641 6ae58a 22636->22641 22637 6ae5fe 22637->22594 22638 6ae607 SendNotifyMessageW 22637->22638 22638->22594 22639 464cd0 105 API calls 22639->22641 22640 40a5a8 12 API calls 22640->22641 22641->22637 22641->22639 22641->22640 22643 464cec 22642->22643 22644 464cdd 22642->22644 22646 40a77c 22643->22646 22691 464c44 105 API calls 22644->22691 22647 40a730 22646->22647 22648 40a76d 22647->22648 22692 406f28 12 API calls 22647->22692 22650 5cd600 22648->22650 22652 5cd60e 22650->22652 22653 5cd627 22652->22653 22693 5cd54c 12 API calls 22652->22693 22655 5cd649 22653->22655 22694 5cd54c 12 API calls 22653->22694 22657 5cd67f 22655->22657 22695 5cd54c 12 API calls 22655->22695 22659 40a350 12 API calls 22657->22659 22660 5cd6b5 22657->22660 22696 5cd54c 12 API calls 22657->22696 22659->22657 22661 5c77c4 22660->22661 22697 5c76f8 22661->22697 22666 40bfc2 22664->22666 22668 40bfdf 22664->22668 22667 40bfe1 22666->22667 22666->22668 22714 40c024 28 API calls 22666->22714 22667->22668 22715 40fd04 26 API calls 22667->22715 22670 40c278 22668->22670 22671 40c407 22670->22671 22676 40c29d 22670->22676 22671->22608 22673 40a644 12 API calls 22673->22676 22675 40a5a8 12 API calls 22675->22676 22676->22671 22676->22673 22676->22675 22679 40c278 59 API calls 22676->22679 22716 40a1a8 SysAllocStringLen SysFreeString SysReAllocStringLen 22676->22716 22717 40c254 12 API calls 22676->22717 22718 40c654 59 API calls 22676->22718 22719 40fd30 54 API calls 22676->22719 22720 40d370 28 API calls 22676->22720 22679->22676 22721 42437c 22681->22721 22683 5c8fd0 22683->22629 22726 40b278 22684->22726 22689 40a648 22687->22689 22688 40a68a 22688->22615 22689->22688 22728 406f28 12 API calls 22689->22728 22692->22648 22693->22653 22694->22655 22695->22657 22696->22657 22698 5c77b7 22697->22698 22700 5c7718 22697->22700 22698->22603 22700->22698 22702 40b6e0 12 API calls 22700->22702 22703 40b73c 22700->22703 22702->22700 22704 40b751 22703->22704 22706 40b7a6 22704->22706 22707 40b3f0 22704->22707 22706->22700 22708 40b43b 22707->22708 22710 40b3fd 22707->22710 22709 40a1ec 12 API calls 22708->22709 22713 40b438 22709->22713 22710->22708 22711 40b415 22710->22711 22712 40a1ec 12 API calls 22711->22712 22711->22713 22712->22713 22713->22706 22714->22666 22715->22667 22716->22676 22717->22676 22718->22676 22719->22676 22720->22676 22722 424380 22721->22722 22723 42438a 22721->22723 22725 406f28 12 API calls 22722->22725 22723->22683 22725->22723 22727 40b27e EnumFontsW ReleaseDC 22726->22727 22727->22616 22728->22688 22729 6b0178 22734 464f78 22729->22734 22731 6b0199 22732 6b01e4 22731->22732 22740 6a419c 22731->22740 22735 464f92 22734->22735 22736 464f83 22734->22736 22738 464fab 22735->22738 22759 40d208 22735->22759 22758 464c44 105 API calls 22736->22758 22738->22731 22754 6a41cd 22740->22754 22755 6a4218 22740->22755 22741 6a4265 22799 5cd324 22741->22799 22744 40a1ec 12 API calls 22747 6a4292 22744->22747 22746 40b3f0 12 API calls 22746->22754 22807 40a1c8 22747->22807 22749 40a5a8 12 API calls 22749->22754 22751 40a77c 12 API calls 22751->22755 22753 40a644 12 API calls 22753->22755 22754->22746 22754->22749 22754->22755 22757 5cd324 106 API calls 22754->22757 22794 40a774 22754->22794 22755->22741 22755->22751 22755->22753 22756 5cd324 106 API calls 22755->22756 22798 40ada0 12 API calls 22755->22798 22756->22755 22757->22754 22762 40cf60 22759->22762 22763 40cf83 22762->22763 22767 40cf9e 22762->22767 22764 40cf8e 22763->22764 22785 407068 12 API calls 22763->22785 22786 40d32c 28 API calls 22764->22786 22768 40cfec 22767->22768 22787 407068 12 API calls 22767->22787 22769 40cffa 22768->22769 22788 407068 12 API calls 22768->22788 22772 40d00c 22769->22772 22773 40d0d9 22769->22773 22774 40d09a 22772->22774 22789 40cf1c 12 API calls 22772->22789 22780 40d121 22773->22780 22792 40c894 59 API calls 22773->22792 22776 40cf99 22774->22776 22777 40cf60 59 API calls 22774->22777 22776->22738 22777->22774 22793 40d32c 28 API calls 22780->22793 22781 40d024 22781->22774 22790 40c76c 59 API calls 22781->22790 22783 40d073 22791 406f28 12 API calls 22783->22791 22785->22764 22786->22776 22787->22768 22788->22769 22789->22781 22790->22783 22791->22774 22792->22780 22793->22774 22796 40a6ec 22794->22796 22795 40a727 22795->22754 22796->22795 22811 406f28 12 API calls 22796->22811 22798->22755 22800 5cd33f 22799->22800 22801 5cd334 22799->22801 22812 5cd2c8 106 API calls 22800->22812 22801->22744 22803 5cd34a 22803->22801 22813 429008 22803->22813 22805 5cd35f 22817 4098c4 22805->22817 22808 40a1e9 22807->22808 22809 40a1ce 22807->22809 22808->22731 22809->22808 22825 406f28 12 API calls 22809->22825 22811->22795 22812->22803 22814 42900f 22813->22814 22815 40a5a8 12 API calls 22814->22815 22816 429027 22815->22816 22816->22805 22818 4098c8 22817->22818 22820 4098d2 22817->22820 22823 40a034 12 API calls 22818->22823 22822 409910 22820->22822 22824 407004 12 API calls 22820->22824 22823->22820 22824->22822 22825->22808 22826 410bf4 22827 410c1f 22826->22827 22828 410c90 RaiseException 22827->22828 22829 410cb8 22827->22829 22837 410d25 22828->22837 22830 410dee 22829->22830 22831 410d58 22829->22831 22832 410d4d LoadLibraryA 22829->22832 22829->22837 22833 410e57 22830->22833 22836 410e4b GetProcAddress 22830->22836 22830->22837 22835 410d5c GetLastError 22831->22835 22840 410da7 22831->22840 22832->22831 22834 410e5b GetLastError 22833->22834 22833->22837 22838 410e6c 22834->22838 22839 410d6d 22835->22839 22836->22833 22838->22837 22841 410e7e RaiseException 22838->22841 22839->22840 22842 410d7f RaiseException 22839->22842 22843 410db5 22840->22843 22844 410de8 FreeLibrary 22840->22844 22841->22837 22842->22837 22843->22830 22845 410dbb LocalAlloc 22843->22845 22844->22830 22845->22830 22846 410dcb 22845->22846 22846->22830 22847 6acabc 22848 6acac7 22847->22848 22850 6acadc GetLastError 22848->22850 22851 6acb07 22848->22851 22855 60c158 22848->22855 22850->22851 22852 6acae6 GetLastError 22850->22852 22852->22851 22853 6acaf0 GetTickCount 22852->22853 22853->22851 22854 6acafe Sleep 22853->22854 22854->22848 22856 60bf74 2 API calls 22855->22856 22857 60c16e 22856->22857 22858 60c172 22857->22858 22859 60c18e DeleteFileW GetLastError 22857->22859 22858->22848 22860 60bfb0 Wow64RevertWow64FsRedirection 22859->22860 22861 60c1b4 22860->22861 22861->22848 22862 6acffc 22863 6ad036 22862->22863 22871 6ad061 22862->22871 22872 6ace44 22863->22872 22864 40a5a8 12 API calls 22866 6ad09d 22864->22866 22868 40a1c8 12 API calls 22866->22868 22870 6ad0b2 22868->22870 22869 40a5a8 12 API calls 22869->22871 22871->22864 22873 6ace74 22872->22873 22874 6acf09 22873->22874 22875 6aced3 22873->22875 22876 40a1c8 12 API calls 22874->22876 22885 5c52c8 22875->22885 22877 6acf10 22876->22877 22901 6163b4 112 API calls 22877->22901 22880 6acf07 22882 40a228 12 API calls 22880->22882 22884 6acf5c 22882->22884 22884->22869 22886 5c52d1 22885->22886 22886->22886 22887 5c52f8 GetFullPathNameW 22886->22887 22888 5c531b 22887->22888 22889 5c5304 22887->22889 22890 40a5a8 12 API calls 22888->22890 22889->22888 22891 5c530c 22889->22891 22893 5c5319 22890->22893 22892 40a350 12 API calls 22891->22892 22892->22893 22894 5c567c 22893->22894 22895 5c568d 22894->22895 22896 5c56c8 22895->22896 22897 5c56d3 22895->22897 22898 40a5a8 12 API calls 22896->22898 22902 40b698 22897->22902 22900 5c56d1 22898->22900 22900->22880 22901->22880 22903 40b6a3 22902->22903 22904 40a350 12 API calls 22903->22904 22905 40b6d9 22904->22905 22905->22900 22906 5c7f24 22909 5c7ce0 22906->22909 22908 5c7f2e 22934 429d18 22909->22934 22912 5c7cfd AllocateAndInitializeSid 22913 5c7d2f GetVersion 22912->22913 22927 5c7cf4 22912->22927 22914 5c7d4f GetModuleHandleW 22913->22914 22915 5c7d66 22913->22915 22916 414020 14 API calls 22914->22916 22917 5c7d8d GetCurrentThread OpenThreadToken 22915->22917 22918 5c7d6a CheckTokenMembership 22915->22918 22919 5c7d64 22916->22919 22922 5c7dde GetTokenInformation 22917->22922 22923 5c7da9 GetLastError 22917->22923 22920 5c7d7e 22918->22920 22921 5c7eb4 FreeSid 22918->22921 22919->22915 22920->22921 22921->22908 22925 5c7e08 GetLastError 22922->22925 22926 5c7e21 22922->22926 22924 5c7dbf GetCurrentProcess OpenProcessToken 22923->22924 22923->22927 22924->22922 22924->22927 22925->22926 22925->22927 22928 5c7e29 GetTokenInformation 22926->22928 22927->22908 22928->22927 22929 5c7e53 22928->22929 22930 5c7e84 22929->22930 22931 5c7e60 EqualSid 22929->22931 22938 406f28 12 API calls 22930->22938 22931->22929 22933 5c7ea3 CloseHandle 22933->22908 22935 429d21 22934->22935 22936 429d26 22934->22936 22939 429cc8 48 API calls 22935->22939 22936->22912 22936->22927 22938->22933 22939->22936 22940 624e78 22941 624e8b 22940->22941 22942 624e9f 22940->22942 22941->22942 22965 60cd28 22941->22965 22948 5c92c8 22942->22948 22947 624ec9 22949 5c92d4 22948->22949 22950 5c92f7 GetActiveWindow GetFocus 22949->22950 22975 5abb4c GetCurrentThreadId EnumThreadWindows 22950->22975 22953 5c932b 22955 5c93bd SetFocus 22953->22955 22977 414da0 22953->22977 22954 5c931b RegisterClassW 22954->22953 22956 40a1c8 12 API calls 22955->22956 22958 5c93d9 22956->22958 22974 624ba8 180 API calls 22958->22974 22959 5c9363 22959->22955 22981 5b8044 22959->22981 22961 5c9396 22962 414da0 CreateWindowExW 22961->22962 22963 5c93ac 22962->22963 22963->22955 22964 5c93b5 ShowWindow 22963->22964 22964->22955 22991 5cd508 22965->22991 22968 429008 12 API calls 22969 60cd5b 22968->22969 22970 4098c4 12 API calls 22969->22970 22971 60cd60 22970->22971 22972 40a1c8 12 API calls 22971->22972 22973 60cd75 22972->22973 22973->22942 22974->22947 22976 5abbd4 22975->22976 22976->22953 22976->22954 22990 407404 22977->22990 22979 414db3 CreateWindowExW 22980 414ded 22979->22980 22980->22959 22982 5b8059 22981->22982 22983 5b80a1 22981->22983 22982->22983 22984 5b8062 GetWindowTextW 22982->22984 22985 40a5a8 12 API calls 22983->22985 22986 40a350 12 API calls 22984->22986 22987 5b809f 22985->22987 22988 5b8083 22986->22988 22987->22961 22988->22987 22989 40a5a8 12 API calls 22988->22989 22989->22987 22990->22979 22994 5cd4d8 22991->22994 22995 5cd4f7 22994->22995 22998 5cd3b0 22995->22998 22999 40a1c8 12 API calls 22998->22999 23002 5cd3e1 22999->23002 23000 40a1c8 12 API calls 23001 5cd4ae 23000->23001 23003 40a1c8 12 API calls 23001->23003 23005 5cd3fa 23002->23005 23006 40a350 12 API calls 23002->23006 23007 40b470 12 API calls 23002->23007 23009 5cd40e 23002->23009 23004 5cd4b6 23003->23004 23004->22968 23010 40b470 23005->23010 23006->23002 23007->23002 23009->23000 23011 40b474 23010->23011 23013 40b4bf 23010->23013 23012 40b47e 23011->23012 23016 40a5a8 23011->23016 23012->23013 23014 40b4b4 23012->23014 23015 40b499 23012->23015 23013->23009 23019 40b3f0 12 API calls 23014->23019 23018 40b3f0 12 API calls 23015->23018 23017 40a5ec 23016->23017 23022 406f28 12 API calls 23016->23022 23017->23009 23021 40b49e 23018->23021 23019->23021 23021->23009 23022->23017 23023 6acb10 23038 6255b8 23023->23038 23028 6acb8c 23030 40a1c8 12 API calls 23028->23030 23029 6acb4b GetTickCount 23044 60dcc8 23029->23044 23033 6acba1 23030->23033 23034 6acb6d 23034->23028 23074 40b4c8 23034->23074 23036 6acb84 23085 616130 23036->23085 23108 625d14 23038->23108 23041 6255a4 23042 40a5a8 12 API calls 23041->23042 23043 6255b3 23042->23043 23043->23028 23043->23029 23073 61583c 50 API calls 23043->23073 23045 60dd1a 23044->23045 23055 60def9 23044->23055 23046 60dd2c 23045->23046 23130 60c474 23045->23130 23049 60dd57 23046->23049 23050 60dd3a 23046->23050 23046->23055 23047 60df10 23051 40a228 12 API calls 23047->23051 23167 5c5428 12 API calls 23049->23167 23159 5c4ea4 23050->23159 23053 60df58 23051->23053 23058 40a228 12 API calls 23053->23058 23055->23047 23152 60c664 23055->23152 23057 60dd45 23060 40b4c8 12 API calls 23057->23060 23061 60df65 23058->23061 23059 60dd62 23168 40a5f0 23059->23168 23063 60dd55 23060->23063 23061->23034 23138 60c2b0 23063->23138 23065 60dd7f 23065->23055 23070 60dd8c 23065->23070 23066 60dec3 FindNextFileW 23067 60dedb FindClose 23066->23067 23066->23070 23067->23034 23068 40b4c8 12 API calls 23068->23070 23070->23066 23070->23067 23070->23068 23071 60dcc8 24 API calls 23070->23071 23072 60c158 5 API calls 23070->23072 23145 60c6dc 23070->23145 23071->23070 23072->23070 23073->23029 23075 40b53a 23074->23075 23076 40b4cc 23074->23076 23077 40b4d4 23076->23077 23080 40a5a8 23076->23080 23077->23075 23079 40a5a8 12 API calls 23077->23079 23082 40b4e3 23077->23082 23078 40a5ec 23078->23036 23079->23082 23080->23078 23177 406f28 12 API calls 23080->23177 23082->23075 23083 40a5a8 12 API calls 23082->23083 23084 40b536 23083->23084 23084->23036 23086 616278 23085->23086 23087 616162 23085->23087 23089 6162d2 23086->23089 23183 6158ac 50 API calls 23086->23183 23178 615dc8 GetSystemTimeAsFileTime FileTimeToSystemTime 23087->23178 23091 40a228 12 API calls 23089->23091 23090 61616a 23179 4244f8 105 API calls 23090->23179 23094 6162ec 23091->23094 23096 40a1c8 12 API calls 23094->23096 23095 6161db 23180 616120 107 API calls 23095->23180 23098 6162f4 23096->23098 23098->23028 23099 61626e 23182 616120 107 API calls 23099->23182 23100 616236 23100->23099 23103 40b698 12 API calls 23100->23103 23102 40b698 12 API calls 23104 6161e3 23102->23104 23105 616266 23103->23105 23104->23100 23104->23102 23106 616120 107 API calls 23104->23106 23181 616120 107 API calls 23105->23181 23106->23104 23109 625d27 23108->23109 23110 6255c4 23108->23110 23128 6163b4 112 API calls 23109->23128 23110->23041 23112 625d47 CloseHandle 23113 625d6c WaitForSingleObject 23112->23113 23114 625d81 GetExitCodeProcess 23113->23114 23115 625d57 23113->23115 23117 625dbf 23114->23117 23118 625d8f 23114->23118 23116 616130 112 API calls 23115->23116 23120 625d61 TerminateProcess 23116->23120 23119 616130 112 API calls 23117->23119 23121 625da1 23118->23121 23122 625d95 23118->23122 23123 625dc9 CloseHandle 23119->23123 23120->23113 23129 6163b4 112 API calls 23121->23129 23124 616130 112 API calls 23122->23124 23123->23110 23127 625de4 Sleep 23123->23127 23126 625d9f 23124->23126 23126->23123 23127->23110 23128->23112 23129->23126 23131 60bf74 2 API calls 23130->23131 23132 60c48a 23131->23132 23133 60c48e 23132->23133 23172 5c68a4 23132->23172 23133->23046 23136 60bfb0 Wow64RevertWow64FsRedirection 23137 60c4c1 23136->23137 23137->23046 23139 60bf74 2 API calls 23138->23139 23140 60c2c9 23139->23140 23141 60c2cd 23140->23141 23142 60c2ec FindFirstFileW GetLastError 23140->23142 23141->23065 23143 60bfb0 Wow64RevertWow64FsRedirection 23142->23143 23144 60c312 23143->23144 23144->23065 23146 60bf74 2 API calls 23145->23146 23147 60c6f5 23146->23147 23148 60c6f9 23147->23148 23149 60c716 SetFileAttributesW GetLastError 23147->23149 23148->23070 23150 60bfb0 Wow64RevertWow64FsRedirection 23149->23150 23151 60c73c 23150->23151 23151->23070 23153 60bf74 2 API calls 23152->23153 23154 60c67a 23153->23154 23155 60c67e 23154->23155 23156 60c69a RemoveDirectoryW GetLastError 23154->23156 23155->23047 23157 60bfb0 Wow64RevertWow64FsRedirection 23156->23157 23158 60c6c0 23157->23158 23158->23047 23160 5c4ed2 23159->23160 23163 5c4eae 23159->23163 23161 40a5a8 12 API calls 23160->23161 23162 5c4edb 23161->23162 23162->23057 23163->23160 23164 5c4ec1 23163->23164 23165 40b4c8 12 API calls 23164->23165 23166 5c4ecf 23165->23166 23166->23057 23167->23059 23170 40a5f4 23168->23170 23169 40a618 23169->23063 23170->23169 23176 406f28 12 API calls 23170->23176 23173 40b278 23172->23173 23174 5c68ae GetFileAttributesW 23173->23174 23175 5c68b9 23174->23175 23175->23136 23176->23169 23177->23078 23178->23090 23179->23095 23180->23104 23181->23099 23182->23086 23183->23089 23184 6b8af7 23185 6b8b12 23184->23185 23186 5c8fb8 12 API calls 23185->23186 23187 6b8b56 23186->23187 23188 5c8fb8 12 API calls 23187->23188 23189 6b8b6f 23188->23189 23190 5c8fb8 12 API calls 23189->23190 23191 6b8b88 23190->23191 23192 5c8fb8 12 API calls 23191->23192 23193 6b8ba1 23192->23193 23194 5b8250 14 API calls 23193->23194 23195 6b8bb9 23194->23195 23217 5c685c 23195->23217 23198 6b8bed 23200 6b8c06 23198->23200 23201 6b8bf6 23198->23201 23221 6b786c 23200->23221 23378 6b724c 107 API calls 23201->23378 23203 6b8be8 23377 428fdc 76 API calls 23203->23377 23205 6b8bfb 23206 6b8c0b 23205->23206 23208 6b8bff 23205->23208 23371 615560 23206->23371 23379 6b740c 147 API calls 23208->23379 23211 6b8c04 23211->23206 23214 6b8c33 23215 40a228 12 API calls 23214->23215 23216 6b8c4d 23215->23216 23218 40b278 23217->23218 23219 5c6866 GetFileAttributesW 23218->23219 23220 5c6871 23219->23220 23220->23198 23376 6b6874 132 API calls 23220->23376 23222 6b789f 23221->23222 23223 6b78bd 23222->23223 23224 6b78b6 23222->23224 23226 6b78fb 23223->23226 23381 6153ac SendMessageW 23223->23381 23631 6ae6f8 6 API calls 23224->23631 23228 6b7925 23226->23228 23229 6b791b 23226->23229 23230 6b7927 23226->23230 23231 616130 112 API calls 23228->23231 23632 615ef0 117 API calls 23229->23632 23633 6160d4 113 API calls 23230->23633 23234 6b7972 23231->23234 23235 40b4c8 12 API calls 23234->23235 23236 6b7985 23235->23236 23237 616130 112 API calls 23236->23237 23238 6b798d 23237->23238 23239 40b4c8 12 API calls 23238->23239 23240 6b79a0 23239->23240 23241 616130 112 API calls 23240->23241 23242 6b79a8 23241->23242 23394 5c6e90 13 API calls 23242->23394 23244 6b79b0 23245 40b4c8 12 API calls 23244->23245 23246 6b79c0 23245->23246 23247 616130 112 API calls 23246->23247 23248 6b79c8 23247->23248 23395 6ae8a8 112 API calls 23248->23395 23250 6b79cd 23396 6b7198 107 API calls 23250->23396 23252 6b79d4 23397 6292dc 12 API calls 23252->23397 23254 6b79e5 23398 62c5d0 13 API calls 23254->23398 23256 6b7a00 23257 5cd508 12 API calls 23256->23257 23258 6b7a14 23257->23258 23259 40a5a8 12 API calls 23258->23259 23263 6b7a21 23259->23263 23260 6b7aa9 23399 6b7198 107 API calls 23260->23399 23262 6b7ac2 23400 629794 13 API calls 23262->23400 23265 6b7a65 23263->23265 23634 6af190 132 API calls 23263->23634 23265->23260 23636 6af190 132 API calls 23265->23636 23267 6b7a60 23635 428fdc 76 API calls 23267->23635 23268 6b7ae0 23271 6b7aee 23268->23271 23273 60cd28 12 API calls 23268->23273 23274 6b7b09 23271->23274 23275 6b7af7 23271->23275 23272 6b7aa4 23637 428fdc 76 API calls 23272->23637 23273->23271 23639 6b780c 12 API calls 23274->23639 23638 40a68c 12 API calls 23275->23638 23279 6b7b07 23401 6af854 112 API calls 23279->23401 23281 6b7b25 23282 60cd28 12 API calls 23281->23282 23283 6b7b44 23281->23283 23282->23283 23402 6ac8cc 23283->23402 23286 6b7c8e 23287 6b7d1f 23286->23287 23643 6a3828 105 API calls 23286->23643 23291 6b7d5b 23287->23291 23645 6b6874 132 API calls 23287->23645 23290 6b7b68 23526 6acc08 23290->23526 23553 6b700c 105 API calls 23291->23553 23293 6b7ce7 23293->23287 23299 616130 112 API calls 23293->23299 23297 6b7d51 23297->23291 23646 428fdc 76 API calls 23297->23646 23298 40a5a8 12 API calls 23301 6b7b7d 23298->23301 23304 6b7d1a 23299->23304 23302 40a5a8 12 API calls 23301->23302 23305 6b7b90 23302->23305 23644 428fdc 76 API calls 23304->23644 23308 40a5a8 12 API calls 23305->23308 23307 6b7d99 23310 6b7d9b Sleep 23307->23310 23311 6b7db8 23307->23311 23312 6b7bb2 23308->23312 23649 5b8704 163 API calls 23310->23649 23314 5cd508 12 API calls 23311->23314 23315 40a5a8 12 API calls 23312->23315 23317 6b7dd4 23314->23317 23318 6b7bbf 23315->23318 23316 6b7d64 23316->23307 23554 6297dc 23316->23554 23647 6b6874 132 API calls 23316->23647 23648 428fdc 76 API calls 23316->23648 23650 5c8790 16 API calls 23317->23650 23321 40a5a8 12 API calls 23318->23321 23323 6b7bcc 23321->23323 23322 6b7de9 23561 6b66a8 23322->23561 23325 40a5a8 12 API calls 23323->23325 23327 6b7bd9 23325->23327 23640 6b7754 105 API calls 23327->23640 23329 6b7df7 GetTickCount 23571 62a5f4 23329->23571 23332 6b7bef 23641 6a30c8 16 API calls 23332->23641 23333 6b7e1b 23651 6163b4 112 API calls 23333->23651 23336 6b7bfb 23337 40a5a8 12 API calls 23336->23337 23338 6b7c17 23337->23338 23642 6a31c0 105 API calls 23338->23642 23340 6b7ed0 23654 6163b4 112 API calls 23340->23654 23341 6b7e41 23341->23340 23652 6a341c 12 API calls 23341->23652 23344 6b7f22 23346 6b7f5a 23344->23346 23655 5b8704 163 API calls 23344->23655 23345 6b7e81 23345->23340 23348 6b7e8b 23345->23348 23349 6b7ef5 23345->23349 23656 6b700c 105 API calls 23346->23656 23653 6a3828 105 API calls 23348->23653 23352 616130 112 API calls 23349->23352 23350 6b7f37 GetTickCount 23350->23346 23353 6b7f46 MsgWaitForMultipleObjects 23350->23353 23352->23340 23353->23344 23355 6b7ebe 23355->23340 23359 616130 112 API calls 23355->23359 23356 6b7f79 23357 6b7fbb 23356->23357 23358 6b7f7f 23356->23358 23364 6b7fed 23357->23364 23658 6b6874 132 API calls 23357->23658 23365 6b7fb9 23358->23365 23657 6b6874 132 API calls 23358->23657 23359->23340 23362 616130 112 API calls 23362->23365 23364->23362 23364->23365 23659 6b700c 105 API calls 23365->23659 23366 6b800f 23367 6b80b0 23366->23367 23660 6a35c0 23366->23660 23663 5c8820 15 API calls 23367->23663 23370 6b80e5 23370->23206 23372 615570 SendMessageW 23371->23372 23373 61558b 23371->23373 23372->23373 23374 61559e 23373->23374 24482 4786ac GetWindowLongW DestroyWindow 23373->24482 23380 40a028 12 API calls 23374->23380 23376->23203 23378->23205 23379->23211 23380->23214 23382 6153d5 23381->23382 23383 615408 23381->23383 23674 429044 105 API calls 23382->23674 23664 4785f8 GetClassInfoW 23383->23664 23386 615403 23388 4098c4 12 API calls 23386->23388 23388->23383 23389 615436 23393 615450 SendMessageW 23389->23393 23675 5c86e0 17 API calls 23389->23675 23390 61542c 23391 60cd28 12 API calls 23390->23391 23391->23389 23393->23226 23394->23244 23395->23250 23396->23252 23397->23254 23398->23256 23399->23262 23400->23268 23401->23281 23403 6ac8d4 23402->23403 23403->23403 23679 60d530 23403->23679 23406 40a5a8 12 API calls 23407 6ac900 23406->23407 23408 40b4c8 12 API calls 23407->23408 23409 6ac913 23408->23409 23410 616130 112 API calls 23409->23410 23411 6ac91b 23410->23411 23412 6ac92f 23411->23412 23710 61583c 50 API calls 23411->23710 23414 5c4ea4 12 API calls 23412->23414 23415 6ac93c 23414->23415 23416 40b4c8 12 API calls 23415->23416 23417 6ac94c 23416->23417 23418 6ac956 CreateDirectoryW 23417->23418 23419 6ac9c9 23418->23419 23420 6ac960 GetLastError 23418->23420 23698 62554c 23419->23698 23422 5cd508 12 API calls 23420->23422 23423 6ac97a 23422->23423 23711 42302c 12 API calls 23423->23711 23424 6ac9d1 23426 6ac9fa 23424->23426 23429 40b4c8 12 API calls 23424->23429 23428 40a228 12 API calls 23426->23428 23427 6ac98e 23430 5c857c 13 API calls 23427->23430 23431 6aca14 23428->23431 23432 6ac9e7 23429->23432 23434 6ac99e 23430->23434 23435 40a228 12 API calls 23431->23435 23705 6ac874 23432->23705 23437 5cd4d8 12 API calls 23434->23437 23438 6aca21 23435->23438 23436 6ac9f2 23439 6255a4 12 API calls 23436->23439 23440 6ac9b5 23437->23440 23438->23286 23444 6ac23c 23438->23444 23439->23426 23441 429008 12 API calls 23440->23441 23442 6ac9c4 23441->23442 23443 4098c4 12 API calls 23442->23443 23443->23419 23445 6ac244 23444->23445 23445->23445 23446 5c7430 GetWindowsDirectoryW 23445->23446 23447 6ac261 23446->23447 23448 40a5a8 12 API calls 23447->23448 23449 6ac26e 23448->23449 23877 5c745c GetSystemDirectoryW 23449->23877 23451 6ac276 23452 40a5a8 12 API calls 23451->23452 23453 6ac283 23452->23453 23879 5c7488 23453->23879 23455 6ac28b 23456 40a5a8 12 API calls 23455->23456 23457 6ac298 23456->23457 23884 5c7530 23457->23884 23460 40a5a8 12 API calls 23461 6ac2b4 23460->23461 23462 429d18 48 API calls 23461->23462 23463 6ac2b9 23462->23463 23464 6ac2da 23463->23464 23465 6ac2be 23463->23465 23466 40a1c8 12 API calls 23464->23466 23467 5c6d5c 13 API calls 23465->23467 23469 6ac2d8 23466->23469 23468 6ac2cb 23467->23468 23470 40a5a8 12 API calls 23468->23470 23471 6ac31f 23469->23471 23920 5c53a0 12 API calls 23469->23920 23470->23469 23900 6ac0d0 23471->23900 23474 6ac2fa 23477 40a5a8 12 API calls 23474->23477 23476 40a5a8 12 API calls 23478 6ac33b 23476->23478 23479 6ac307 23477->23479 23480 6ac359 23478->23480 23481 40b4c8 12 API calls 23478->23481 23479->23471 23483 40a5a8 12 API calls 23479->23483 23482 6ac0d0 16 API calls 23480->23482 23481->23480 23484 6ac368 23482->23484 23483->23471 23485 40a5a8 12 API calls 23484->23485 23486 6ac375 23485->23486 23487 6ac39d 23486->23487 23488 5c4ea4 12 API calls 23486->23488 23489 6ac404 23487->23489 23492 6ac0d0 16 API calls 23487->23492 23490 6ac38b 23488->23490 23491 6ac51d 23489->23491 23497 6ac424 SHGetKnownFolderPath 23489->23497 23496 40b4c8 12 API calls 23490->23496 23494 6ac526 23491->23494 23495 6ac547 23491->23495 23493 6ac3b5 23492->23493 23498 40a5a8 12 API calls 23493->23498 23500 5c4ea4 12 API calls 23494->23500 23499 5c4ea4 12 API calls 23495->23499 23496->23487 23501 6ac43e 23497->23501 23502 6ac477 SHGetKnownFolderPath 23497->23502 23503 6ac3c2 23498->23503 23504 6ac554 23499->23504 23507 6ac533 23500->23507 23508 6ac459 CoTaskMemFree 23501->23508 23505 6ac4ca SHGetKnownFolderPath 23502->23505 23506 6ac491 23502->23506 23509 6ac3d5 23503->23509 23513 60cd28 12 API calls 23503->23513 23510 40b4c8 12 API calls 23504->23510 23505->23491 23511 6ac4e4 23505->23511 23515 6ac4ac CoTaskMemFree 23506->23515 23512 40b4c8 12 API calls 23507->23512 23508->23290 23516 6ac0d0 16 API calls 23509->23516 23514 6ac545 23510->23514 23519 6ac4ff CoTaskMemFree 23511->23519 23512->23514 23513->23509 23911 6ac180 23514->23911 23515->23290 23518 6ac3e4 23516->23518 23521 40a5a8 12 API calls 23518->23521 23519->23290 23523 6ac3f1 23521->23523 23522 40a228 12 API calls 23524 6ac585 23522->23524 23523->23489 23525 60cd28 12 API calls 23523->23525 23524->23290 23525->23489 23527 5c745c GetSystemDirectoryW 23526->23527 23528 6acc2c 23527->23528 23529 5c4ea4 12 API calls 23528->23529 23530 6acc37 23529->23530 23531 40b4c8 12 API calls 23530->23531 23532 6acc47 23531->23532 23533 5c745c GetSystemDirectoryW 23532->23533 23534 6acc4f 23533->23534 23535 5c4ea4 12 API calls 23534->23535 23536 6acc5a 23535->23536 23537 40b470 12 API calls 23536->23537 23538 6acc67 23537->23538 23946 42b848 SetErrorMode 23538->23946 23540 6acc74 23541 42b848 2 API calls 23540->23541 23542 6acc81 23541->23542 23543 6accb4 23542->23543 23949 4244f8 105 API calls 23542->23949 23545 414020 14 API calls 23543->23545 23547 6accc4 23545->23547 23546 6accac 23548 60cd28 12 API calls 23546->23548 23549 6accda 23547->23549 23550 60cd28 12 API calls 23547->23550 23548->23543 23551 40a228 12 API calls 23549->23551 23550->23549 23552 6accf4 23551->23552 23552->23298 23553->23316 23558 6297fd 23554->23558 23560 62981f 23554->23560 23555 40a1c8 12 API calls 23557 62983e 23555->23557 23557->23316 23558->23560 23950 629700 13 API calls 23558->23950 23951 60f588 23558->23951 23560->23555 23975 68de40 23561->23975 23565 6b66ee 23566 6a35c0 105 API calls 23565->23566 23568 6b6727 23565->23568 23566->23568 23567 6b675f 23570 6b700c 105 API calls 23567->23570 23568->23567 23998 5b3a80 111 API calls 23568->23998 23570->23329 23572 62a5fd 23571->23572 23573 616130 112 API calls 23572->23573 23574 62a63f 23573->23574 23575 5c745c GetSystemDirectoryW 23574->23575 23576 62a64a 23575->23576 24310 424020 23576->24310 23578 62a655 23587 62aaeb 23578->23587 23597 40b4c8 12 API calls 23578->23597 23618 5c6894 13 API calls 23578->23618 23624 616130 112 API calls 23578->23624 23626 6163b4 112 API calls 23578->23626 24313 62a5a0 13 API calls 23578->24313 24314 60f06c 23578->24314 24358 60f338 23578->24358 24371 60c5f4 GetFileAttributesW Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection GetLastError 23578->24371 24372 6105ec 12 API calls 23578->24372 24373 629554 12 API calls 23578->24373 23579 62b5c1 23583 62b5da 23579->23583 23584 62b5ca SHChangeNotify 23579->23584 23590 62b5e8 23583->23590 24392 610320 SendMessageTimeoutW 23583->24392 23584->23583 23600 62ac55 23587->23600 23625 62ad30 23587->23625 24374 62a5a0 13 API calls 23587->24374 24375 629db4 122 API calls 23587->24375 24376 60c5f4 GetFileAttributesW Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection GetLastError 23587->24376 24377 629ebc 189 API calls 23587->24377 24378 62a14c 143 API calls 23587->24378 24381 62a360 128 API calls 23587->24381 24382 629554 12 API calls 23587->24382 23589 40a5f0 12 API calls 23589->23625 23627 62b5f7 23590->23627 24393 62a4c8 136 API calls 23590->24393 23592 40b4c8 12 API calls 23592->23625 23594 60dcc8 26 API calls 23594->23625 23595 429008 12 API calls 23595->23625 23597->23578 23598 5cd508 12 API calls 23598->23625 24379 6163b4 112 API calls 23600->24379 24380 610040 53 API calls 23600->24380 23605 6106c4 12 API calls 23605->23627 23606 62aecd SHChangeNotify 24384 5c5378 12 API calls 23606->24384 23611 629850 142 API calls 23611->23625 23612 4098c4 12 API calls 23612->23625 23613 5c6880 13 API calls 23613->23627 23617 62a55c 12 API calls 23617->23625 23618->23578 23621 62b67b 23621->23333 23623 6163b4 112 API calls 23623->23625 23624->23578 23625->23579 23625->23589 23625->23592 23625->23594 23625->23595 23625->23598 23625->23606 23625->23611 23625->23612 23625->23617 23625->23623 24383 62a5a0 13 API calls 23625->24383 24385 610640 12 API calls 23625->24385 24386 629db4 122 API calls 23625->24386 24387 5c6cd4 WritePrivateProfileStringW WriteProfileStringW 23625->24387 24388 5c6b78 GetPrivateProfileStringW GetProfileStringW 23625->24388 24389 5c6d20 WritePrivateProfileStringW WriteProfileStringW 23625->24389 24390 4244f8 105 API calls 23625->24390 24391 629554 12 API calls 23625->24391 23626->23578 23627->23605 23627->23613 23627->23621 23630 62b667 SHChangeNotify 23627->23630 23630->23627 23631->23223 23632->23228 23633->23228 23634->23267 23636->23272 23638->23279 23639->23279 23640->23332 23641->23336 23642->23286 23643->23293 23645->23297 23647->23316 23649->23307 23650->23322 23651->23341 23652->23345 23653->23355 23654->23344 23655->23350 23656->23356 23657->23365 23658->23364 23659->23366 24415 6a347c 23660->24415 23662 6a35d4 23662->23367 23663->23370 23665 478628 23664->23665 23666 478647 RegisterClassW 23665->23666 23667 478636 UnregisterClassW 23665->23667 23668 478651 23665->23668 23666->23668 23667->23666 23669 414da0 CreateWindowExW 23668->23669 23670 47867f 23669->23670 23671 47869c 23670->23671 23676 47845c 23670->23676 23671->23389 23671->23390 23673 478693 SetWindowLongW 23673->23671 23674->23386 23675->23389 23677 47846c VirtualAlloc 23676->23677 23678 47849a 23676->23678 23677->23678 23678->23673 23682 60d538 23679->23682 23683 60d577 CreateDirectoryW 23682->23683 23688 5cd508 12 API calls 23682->23688 23694 5c857c 13 API calls 23682->23694 23695 5cd4d8 12 API calls 23682->23695 23696 429008 12 API calls 23682->23696 23697 4098c4 12 API calls 23682->23697 23712 5c75e4 23682->23712 23737 60d294 23682->23737 23757 42302c 12 API calls 23682->23757 23684 60d581 GetLastError 23683->23684 23685 60d5f7 23683->23685 23684->23682 23686 40a5a8 12 API calls 23685->23686 23687 60d601 23686->23687 23689 40a228 12 API calls 23687->23689 23688->23682 23690 60d61b 23689->23690 23692 40a228 12 API calls 23690->23692 23693 60d628 23692->23693 23693->23406 23694->23682 23695->23682 23696->23682 23697->23682 23699 62555b 23698->23699 23700 625569 23698->23700 23702 40a5a8 12 API calls 23699->23702 23701 40a1c8 12 API calls 23700->23701 23704 625570 23701->23704 23703 625567 23702->23703 23703->23424 23704->23424 23806 46a120 23705->23806 23707 6ac890 23810 6ac78c 23707->23810 23709 6ac8ab 23709->23436 23710->23412 23711->23427 23758 5c6d5c 23712->23758 23715 5c7614 23717 5c6d5c 13 API calls 23715->23717 23719 5c7661 23715->23719 23718 5c7624 23717->23718 23722 5c6880 13 API calls 23718->23722 23725 5c7630 23718->23725 23721 5c52c8 13 API calls 23719->23721 23720 429d18 48 API calls 23723 5c7639 23720->23723 23724 5c766b 23721->23724 23722->23725 23726 5c7656 23723->23726 23728 5c6d5c 13 API calls 23723->23728 23727 5c4ea4 12 API calls 23724->23727 23725->23719 23725->23720 23726->23719 23769 5c7430 GetWindowsDirectoryW 23726->23769 23730 5c7676 23727->23730 23732 5c764a 23728->23732 23731 40a5a8 12 API calls 23730->23731 23733 5c7680 23731->23733 23732->23726 23735 5c6880 13 API calls 23732->23735 23734 40a228 12 API calls 23733->23734 23736 5c769a 23734->23736 23735->23726 23736->23682 23738 60d2b8 23737->23738 23739 5c4ea4 12 API calls 23738->23739 23740 60d2d1 23739->23740 23741 40a5f0 12 API calls 23740->23741 23742 60d2dc 23741->23742 23744 5c567c 12 API calls 23742->23744 23746 5cd508 12 API calls 23742->23746 23748 429008 12 API calls 23742->23748 23749 4098c4 12 API calls 23742->23749 23750 60d35a 23742->23750 23778 60d21c 23742->23778 23786 40b550 23742->23786 23792 60c240 23742->23792 23744->23742 23746->23742 23748->23742 23749->23742 23751 40a5a8 12 API calls 23750->23751 23752 60d365 23751->23752 23753 40a228 12 API calls 23752->23753 23754 60d37f 23753->23754 23755 40a228 12 API calls 23754->23755 23756 60d38c 23755->23756 23756->23682 23757->23682 23759 40b3f0 12 API calls 23758->23759 23761 5c6d6f 23759->23761 23760 5c6d8a GetEnvironmentVariableW 23760->23761 23762 5c6d96 23760->23762 23761->23760 23765 5c6d9d 23761->23765 23771 5c77cc 12 API calls 23761->23771 23763 40a1c8 12 API calls 23762->23763 23763->23765 23765->23715 23766 5c6880 23765->23766 23772 5c6808 23766->23772 23770 5c7451 23769->23770 23770->23719 23771->23761 23773 5c567c 12 API calls 23772->23773 23774 5c6828 23773->23774 23775 5c6830 GetFileAttributesW 23774->23775 23776 40a1c8 12 API calls 23775->23776 23777 5c684d 23776->23777 23777->23715 23779 40a1c8 12 API calls 23778->23779 23781 60d23d 23779->23781 23782 40b73c 12 API calls 23781->23782 23783 60d26e 23781->23783 23800 40b29c 23781->23800 23782->23781 23784 40a1c8 12 API calls 23783->23784 23785 60d283 23784->23785 23785->23742 23788 40b566 23786->23788 23787 40b5eb 23787->23787 23788->23787 23789 40b3f0 12 API calls 23788->23789 23790 40b5a1 23788->23790 23789->23790 23790->23787 23791 40a5a8 12 API calls 23790->23791 23791->23787 23793 60bf74 2 API calls 23792->23793 23794 60c256 23793->23794 23795 60c25a 23794->23795 23803 5c6894 23794->23803 23795->23742 23798 60bfb0 Wow64RevertWow64FsRedirection 23799 60c295 23798->23799 23799->23742 23801 40a350 12 API calls 23800->23801 23802 40b2a9 23801->23802 23802->23781 23804 5c6808 13 API calls 23803->23804 23805 5c689e GetLastError 23804->23805 23805->23798 23807 46a12a 23806->23807 23817 46a218 FindResourceW 23807->23817 23809 46a15a 23809->23707 23829 469bf0 23810->23829 23812 6ac7c1 23813 40a228 12 API calls 23812->23813 23814 6ac85d 23813->23814 23815 40a1c8 12 API calls 23814->23815 23816 6ac865 23815->23816 23816->23709 23818 46a244 LoadResource 23817->23818 23819 46a23d 23817->23819 23821 46a257 23818->23821 23822 46a25e SizeofResource LockResource 23818->23822 23827 46a178 105 API calls 23819->23827 23828 46a178 105 API calls 23821->23828 23823 46a27c 23822->23823 23823->23809 23824 46a243 23824->23818 23826 46a25d 23826->23822 23827->23824 23828->23826 23832 4698b8 23829->23832 23831 469c0a 23831->23812 23833 4698c1 23832->23833 23836 4698fc 23833->23836 23835 4698dd 23835->23831 23837 469917 23836->23837 23838 469944 23837->23838 23839 4699c2 23837->23839 23863 4236fc 23838->23863 23867 4236a4 23839->23867 23842 469961 23862 4699c0 23842->23862 23871 423bd0 14 API calls 23842->23871 23843 4699cc 23843->23862 23874 423bd0 14 API calls 23843->23874 23845 40a5a8 12 API calls 23848 469a31 23845->23848 23846 4699e7 GetLastError 23875 427d54 14 API calls 23846->23875 23851 40a228 12 API calls 23848->23851 23850 469980 GetLastError 23872 427d54 14 API calls 23850->23872 23854 469a4b 23851->23854 23852 469a00 23876 429100 105 API calls 23852->23876 23854->23835 23856 469999 23873 429100 105 API calls 23856->23873 23857 469a22 23859 4098c4 12 API calls 23857->23859 23859->23862 23860 4699bb 23861 4098c4 12 API calls 23860->23861 23861->23862 23862->23845 23864 423712 23863->23864 23865 42374a 23863->23865 23866 423744 CreateFileW 23864->23866 23865->23842 23866->23865 23868 4236ba 23867->23868 23869 4236f8 23867->23869 23868->23869 23870 4236f2 CreateFileW 23868->23870 23869->23843 23870->23869 23871->23850 23872->23856 23873->23860 23874->23846 23875->23852 23876->23857 23878 5c747d 23877->23878 23878->23451 23880 40a1c8 12 API calls 23879->23880 23881 5c7498 GetModuleHandleW 23880->23881 23882 414020 14 API calls 23881->23882 23883 5c74ad 23882->23883 23883->23455 23885 5c754f GetVersion 23884->23885 23886 5c758b 23884->23886 23885->23886 23888 5c755f 23885->23888 23887 40a1c8 12 API calls 23886->23887 23889 5c7592 23887->23889 23890 5c745c GetSystemDirectoryW 23888->23890 23891 40a228 12 API calls 23889->23891 23892 5c7567 23890->23892 23893 5c75ac 23891->23893 23894 5c4ea4 12 API calls 23892->23894 23893->23460 23895 5c7572 23894->23895 23896 40b470 12 API calls 23895->23896 23897 5c757f 23896->23897 23898 5c52c8 13 API calls 23897->23898 23899 5c7589 23898->23899 23899->23889 23921 5c7a14 23900->23921 23902 6ac0f6 23903 6ac0fa 23902->23903 23904 6ac11c 23902->23904 23924 5c793c 23903->23924 23906 40a1c8 12 API calls 23904->23906 23908 6ac123 23906->23908 23908->23476 23909 6ac111 RegCloseKey 23909->23908 23910 40a1c8 12 API calls 23910->23909 23912 6ac18e 23911->23912 23913 5c7a14 RegOpenKeyExW 23912->23913 23914 6ac1b6 23913->23914 23915 6ac1e7 23914->23915 23916 5c793c 14 API calls 23914->23916 23915->23522 23917 6ac1cc 23916->23917 23918 5c793c 14 API calls 23917->23918 23919 6ac1de RegCloseKey 23918->23919 23919->23915 23920->23474 23922 5c7a1f 23921->23922 23923 5c7a25 RegOpenKeyExW 23921->23923 23922->23923 23923->23902 23927 5c77f4 23924->23927 23928 5c781a RegQueryValueExW 23927->23928 23929 5c783d 23928->23929 23934 5c785f 23928->23934 23931 5c7857 23929->23931 23929->23934 23936 40a350 12 API calls 23929->23936 23937 40a774 12 API calls 23929->23937 23945 428ffc 12 API calls 23929->23945 23930 40a1c8 12 API calls 23932 5c7929 23930->23932 23933 40a1c8 12 API calls 23931->23933 23932->23909 23932->23910 23933->23934 23934->23930 23936->23929 23938 5c7892 RegQueryValueExW 23937->23938 23938->23928 23939 5c78ae 23938->23939 23939->23934 23940 40b3f0 12 API calls 23939->23940 23941 5c78ee 23940->23941 23942 5c7900 23941->23942 23944 40a774 12 API calls 23941->23944 23943 40a5a8 12 API calls 23942->23943 23943->23934 23944->23942 23945->23929 23947 40b278 23946->23947 23948 42b880 LoadLibraryW 23947->23948 23948->23540 23949->23546 23950->23558 23954 60f468 23951->23954 23956 60f485 23954->23956 23955 40b698 12 API calls 23955->23956 23956->23955 23959 5c77c4 12 API calls 23956->23959 23960 60f52d 23956->23960 23963 60f4f7 OpenMutexW 23956->23963 23968 4225ec 12 API calls 23956->23968 23969 5c8b3c InitializeSecurityDescriptor SetSecurityDescriptorDacl 23956->23969 23973 40b6e0 12 API calls 23956->23973 23959->23956 23961 40a1c8 12 API calls 23960->23961 23964 60f542 23961->23964 23963->23956 23965 60f508 CloseHandle 23963->23965 23966 40a228 12 API calls 23964->23966 23965->23960 23967 60f54f 23966->23967 23967->23558 23968->23956 23970 5c8b79 23969->23970 23974 413e90 CreateMutexW 23970->23974 23972 5c8b86 23972->23956 23973->23956 23974->23972 23976 68de4b 23975->23976 23999 5d064c 23976->23999 23978 68de6e 24003 5d0a74 23978->24003 23980 68de81 24017 4ee668 119 API calls 23980->24017 23982 68dea6 24018 51241c 23982->24018 23986 68dee4 23987 68df0f 23986->23987 23989 608318 128 API calls 23986->23989 23988 68df47 23987->23988 23990 40b550 12 API calls 23987->23990 23991 51241c 12 API calls 23988->23991 23989->23987 23992 68df39 23990->23992 23993 68df68 23991->23993 23994 51241c 12 API calls 23992->23994 23995 40a1c8 12 API calls 23993->23995 23994->23988 23996 68df7d 23995->23996 23997 68e02c 12 API calls 23996->23997 23997->23565 23998->23567 24000 5d0655 23999->24000 24041 5ad608 24000->24041 24002 5d0687 24002->23978 24223 5ce198 24003->24223 24007 5d0abe 24008 5d0bb5 24007->24008 24258 5d10c4 105 API calls 24007->24258 24008->23980 24010 5d0ae8 24259 5d0564 105 API calls 24010->24259 24012 5d0b04 24260 5ce3fc 109 API calls 24012->24260 24014 5d0b26 MulDiv MulDiv 24016 5d0b7e 24014->24016 24016->23980 24017->23982 24294 5123c8 24018->24294 24020 51243f 24021 40a1c8 12 API calls 24020->24021 24022 512470 24021->24022 24023 608318 24022->24023 24024 608338 LoadImageW 24023->24024 24026 608396 LoadImageW 24024->24026 24028 6083ac 24024->24028 24026->24028 24027 60846c 24027->23986 24028->24027 24300 4f53ac GetIconInfo GetObjectW DeleteObject DeleteObject 24028->24300 24030 6083db 24301 5118b8 KiUserCallbackDispatcher 24030->24301 24034 6083fd 24305 4f32dc 24034->24305 24037 4eee3c 119 API calls 24038 608414 24037->24038 24039 4f32dc 114 API calls 24038->24039 24040 608442 24039->24040 24040->23986 24042 5ad61c 24041->24042 24056 5acbf4 24042->24056 24044 5ad75b 24044->24002 24045 5ad642 24045->24044 24060 4648c0 24045->24060 24048 5ad71d 24048->24002 24050 5ad6ec 24073 410300 76 API calls 24050->24073 24052 5ad709 24074 429044 105 API calls 24052->24074 24054 5ad718 24055 4098c4 12 API calls 24054->24055 24055->24048 24057 5acbfd 24056->24057 24075 515554 24057->24075 24059 5acc13 24059->24045 24061 4648d6 24060->24061 24062 46490b 24061->24062 24129 464728 105 API calls 24061->24129 24115 464834 24062->24115 24065 464926 24066 464943 24065->24066 24130 46478c 76 API calls 24065->24130 24068 46495b 24066->24068 24131 4647c4 76 API calls 24066->24131 24068->24048 24070 408344 24068->24070 24203 41029c 24070->24203 24073->24052 24074->24054 24076 51555e 24075->24076 24085 510e28 24076->24085 24078 515574 24079 47845c VirtualAlloc 24078->24079 24080 51557f 24079->24080 24091 4eec78 24080->24091 24082 515591 24095 4eee3c 24082->24095 24084 5155a3 24084->24059 24086 510e32 24085->24086 24099 475e7c 24086->24099 24088 510e48 24103 4ee010 24088->24103 24090 510e6a 24090->24078 24092 4eec7e 24091->24092 24093 4ed740 113 API calls 24092->24093 24094 4eeca2 24093->24094 24094->24082 24097 4eee4d 24095->24097 24096 4eee85 24096->24084 24097->24096 24114 4eedb8 119 API calls 24097->24114 24100 475e83 24099->24100 24101 475ea8 24100->24101 24107 4761bc 110 API calls 24100->24107 24101->24088 24104 4ee016 24103->24104 24108 4ed740 24104->24108 24106 4ee041 24106->24090 24107->24101 24109 4ed6cc 24108->24109 24110 4ed75c EnterCriticalSection 24109->24110 24111 47566c 111 API calls 24110->24111 24113 4ed783 24111->24113 24112 4ed816 LeaveCriticalSection 24112->24106 24113->24112 24114->24096 24116 464898 24115->24116 24118 464855 24115->24118 24117 40a1c8 12 API calls 24116->24117 24119 4648af 24117->24119 24118->24116 24120 464834 114 API calls 24118->24120 24119->24065 24121 46486d 24120->24121 24122 408344 13 API calls 24121->24122 24123 46487a 24122->24123 24132 40d74c 24123->24132 24127 46488a 24140 45dcd4 24127->24140 24129->24062 24130->24066 24131->24068 24149 40d724 VirtualQuery 24132->24149 24135 40d79c 24136 40d7c9 24135->24136 24137 40d7aa 24135->24137 24136->24127 24137->24136 24151 40d754 24137->24151 24141 45dce5 24140->24141 24142 45dcf4 FindResourceW 24141->24142 24143 45dd04 24142->24143 24144 45dd51 24142->24144 24145 46a120 109 API calls 24143->24145 24144->24116 24146 45dd15 24145->24146 24165 46970c 24146->24165 24148 45dd30 24148->24116 24150 40d73e 24149->24150 24150->24135 24152 40d764 GetModuleFileNameW 24151->24152 24153 40d780 24151->24153 24155 40e9e0 GetModuleFileNameW 24152->24155 24153->24127 24156 40ea2e 24155->24156 24157 40e8bc 72 API calls 24156->24157 24158 40ea5a 24157->24158 24159 40ea74 24158->24159 24160 40ea6c LoadLibraryExW 24158->24160 24161 40a228 12 API calls 24159->24161 24160->24159 24162 40ea91 24161->24162 24163 40a1c8 12 API calls 24162->24163 24164 40ea99 24163->24164 24164->24153 24170 46a2ec 24165->24170 24167 469728 24174 46e33c 24167->24174 24169 469743 24169->24148 24171 46a2f7 24170->24171 24172 40d208 59 API calls 24171->24172 24173 46a32c 24172->24173 24173->24167 24175 46e750 76 API calls 24174->24175 24176 46e375 24175->24176 24177 46e3b4 24176->24177 24178 46e3e9 24176->24178 24180 46e774 107 API calls 24177->24180 24179 46e774 107 API calls 24178->24179 24181 46e3fa 24179->24181 24182 46e3bf 24180->24182 24183 46e403 24181->24183 24184 46e410 24181->24184 24185 45aa04 105 API calls 24182->24185 24187 46e774 107 API calls 24183->24187 24188 46e774 107 API calls 24184->24188 24186 46e3c7 24185->24186 24191 46e774 107 API calls 24186->24191 24193 46e3dc 24187->24193 24189 46e42b 24188->24189 24190 46e2d4 105 API calls 24189->24190 24190->24193 24191->24193 24192 45a710 105 API calls 24194 46e461 24192->24194 24193->24192 24195 41063c 12 API calls 24194->24195 24196 46e486 24195->24196 24197 47aed0 12 API calls 24196->24197 24198 46e495 24196->24198 24197->24198 24199 4cba40 59 API calls 24198->24199 24201 46e4fe 24198->24201 24199->24201 24200 46e57c 24200->24169 24201->24200 24202 4cb0fc 76 API calls 24201->24202 24202->24201 24206 4101ec 24203->24206 24207 40a1c8 12 API calls 24206->24207 24208 410222 24207->24208 24209 410278 24208->24209 24211 40b3f0 12 API calls 24208->24211 24210 40a1c8 12 API calls 24209->24210 24212 408356 24210->24212 24213 41023c 24211->24213 24212->24050 24222 40fef8 MultiByteToWideChar 24213->24222 24215 410253 24216 410266 24215->24216 24217 410259 24215->24217 24219 40a1c8 12 API calls 24216->24219 24218 40b3f0 12 API calls 24217->24218 24220 410264 24218->24220 24219->24220 24221 40a5a8 12 API calls 24220->24221 24221->24209 24222->24215 24224 5ce21c 24223->24224 24225 5ce1c6 24223->24225 24267 5c83b8 15 API calls 24224->24267 24226 5c7f8c 3 API calls 24225->24226 24228 5ce1cd 24226->24228 24230 5ce1f1 24228->24230 24231 5ce1d1 24228->24231 24229 5ce224 24268 4ee5c4 120 API calls 24229->24268 24230->24224 24237 5c7f8c 3 API calls 24230->24237 24261 4ee5c4 120 API calls 24231->24261 24234 5ce22e 24269 5ce180 MulDiv 24234->24269 24235 5ce1da 24262 5ce180 MulDiv 24235->24262 24240 5ce1fc 24237->24240 24239 5ce236 24270 4ee504 119 API calls 24239->24270 24240->24224 24241 5ce200 24240->24241 24264 4ee5c4 120 API calls 24241->24264 24242 5ce1e2 24263 4ee504 119 API calls 24242->24263 24246 5ce1eb 24247 40a1c8 12 API calls 24246->24247 24249 5ce254 24247->24249 24248 5ce209 24265 5ce180 MulDiv 24248->24265 24253 5ce26c GetDC 24249->24253 24251 5ce211 24266 4ee504 119 API calls 24251->24266 24271 4ee238 24253->24271 24255 5ce29a SelectObject GetTextExtentPointW 24256 5ce2c8 24255->24256 24257 5ce2cb GetTextMetricsW ReleaseDC 24255->24257 24256->24257 24257->24007 24258->24010 24259->24012 24260->24014 24261->24235 24262->24242 24263->24246 24264->24248 24265->24251 24266->24246 24267->24229 24268->24234 24269->24239 24270->24246 24272 4ee47e 24271->24272 24273 4ee271 EnterCriticalSection 24271->24273 24274 40a1c8 12 API calls 24272->24274 24275 4ee455 LeaveCriticalSection 24273->24275 24279 4ee2a0 24273->24279 24276 4ee499 24274->24276 24275->24255 24277 40a228 12 API calls 24276->24277 24278 4ee4a6 24277->24278 24278->24255 24280 4ee38e 24279->24280 24281 4ee33c 24279->24281 24283 40a1c8 12 API calls 24280->24283 24282 40a1c8 12 API calls 24281->24282 24284 4ee352 24282->24284 24285 4ee3a4 24283->24285 24286 4101ec 13 API calls 24284->24286 24287 4101ec 13 API calls 24285->24287 24288 4ee361 24286->24288 24289 4ee3b4 24287->24289 24291 40a1c8 12 API calls 24288->24291 24290 40a1c8 12 API calls 24289->24290 24292 4ee3d9 24290->24292 24293 4ee386 24291->24293 24292->24255 24293->24255 24295 5123d6 24294->24295 24296 40a350 12 API calls 24295->24296 24298 5123e3 24296->24298 24297 512416 24297->24020 24298->24297 24299 40b3f0 12 API calls 24298->24299 24299->24297 24300->24030 24302 5118de 24301->24302 24303 5118ec KiUserCallbackDispatcher 24302->24303 24304 511912 24303->24304 24304->24034 24306 4f3301 24305->24306 24307 4f32e6 24305->24307 24306->24037 24307->24306 24309 4f1cbc 114 API calls 24307->24309 24309->24306 24311 40b278 24310->24311 24312 42402a SetCurrentDirectoryW 24311->24312 24312->23578 24313->23578 24315 60f09e 24314->24315 24316 60f0c9 24315->24316 24317 60f0ba 24315->24317 24319 40b550 12 API calls 24316->24319 24318 40a5f0 12 API calls 24317->24318 24324 60f0c4 24318->24324 24320 60f0e1 24319->24320 24321 60f0fb 24320->24321 24322 40b550 12 API calls 24320->24322 24410 5c53d0 12 API calls 24321->24410 24322->24321 24325 5c745c GetSystemDirectoryW 24324->24325 24327 60f1e4 24324->24327 24325->24327 24326 60f105 24330 60f120 24326->24330 24411 5c53d0 12 API calls 24326->24411 24394 60c038 24327->24394 24345 60f16f 24330->24345 24412 5c77e8 48 API calls 24330->24412 24331 60f136 24333 60f171 24331->24333 24334 60f13a 24331->24334 24335 5c7430 GetWindowsDirectoryW 24333->24335 24337 5c745c GetSystemDirectoryW 24334->24337 24338 60f17e 24335->24338 24336 60f217 24339 60f221 GetLastError 24336->24339 24340 60f22a CloseHandle 24336->24340 24341 60f147 24337->24341 24342 5c4ea4 12 API calls 24338->24342 24343 60f243 24339->24343 24401 60efd8 24340->24401 24346 5c4ea4 12 API calls 24341->24346 24347 60f189 24342->24347 24349 40a228 12 API calls 24343->24349 24345->24324 24413 5c5378 12 API calls 24345->24413 24350 60f152 24346->24350 24351 40b550 12 API calls 24347->24351 24352 60f25d 24349->24352 24353 40b550 12 API calls 24350->24353 24351->24345 24354 40a1c8 12 API calls 24352->24354 24353->24345 24355 60f265 24354->24355 24356 40a1c8 12 API calls 24355->24356 24357 60f26d 24356->24357 24357->23578 24359 60f353 24358->24359 24363 60f37f 24359->24363 24414 5c5378 12 API calls 24359->24414 24361 60f371 24362 5c745c GetSystemDirectoryW 24361->24362 24361->24363 24362->24363 24364 60f3c7 ShellExecuteExW 24363->24364 24365 60f3e3 GetLastError 24364->24365 24366 60f3ec 24364->24366 24367 60f406 24365->24367 24366->24367 24368 60efd8 4 API calls 24366->24368 24369 40a1c8 12 API calls 24367->24369 24368->24367 24370 60f41b 24369->24370 24370->23578 24371->23578 24372->23578 24373->23578 24374->23587 24375->23587 24376->23587 24377->23587 24378->23587 24379->23600 24380->23587 24381->23587 24382->23587 24383->23625 24384->23625 24385->23625 24386->23625 24387->23625 24388->23625 24389->23625 24390->23625 24391->23625 24392->23590 24393->23627 24395 60bf74 2 API calls 24394->24395 24396 60c051 24395->24396 24397 60c055 24396->24397 24398 60c05c CreateProcessW GetLastError 24396->24398 24397->24336 24399 60bfb0 Wow64RevertWow64FsRedirection 24398->24399 24400 60c0b1 24399->24400 24400->24336 24402 60f010 24401->24402 24403 60effc WaitForInputIdle 24401->24403 24404 60f032 GetExitCodeProcess 24402->24404 24408 60f017 MsgWaitForMultipleObjects 24402->24408 24403->24402 24405 60f040 24404->24405 24406 60f046 CloseHandle 24404->24406 24405->24406 24406->24343 24408->24402 24409 60f030 24408->24409 24409->24404 24410->24326 24411->24330 24412->24331 24413->24324 24414->24361 24416 6a3497 24415->24416 24431 6a326c 24416->24431 24419 6a34c2 24443 68f528 24419->24443 24421 6a3572 24422 6a357f 24421->24422 24461 6a2554 105 API calls 24421->24461 24422->23662 24424 6a34cd 24424->24422 24450 6a27e4 24424->24450 24426 6a3516 24459 6a25e8 105 API calls 24426->24459 24428 6a3547 24460 5de104 12 API calls 24428->24460 24430 6a355c 24430->23662 24462 5eaaec 24431->24462 24433 6a33cc 24434 6a33e3 24433->24434 24469 5d7628 12 API calls 24433->24469 24435 40a228 12 API calls 24434->24435 24437 6a3400 24435->24437 24438 40a1ec 12 API calls 24437->24438 24439 6a3408 24438->24439 24439->24419 24439->24421 24441 6a32a8 24441->24433 24467 5f6da4 12 API calls 24441->24467 24468 5d7628 12 API calls 24441->24468 24475 5ead6c 24443->24475 24445 68f537 24446 5ead6c 12 API calls 24445->24446 24447 68f559 24446->24447 24448 5ead6c 12 API calls 24447->24448 24449 68f57b 24448->24449 24449->24424 24451 6a293b 24450->24451 24454 6a27fe 24450->24454 24451->24426 24452 429008 12 API calls 24452->24454 24453 4098c4 12 API calls 24453->24454 24454->24451 24454->24452 24454->24453 24456 40a5a8 12 API calls 24454->24456 24457 40a644 12 API calls 24454->24457 24480 40a1a8 SysAllocStringLen SysFreeString SysReAllocStringLen 24454->24480 24481 5d7628 12 API calls 24454->24481 24456->24454 24457->24454 24459->24428 24460->24430 24461->24422 24470 5d78a0 24462->24470 24464 5eab17 24465 40a1ec 12 API calls 24464->24465 24466 5eab9d 24465->24466 24466->24441 24467->24441 24468->24441 24469->24434 24471 40a644 12 API calls 24470->24471 24473 5d78b0 24471->24473 24472 5d78ea 24472->24464 24473->24472 24474 40a77c 12 API calls 24473->24474 24474->24473 24476 5d78a0 12 API calls 24475->24476 24479 5ead96 24476->24479 24477 40a1ec 12 API calls 24478 5eade8 24477->24478 24478->24445 24479->24477 24480->24454 24481->24454 24483 4786c8 24482->24483 24483->23374 24484 68dff4 24485 68dfff 24484->24485 24490 62d05c 24485->24490 24489 68e01e 24501 62cfb8 24490->24501 24492 62d064 24493 5ada70 24492->24493 24494 5ada7b 24493->24494 24506 5b1bec 115 API calls 24494->24506 24496 5adad2 24507 5b52d4 110 API calls 24496->24507 24498 5adaf6 24508 5acc94 24498->24508 24500 5adb91 24500->24489 24502 62cfd5 GetVersion 24501->24502 24505 62d004 24501->24505 24503 62cfe2 24502->24503 24502->24505 24504 62cfea CoCreateInstance 24503->24504 24504->24505 24505->24492 24506->24496 24507->24498 24509 5acc9e 24508->24509 24512 5156a0 24509->24512 24511 5acce4 24511->24500 24513 5156ac 24512->24513 24527 476338 76 API calls 24513->24527 24515 5156b7 24528 51c224 111 API calls 24515->24528 24517 5156be 24519 5156e2 24517->24519 24533 50f840 105 API calls 24517->24533 24524 51573b 24519->24524 24529 516a28 24519->24529 24523 515786 24536 510fa8 110 API calls 24523->24536 24524->24523 24534 516ca4 105 API calls 24524->24534 24535 516a98 105 API calls 24524->24535 24526 51580a 24526->24511 24527->24515 24528->24517 24530 516a37 24529->24530 24531 516a44 24530->24531 24537 5b16a4 24530->24537 24531->24524 24533->24519 24534->24524 24535->24524 24536->24526 24538 5b16b1 24537->24538 24539 5b16e5 24538->24539 24541 5b15c8 24538->24541 24539->24531 24542 5b1657 24541->24542 24546 5b15ea 24541->24546 24544 40a1c8 12 API calls 24542->24544 24543 5b163b 24543->24542 24554 5b1a08 107 API calls 24543->24554 24545 5b1677 24544->24545 24545->24539 24546->24543 24553 410300 76 API calls 24546->24553 24549 5b1627 24550 429008 12 API calls 24549->24550 24551 5b1636 24550->24551 24552 4098c4 12 API calls 24551->24552 24552->24543 24553->24549 24554->24542

                                                                                                                              Executed Functions

                                                                                                                              Function 005C7CE0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 181memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 43%
                                                                                                                              			E005C7CE0(long __eax) {
				signed char _v5;
				void* _v12;
				char _v16;
				void* _v20;
				long _v24;
				void* _v28;
				struct _SID_IDENTIFIER_AUTHORITY* _v32;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t89;
				long _t97;
				signed int _t100;
				intOrPtr _t105;
				intOrPtr _t106;
				void* _t107;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t115;
				intOrPtr _t116;

				_t113 = _t115;
				_t116 = _t115 + 0xffffffe4;
				_push(_t107);
				_t97 = __eax;
				if(E00429D18() == 2) {
					_v5 = 0;
					_v32 = 0x6ccce0;
					if(AllocateAndInitializeSid(_v32, 2, 0x20, _t97, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						goto L26;
					} else {
						_push(_t113);
						_push(0x5c7ecb);
						_push( *[fs:eax]);
						 *[fs:eax] = _t116;
						_t99 = 0;
						if((GetVersion() & 0x000000ff) >= 5) {
							_t99 = E00414020(0, _t107, GetModuleHandleW(L"advapi32.dll"), L"CheckTokenMembership");
						}
						if(_t99 == 0) {
							_v28 = 0;
							if(OpenThreadToken(GetCurrentThread(), 8, 0xffffffff,  &_v20) != 0) {
								L13:
								_push(_t113);
								_push(0x5c7ead);
								_push( *[fs:eax]);
								 *[fs:eax] = _t116;
								_v24 = 0;
								if(GetTokenInformation(_v20, 2, 0, 0,  &_v24) != 0 || GetLastError() == 0x7a) {
									_v28 = E00406F0C(_v24);
									if(GetTokenInformation(_v20, 2, _v28, _v24,  &_v24) != 0) {
										_t110 =  *_v28 - 1;
										if(_t110 >= 0) {
											_t111 = _t110 + 1;
											_t100 = 0;
											while(EqualSid(_v12,  *(_v28 + 4 + _t100 * 8)) == 0 || ( *(_v28 + 8 + _t100 * 8) & 0x00000014) != 4) {
												_t100 = _t100 + 1;
												_t111 = _t111 - 1;
												if(_t111 != 0) {
													continue;
												}
												goto L24;
											}
											_v5 = 1;
										}
										L24:
										_pop(_t105);
										 *[fs:eax] = _t105;
										_push(E005C7EB4);
										E00406F28(_v28);
										return CloseHandle(_v20);
									} else {
										E004099B8();
										E004099B8();
										goto L26;
									}
								} else {
									E004099B8();
									E004099B8();
									goto L26;
								}
							} else {
								if(GetLastError() == 0x3f0) {
									if(OpenProcessToken(GetCurrentProcess(), 8,  &_v20) != 0) {
										goto L13;
									} else {
										E004099B8();
										goto L26;
									}
								} else {
									E004099B8();
									goto L26;
								}
							}
						} else {
							_t89 =  *_t99(0, _v12,  &_v16); // executed
							if(_t89 != 0) {
								asm("sbb eax, eax");
								_v5 = _t89 + 1;
							}
							_pop(_t106);
							 *[fs:eax] = _t106;
							_push(E005C7ED2);
							return FreeSid(_v12);
						}
					}
				} else {
					_v5 = 1;
					L26:
					return _v5 & 0x000000ff;
				}
			}
























                                                                                                                              0x005c7ce1
                                                                                                                              0x005c7ce3
                                                                                                                              0x005c7ce7
                                                                                                                              0x005c7ce8
                                                                                                                              0x005c7cf2
                                                                                                                              0x005c7cfd
                                                                                                                              0x005c7d06
                                                                                                                              0x005c7d29
                                                                                                                              0x00000000
                                                                                                                              0x005c7d2f
                                                                                                                              0x005c7d31
                                                                                                                              0x005c7d32
                                                                                                                              0x005c7d37
                                                                                                                              0x005c7d3a
                                                                                                                              0x005c7d3d
                                                                                                                              0x005c7d4d
                                                                                                                              0x005c7d64
                                                                                                                              0x005c7d64
                                                                                                                              0x005c7d68
                                                                                                                              0x005c7d8f
                                                                                                                              0x005c7da7
                                                                                                                              0x005c7dde
                                                                                                                              0x005c7de0
                                                                                                                              0x005c7de1
                                                                                                                              0x005c7de6
                                                                                                                              0x005c7de9
                                                                                                                              0x005c7dee
                                                                                                                              0x005c7e06
                                                                                                                              0x005c7e29
                                                                                                                              0x005c7e45
                                                                                                                              0x005c7e58
                                                                                                                              0x005c7e5b
                                                                                                                              0x005c7e5d
                                                                                                                              0x005c7e5e
                                                                                                                              0x005c7e60
                                                                                                                              0x005c7e8a
                                                                                                                              0x005c7e8b
                                                                                                                              0x005c7e8c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x005c7e8c
                                                                                                                              0x005c7e84
                                                                                                                              0x005c7e84
                                                                                                                              0x005c7e8e
                                                                                                                              0x005c7e90
                                                                                                                              0x005c7e93
                                                                                                                              0x005c7e96
                                                                                                                              0x005c7e9e
                                                                                                                              0x005c7eac
                                                                                                                              0x005c7e47
                                                                                                                              0x005c7e47
                                                                                                                              0x005c7e4c
                                                                                                                              0x00000000
                                                                                                                              0x005c7e4c
                                                                                                                              0x005c7e12
                                                                                                                              0x005c7e12
                                                                                                                              0x005c7e17
                                                                                                                              0x00000000
                                                                                                                              0x005c7e17
                                                                                                                              0x005c7da9
                                                                                                                              0x005c7db3
                                                                                                                              0x005c7dd2
                                                                                                                              0x00000000
                                                                                                                              0x005c7dd4
                                                                                                                              0x005c7dd4
                                                                                                                              0x00000000
                                                                                                                              0x005c7dd4
                                                                                                                              0x005c7db5
                                                                                                                              0x005c7db5
                                                                                                                              0x00000000
                                                                                                                              0x005c7db5
                                                                                                                              0x005c7db3
                                                                                                                              0x005c7d6a
                                                                                                                              0x005c7d74
                                                                                                                              0x005c7d78
                                                                                                                              0x005c7d82
                                                                                                                              0x005c7d85
                                                                                                                              0x005c7d85
                                                                                                                              0x005c7eb6
                                                                                                                              0x005c7eb9
                                                                                                                              0x005c7ebc
                                                                                                                              0x005c7eca
                                                                                                                              0x005c7eca
                                                                                                                              0x005c7d68
                                                                                                                              0x005c7cf4
                                                                                                                              0x005c7cf4
                                                                                                                              0x005c7ed2
                                                                                                                              0x005c7edb
                                                                                                                              0x005c7edb

                                                                                                                              APIs
                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D22
                                                                                                                              • GetVersion.KERNEL32(00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D3F
                                                                                                                              • GetModuleHandleW.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D59
                                                                                                                              • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,005C7ECB,?,00000005,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7D74
                                                                                                                              • FreeSid.ADVAPI32(00000000,005C7ED2,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C7EC5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateCheckFreeHandleInitializeMembershipModuleTokenVersion
                                                                                                                              • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                              • API String ID: 2691416632-1888249752
                                                                                                                              • Opcode ID: 7eaf172969854dfabfe2384070bf8caee8e22896a72bba252f0bea0079ae3f0e
                                                                                                                              • Instruction ID: 9e47304f2c2519385998e5d426bc562542af73c677c294aaacd6cf1c30b33c32
                                                                                                                              • Opcode Fuzzy Hash: 7eaf172969854dfabfe2384070bf8caee8e22896a72bba252f0bea0079ae3f0e
                                                                                                                              • Instruction Fuzzy Hash: A2514472A0830D6EDB11EAF98D42FBE7BACBF1C705F1044AEF501E6681D6789D408B65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E7F0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E0040E7F0(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t61);
				_push(0x40e8b0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L0040524C();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040B318( &_v20, 4,  &_v16);
				E0040B4C8(_t44, _v20, _v8);
				_t29 = E0040E6A0( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040B318( &_v24, 4,  &_v16);
					E0040B4C8(_t44, _v24, _v8);
					_t40 = E0040E6A0( *_t44, _t44); // executed
					if(_t40 == 0) {
						E0040A1C8(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040E8B7);
				E0040A228( &_v24, 2);
				return E0040A1C8( &_v8);
			}













                                                                                                                              0x0040e7f6
                                                                                                                              0x0040e7f9
                                                                                                                              0x0040e7fc
                                                                                                                              0x0040e7ff
                                                                                                                              0x0040e801
                                                                                                                              0x0040e807
                                                                                                                              0x0040e80e
                                                                                                                              0x0040e80f
                                                                                                                              0x0040e814
                                                                                                                              0x0040e817
                                                                                                                              0x0040e81c
                                                                                                                              0x0040e822
                                                                                                                              0x0040e82b
                                                                                                                              0x0040e83b
                                                                                                                              0x0040e848
                                                                                                                              0x0040e84f
                                                                                                                              0x0040e856
                                                                                                                              0x0040e858
                                                                                                                              0x0040e869
                                                                                                                              0x0040e876
                                                                                                                              0x0040e87d
                                                                                                                              0x0040e884
                                                                                                                              0x0040e888
                                                                                                                              0x0040e888
                                                                                                                              0x0040e884
                                                                                                                              0x0040e88f
                                                                                                                              0x0040e892
                                                                                                                              0x0040e895
                                                                                                                              0x0040e8a2
                                                                                                                              0x0040e8af

                                                                                                                              APIs
                                                                                                                              • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040E8B0,?,?), ref: 0040E822
                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040E8B0,?,?), ref: 0040E82B
                                                                                                                                • Part of subcall function 0040E6A0: FindFirstFileW.KERNEL32(00000000,?,00000000,0040E6FE,?,?), ref: 0040E6D3
                                                                                                                                • Part of subcall function 0040E6A0: FindClose.KERNEL32(00000000,00000000,?,00000000,0040E6FE,?,?), ref: 0040E6E3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3216391948-0
                                                                                                                              • Opcode ID: 4f4e845a1bd2874fd9ef47becd123c76b58742bb5706f28c9b712a7f9af8110b
                                                                                                                              • Instruction ID: 1e50cd0e94847efb8cb05e6df71b151ee34378a03d53e12baea26e8823c5d93b
                                                                                                                              • Opcode Fuzzy Hash: 4f4e845a1bd2874fd9ef47becd123c76b58742bb5706f28c9b712a7f9af8110b
                                                                                                                              • Instruction Fuzzy Hash: 71114270A002099BDB04EF96D982AAEB3B9EF45304F90487EF904B73C1D7395E148B6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0062CFB8 Relevance: 3.1, APIs: 2, Instructions: 52comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 48%
                                                                                                                              			E0062CFB8(void* __ebx) {
				void* _v8;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr* _t25;
				intOrPtr _t34;
				intOrPtr _t38;

				_push(0);
				_push(_t38);
				_push(0x62d04e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t38;
				if( *0x6d63b4 != 0) {
					L6:
					_pop(_t34);
					 *[fs:eax] = _t34;
					_push(E0062D055);
					return E0040EC28( &_v8);
				}
				if(GetVersion() >= 0x601) {
					_push(E0040EC28( &_v8));
					_t20 =  *0x6ce1cc; // 0x6cd0d4
					_push(_t20);
					_push(1);
					_push(0);
					_t21 =  *0x6cdad4; // 0x6cd0c4
					_push(_t21); // executed
					L0043C1EC(); // executed
					if(_t21 == 0) {
						_t22 = _v8;
						_push(_t22);
						if( *((intOrPtr*)( *_t22 + 0xc))() == 0) {
							_t25 = _v8;
							 *((intOrPtr*)( *_t25 + 4))(_t25);
							E0040EC40(0x6d63b8, _v8);
						}
					}
				}
				 *0x6d63b4 = 1;
				goto L6;
			}










                                                                                                                              0x0062cfbb
                                                                                                                              0x0062cfc0
                                                                                                                              0x0062cfc1
                                                                                                                              0x0062cfc6
                                                                                                                              0x0062cfc9
                                                                                                                              0x0062cfd3
                                                                                                                              0x0062d02e
                                                                                                                              0x0062d03a
                                                                                                                              0x0062d03d
                                                                                                                              0x0062d040
                                                                                                                              0x0062d04d
                                                                                                                              0x0062d04d
                                                                                                                              0x0062cfe0
                                                                                                                              0x0062cfea
                                                                                                                              0x0062cfeb
                                                                                                                              0x0062cff0
                                                                                                                              0x0062cff1
                                                                                                                              0x0062cff3
                                                                                                                              0x0062cff5
                                                                                                                              0x0062cffa
                                                                                                                              0x0062cffb
                                                                                                                              0x0062d002
                                                                                                                              0x0062d004
                                                                                                                              0x0062d007
                                                                                                                              0x0062d00f
                                                                                                                              0x0062d011
                                                                                                                              0x0062d017
                                                                                                                              0x0062d022
                                                                                                                              0x0062d022
                                                                                                                              0x0062d00f
                                                                                                                              0x0062d002
                                                                                                                              0x0062d027
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetVersion.KERNEL32(00000000,0062D04E,?,00000000,00000000,?,0062D064,?,0068E013), ref: 0062CFD5
                                                                                                                              • CoCreateInstance.OLE32(006CD0C4,00000000,00000001,006CD0D4,00000000,00000000,0062D04E,?,00000000,00000000,?,0062D064,?,0068E013), ref: 0062CFFB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInstanceVersion
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1462612201-0
                                                                                                                              • Opcode ID: cbb049565a1867f24a50483da30d8e7f142d0e73d3a7e9700637a94f81e4e663
                                                                                                                              • Instruction ID: 9475dfad4fa877b1df6a840545b6a6068a8d92e7f1f871649489f85859f50de3
                                                                                                                              • Opcode Fuzzy Hash: cbb049565a1867f24a50483da30d8e7f142d0e73d3a7e9700637a94f81e4e663
                                                                                                                              • Instruction Fuzzy Hash: F511D231648A04AFEB10EF69ED4AF5A77EEEB45308F4214BAF400D7AA1C775AD10CB15
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060C2B0 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E0060C2B0(void* __eax, struct _WIN32_FIND_DATAW* __ecx, void* __edx, void* __eflags) {
				void* _v8;
				char _v16;
				long _v20;
				void* _t13;
				intOrPtr _t27;
				void* _t35;
				void* _t37;
				intOrPtr _t38;

				_t35 = _t37;
				_t38 = _t37 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t35);
					_push(0x60c313);
					_push( *[fs:eax]);
					 *[fs:eax] = _t38;
					_t13 = FindFirstFileW(E0040B278(__edx), __ecx); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C31A);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0xffffffff;
					return _v8;
				}
			}











                                                                                                                              0x0060c2b1
                                                                                                                              0x0060c2b3
                                                                                                                              0x0060c2cb
                                                                                                                              0x0060c2d8
                                                                                                                              0x0060c2d9
                                                                                                                              0x0060c2de
                                                                                                                              0x0060c2e1
                                                                                                                              0x0060c2ed
                                                                                                                              0x0060c2f2
                                                                                                                              0x0060c2fa
                                                                                                                              0x0060c2ff
                                                                                                                              0x0060c302
                                                                                                                              0x0060c305
                                                                                                                              0x0060c312
                                                                                                                              0x0060c2cd
                                                                                                                              0x0060c2cd
                                                                                                                              0x0060c32c
                                                                                                                              0x0060c32c

                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,0060C313,?,?,?,00000000), ref: 0060C2ED
                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000000,0060C313,?,?,?,00000000), ref: 0060C2F5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFileFindFirstLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 873889042-0
                                                                                                                              • Opcode ID: 2c28104d048e73625ee3d3eed8fae21a8e15aade9eb95d70cdbdcf15955165a1
                                                                                                                              • Instruction ID: 0e0656a6fbe86c5836fc78b0efda7e26b232c5910eabf30e6ebd6b813bae866c
                                                                                                                              • Opcode Fuzzy Hash: 2c28104d048e73625ee3d3eed8fae21a8e15aade9eb95d70cdbdcf15955165a1
                                                                                                                              • Instruction Fuzzy Hash: 1BF0F931A84208ABCB14DFBA9C0189FF7ADEB4533075147BAF814D32D1DB744E004598
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E6A0 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 46%
                                                                                                                              			E0040E6A0(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t27);
				_push(0x40e6fe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E0040B278(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040E705);
				return E0040A1C8( &_v8);
			}








                                                                                                                              0x0040e6a9
                                                                                                                              0x0040e6aa
                                                                                                                              0x0040e6b0
                                                                                                                              0x0040e6b7
                                                                                                                              0x0040e6b8
                                                                                                                              0x0040e6bd
                                                                                                                              0x0040e6c0
                                                                                                                              0x0040e6d3
                                                                                                                              0x0040e6e0
                                                                                                                              0x0040e6e3
                                                                                                                              0x0040e6e3
                                                                                                                              0x0040e6ea
                                                                                                                              0x0040e6ed
                                                                                                                              0x0040e6f0
                                                                                                                              0x0040e6fd

                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,0040E6FE,?,?), ref: 0040E6D3
                                                                                                                              • FindClose.KERNEL32(00000000,00000000,?,00000000,0040E6FE,?,?), ref: 0040E6E3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2295610775-0
                                                                                                                              • Opcode ID: 45566dd6d5ea1f2d432aa336e5a60c1e3a8d7bb9a7f17ca8116a3bd58dd3b41d
                                                                                                                              • Instruction ID: dec86fcb97929b74413189edb203bd87f329489ef31ab21fd3caa719f1a03e71
                                                                                                                              • Opcode Fuzzy Hash: 45566dd6d5ea1f2d432aa336e5a60c1e3a8d7bb9a7f17ca8116a3bd58dd3b41d
                                                                                                                              • Instruction Fuzzy Hash: 95F0B430540608AFCB10EBB6DC4295EB3ACEB4431479009B6F400F32D1EB395E10995C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C8B3C Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E005C8B3C(void* __eax) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				void* _t17;
				void* _t18;
				intOrPtr _t19;

				_t18 = __eax;
				InitializeSecurityDescriptor( &_v36, 1);
				SetSecurityDescriptorDacl( &_v36, 0xffffffff, 0, 0);
				_v16 = 0xc;
				_v12 = _t19;
				_v8 = 0;
				_t17 = E00413E90( &_v16, 0, E0040B278(_t18)); // executed
				return _t17;
			}










                                                                                                                              0x005c8b40
                                                                                                                              0x005c8b49
                                                                                                                              0x005c8b59
                                                                                                                              0x005c8b5e
                                                                                                                              0x005c8b68
                                                                                                                              0x005c8b6e
                                                                                                                              0x005c8b81
                                                                                                                              0x005c8b8a

                                                                                                                              APIs
                                                                                                                              • InitializeSecurityDescriptor.ADVAPI32(00000001,00000001), ref: 005C8B49
                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(00000000,000000FF,00000000,00000000,00000001,00000001), ref: 005C8B59
                                                                                                                                • Part of subcall function 00413E90: CreateMutexW.KERNEL32(?,?,?,?,006B91D7,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000), ref: 00413EA6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DescriptorSecurity$CreateDaclInitializeMutex
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3525989157-0
                                                                                                                              • Opcode ID: 2e97f4c6d146b0b2c7ea3be5cc6e9316ddb956df3cba0755cf00dcf1aa80f415
                                                                                                                              • Instruction ID: 330012b0c6753e8d8900aa9d7e53afb48d76169d5e03c13c529c7fe63a2e2798
                                                                                                                              • Opcode Fuzzy Hash: 2e97f4c6d146b0b2c7ea3be5cc6e9316ddb956df3cba0755cf00dcf1aa80f415
                                                                                                                              • Instruction Fuzzy Hash: E9E092B16443006FE700DFB58C86F9B77DC9B84725F104A2EB664DB2C1E778DA48879A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E2C4 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E0040E2C4(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t112);
				_push(0x40e4e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040DAF8( &_v542, E0040B278(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040E4F0);
					return E0040A1C8( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40e4cc);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040E0D4( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040E5DC, 0, 0, 0,  &_v20) == 0) {
								_v12 = E00406F0C(_v20);
								RegQueryValueExW(_v16, E0040E5DC, 0, 0, _v12,  &_v20);
								E0040B2DC(_t97, _v12);
							}
						} else {
							_v12 = E00406F0C(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E0040B2DC(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040E4D3);
						if(_v12 != 0) {
							E00406F28(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                                                                              0x0040e2c5
                                                                                                                              0x0040e2c7
                                                                                                                              0x0040e2ce
                                                                                                                              0x0040e2d0
                                                                                                                              0x0040e2d6
                                                                                                                              0x0040e2dd
                                                                                                                              0x0040e2de
                                                                                                                              0x0040e2e3
                                                                                                                              0x0040e2e6
                                                                                                                              0x0040e2ed
                                                                                                                              0x0040e319
                                                                                                                              0x0040e2ef
                                                                                                                              0x0040e2fd
                                                                                                                              0x0040e2fd
                                                                                                                              0x0040e326
                                                                                                                              0x0040e4d3
                                                                                                                              0x0040e4d5
                                                                                                                              0x0040e4d8
                                                                                                                              0x0040e4db
                                                                                                                              0x0040e4e8
                                                                                                                              0x0040e32c
                                                                                                                              0x0040e32e
                                                                                                                              0x0040e346
                                                                                                                              0x0040e34d
                                                                                                                              0x0040e3ed
                                                                                                                              0x0040e3ef
                                                                                                                              0x0040e3f0
                                                                                                                              0x0040e3f5
                                                                                                                              0x0040e3f8
                                                                                                                              0x0040e406
                                                                                                                              0x0040e427
                                                                                                                              0x0040e476
                                                                                                                              0x0040e480
                                                                                                                              0x0040e498
                                                                                                                              0x0040e4a2
                                                                                                                              0x0040e4a2
                                                                                                                              0x0040e429
                                                                                                                              0x0040e431
                                                                                                                              0x0040e44b
                                                                                                                              0x0040e455
                                                                                                                              0x0040e455
                                                                                                                              0x0040e4a9
                                                                                                                              0x0040e4ac
                                                                                                                              0x0040e4af
                                                                                                                              0x0040e4b8
                                                                                                                              0x0040e4bd
                                                                                                                              0x0040e4bd
                                                                                                                              0x0040e4cb
                                                                                                                              0x0040e353
                                                                                                                              0x0040e368
                                                                                                                              0x0040e36f
                                                                                                                              0x00000000
                                                                                                                              0x0040e371
                                                                                                                              0x0040e386
                                                                                                                              0x0040e38d
                                                                                                                              0x00000000
                                                                                                                              0x0040e38f
                                                                                                                              0x0040e3a4
                                                                                                                              0x0040e3ab
                                                                                                                              0x00000000
                                                                                                                              0x0040e3ad
                                                                                                                              0x0040e3c2
                                                                                                                              0x0040e3c9
                                                                                                                              0x00000000
                                                                                                                              0x0040e3cb
                                                                                                                              0x0040e3e0
                                                                                                                              0x0040e3e7
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040e3e7
                                                                                                                              0x0040e3c9
                                                                                                                              0x0040e3ab
                                                                                                                              0x0040e38d
                                                                                                                              0x0040e36f
                                                                                                                              0x0040e34d

                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040E4E9,?,?), ref: 0040E2FD
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9,?,?), ref: 0040E346
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9,?,?), ref: 0040E368
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040E386
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040E3A4
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040E3C2
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040E3E0
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040E4E9), ref: 0040E420
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001), ref: 0040E44B
                                                                                                                              • RegCloseKey.ADVAPI32(?,0040E4D3,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040E4CC,?,80000001,Software\Embarcadero\Locales), ref: 0040E4C6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                              • API String ID: 2701450724-3496071916
                                                                                                                              • Opcode ID: 5aa5f0f4598f069c7b6180d6d0362751deb9bd023370fd1abe4087e628624bde
                                                                                                                              • Instruction ID: 4455e1c2a3f30db0af6e145a4bce986524b579b5894be5bc8a3c80d05520e853
                                                                                                                              • Opcode Fuzzy Hash: 5aa5f0f4598f069c7b6180d6d0362751deb9bd023370fd1abe4087e628624bde
                                                                                                                              • Instruction Fuzzy Hash: 5C51F775A40608BEEB10DAA6CC42FAF77BCDB08704F5044BBBA14F61C2D6789A50DB5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006AC23C Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 223COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 84 6ac23c-6ac23f 85 6ac244-6ac249 84->85 85->85 86 6ac24b-6ac2bc call 5c7430 call 40a5a8 call 5c745c call 40a5a8 call 5c7488 call 40a5a8 call 5c7530 call 40a5a8 call 429d18 85->86 105 6ac2da-6ac2df call 40a1c8 86->105 106 6ac2be-6ac2d8 call 5c6d5c call 40a5a8 86->106 110 6ac2e4-6ac2eb 105->110 106->110 112 6ac31f-6ac342 call 6ac0d0 call 40a5a8 110->112 113 6ac2ed-6ac30e call 5c53a0 call 40a5a8 110->113 123 6ac359-6ac37c call 6ac0d0 call 40a5a8 112->123 124 6ac344-6ac354 call 40b4c8 112->124 113->112 125 6ac310-6ac31a call 40a5a8 113->125 132 6ac37e-6ac398 call 5c4ea4 call 40b4c8 123->132 133 6ac39d-6ac3a4 123->133 124->123 125->112 132->133 135 6ac3a6-6ac3c9 call 6ac0d0 call 40a5a8 133->135 136 6ac404-6ac40b 133->136 158 6ac3cb-6ac3d0 call 60cd28 135->158 159 6ac3d5-6ac3df call 6ac0d0 135->159 138 6ac51d-6ac524 136->138 139 6ac411-6ac41e 136->139 142 6ac526-6ac545 call 5c4ea4 call 40b4c8 138->142 143 6ac547-6ac561 call 5c4ea4 call 40b4c8 138->143 139->138 145 6ac424-6ac43c SHGetKnownFolderPath 139->145 165 6ac566 call 6ac180 142->165 143->165 149 6ac43e-6ac46f call 40c8bc CoTaskMemFree 145->149 150 6ac477-6ac48f SHGetKnownFolderPath 145->150 154 6ac4ca-6ac4e2 SHGetKnownFolderPath 150->154 155 6ac491-6ac4c2 call 40c8bc CoTaskMemFree 150->155 154->138 162 6ac4e4-6ac515 call 40c8bc CoTaskMemFree 154->162 158->159 171 6ac3e4-6ac3f8 call 40a5a8 159->171 173 6ac56b-6ac585 call 40a228 165->173 171->136 178 6ac3fa-6ac3ff call 60cd28 171->178 178->136
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E006AC23C(void* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				void* _t54;
				intOrPtr _t65;
				intOrPtr _t73;
				unsigned int _t77;
				void* _t80;
				char _t82;
				char _t84;
				intOrPtr _t89;
				intOrPtr _t94;
				intOrPtr _t99;
				intOrPtr _t112;
				intOrPtr _t118;
				void* _t129;
				intOrPtr _t158;
				intOrPtr _t163;
				intOrPtr _t165;
				intOrPtr _t167;
				intOrPtr _t174;
				intOrPtr _t182;
				intOrPtr _t183;

				_t128 = __ebx;
				_t182 = _t183;
				_t129 = 7;
				do {
					_push(0);
					_push(0);
					_t129 = _t129 - 1;
					_t184 = _t129;
				} while (_t129 != 0);
				_push(_t182);
				_push(0x6ac586);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				E005C7430( &_v12);
				E0040A5A8(0x6d6534, _v12);
				E005C745C( &_v16);
				E0040A5A8(0x6d6538, _v16);
				E005C7488( &_v20, __esi, _t182, _t184);
				E0040A5A8(0x6d653c, _v20);
				E005C7530( *0x6d67dd & 0x000000ff, __ebx,  &_v24, __esi);
				E0040A5A8(0x6d6540, _v24);
				_t54 = E00429D18();
				_t185 = _t54 - 2;
				if(_t54 != 2) {
					E0040A1C8(0x6d6544);
				} else {
					E005C6D5C(L"SystemDrive", _t129,  &_v28, _t185);
					E0040A5A8(0x6d6544, _v28);
				}
				if( *0x6d6544 == 0) {
					_t118 =  *0x6d6534; // 0x0
					E005C53A0(_t118,  &_v32);
					E0040A5A8(0x6d6544, _v32);
					_t187 =  *0x6d6544;
					if( *0x6d6544 == 0) {
						E0040A5A8(0x6d6544, 0x6ac5c4);
					}
				}
				E006AC0D0(1, L"ProgramFilesDir", _t187); // executed
				E0040A5A8(0x6d6548, _v36);
				_t188 =  *0x6d6548;
				if( *0x6d6548 == 0) {
					_t174 =  *0x6d6544; // 0x0
					E0040B4C8(0x6d6548, L"\\Program Files", _t174);
				}
				E006AC0D0(1, L"CommonFilesDir", _t188); // executed
				E0040A5A8(0x6d654c, _v40);
				if( *0x6d654c == 0) {
					_t112 =  *0x6d6548; // 0x0
					E005C4EA4(_t112,  &_v44);
					E0040B4C8(0x6d654c, L"Common Files", _v44);
				}
				_t190 =  *0x6d67dd;
				if( *0x6d67dd != 0) {
					E006AC0D0(2, L"ProgramFilesDir", _t190); // executed
					E0040A5A8(0x6d6550, _v48);
					_t191 =  *0x6d6550;
					if( *0x6d6550 == 0) {
						E0060CD28(L"Failed to get path of 64-bit Program Files directory", _t128);
					}
					E006AC0D0(2, L"CommonFilesDir", _t191); // executed
					E0040A5A8(0x6d6554, _v52);
					if( *0x6d6554 == 0) {
						E0060CD28(L"Failed to get path of 64-bit Common Files directory", _t128);
					}
				}
				if( *0x6d68ac == 0) {
					L25:
					__eflags =  *0x6d67dc;
					if( *0x6d67dc == 0) {
						_t65 =  *0x6d6534; // 0x0
						E005C4EA4(_t65,  &_v60);
						E0040B4C8(0x6d6564, L"COMMAND.COM", _v60); // executed
					} else {
						_t73 =  *0x6d6538; // 0x0
						E005C4EA4(_t73,  &_v56);
						E0040B4C8(0x6d6564, L"cmd.exe", _v56);
					}
					E006AC180(); // executed
					__eflags = 0;
					_pop(_t158);
					 *[fs:eax] = _t158;
					_push(E006AC58D);
					return E0040A228( &_v60, 0xd);
				} else {
					_t77 =  *0x6d67f0; // 0xa0042ee
					if(_t77 >> 0x10 < 0x600) {
						goto L25;
					} else {
						_t80 =  *0x6d68ac(0x6cd7f4, 0x8000, 0,  &_v8); // executed
						if(_t80 != 0) {
							_t82 =  *0x6d68ac(0x6cd804, 0x8000, 0,  &_v8); // executed
							__eflags = _t82;
							if(_t82 != 0) {
								_t84 =  *0x6d68ac(0x6cd814, 0x8000, 0,  &_v8); // executed
								__eflags = _t84;
								if(_t84 != 0) {
									goto L25;
								} else {
									_push(_t182);
									_push(0x6ac516);
									_push( *[fs:eax]);
									 *[fs:eax] = _t183;
									E0040C8BC();
									__eflags = 0;
									_pop(_t163);
									 *[fs:eax] = _t163;
									_push(E006AC51D);
									_t89 = _v8;
									_push(_t89);
									L0043C214();
									return _t89;
								}
							} else {
								_push(_t182);
								_push(0x6ac4c3);
								_push( *[fs:eax]);
								 *[fs:eax] = _t183;
								E0040C8BC();
								__eflags = 0;
								_pop(_t165);
								 *[fs:eax] = _t165;
								_push(E006AC4CA);
								_t94 = _v8;
								_push(_t94);
								L0043C214();
								return _t94;
							}
						} else {
							_push(_t182);
							_push(0x6ac470);
							_push( *[fs:eax]);
							 *[fs:eax] = _t183;
							E0040C8BC();
							_pop(_t167);
							 *[fs:eax] = _t167;
							_push(E006AC477);
							_t99 = _v8;
							_push(_t99);
							L0043C214();
							return _t99;
						}
					}
				}
			}





































                                                                                                                              0x006ac23c
                                                                                                                              0x006ac23d
                                                                                                                              0x006ac23f
                                                                                                                              0x006ac244
                                                                                                                              0x006ac244
                                                                                                                              0x006ac246
                                                                                                                              0x006ac248
                                                                                                                              0x006ac248
                                                                                                                              0x006ac248
                                                                                                                              0x006ac24d
                                                                                                                              0x006ac24e
                                                                                                                              0x006ac253
                                                                                                                              0x006ac256
                                                                                                                              0x006ac25c
                                                                                                                              0x006ac269
                                                                                                                              0x006ac271
                                                                                                                              0x006ac27e
                                                                                                                              0x006ac286
                                                                                                                              0x006ac293
                                                                                                                              0x006ac2a2
                                                                                                                              0x006ac2af
                                                                                                                              0x006ac2b4
                                                                                                                              0x006ac2b9
                                                                                                                              0x006ac2bc
                                                                                                                              0x006ac2df
                                                                                                                              0x006ac2be
                                                                                                                              0x006ac2c6
                                                                                                                              0x006ac2d3
                                                                                                                              0x006ac2d3
                                                                                                                              0x006ac2eb
                                                                                                                              0x006ac2f0
                                                                                                                              0x006ac2f5
                                                                                                                              0x006ac302
                                                                                                                              0x006ac307
                                                                                                                              0x006ac30e
                                                                                                                              0x006ac31a
                                                                                                                              0x006ac31a
                                                                                                                              0x006ac30e
                                                                                                                              0x006ac329
                                                                                                                              0x006ac336
                                                                                                                              0x006ac33b
                                                                                                                              0x006ac342
                                                                                                                              0x006ac34e
                                                                                                                              0x006ac354
                                                                                                                              0x006ac354
                                                                                                                              0x006ac363
                                                                                                                              0x006ac370
                                                                                                                              0x006ac37c
                                                                                                                              0x006ac381
                                                                                                                              0x006ac386
                                                                                                                              0x006ac398
                                                                                                                              0x006ac398
                                                                                                                              0x006ac39d
                                                                                                                              0x006ac3a4
                                                                                                                              0x006ac3b0
                                                                                                                              0x006ac3bd
                                                                                                                              0x006ac3c2
                                                                                                                              0x006ac3c9
                                                                                                                              0x006ac3d0
                                                                                                                              0x006ac3d0
                                                                                                                              0x006ac3df
                                                                                                                              0x006ac3ec
                                                                                                                              0x006ac3f8
                                                                                                                              0x006ac3ff
                                                                                                                              0x006ac3ff
                                                                                                                              0x006ac3f8
                                                                                                                              0x006ac40b
                                                                                                                              0x006ac51d
                                                                                                                              0x006ac51d
                                                                                                                              0x006ac524
                                                                                                                              0x006ac54a
                                                                                                                              0x006ac54f
                                                                                                                              0x006ac561
                                                                                                                              0x006ac526
                                                                                                                              0x006ac529
                                                                                                                              0x006ac52e
                                                                                                                              0x006ac540
                                                                                                                              0x006ac540
                                                                                                                              0x006ac566
                                                                                                                              0x006ac56b
                                                                                                                              0x006ac56d
                                                                                                                              0x006ac570
                                                                                                                              0x006ac573
                                                                                                                              0x006ac585
                                                                                                                              0x006ac411
                                                                                                                              0x006ac411
                                                                                                                              0x006ac41e
                                                                                                                              0x00000000
                                                                                                                              0x006ac424
                                                                                                                              0x006ac434
                                                                                                                              0x006ac43c
                                                                                                                              0x006ac487
                                                                                                                              0x006ac48d
                                                                                                                              0x006ac48f
                                                                                                                              0x006ac4da
                                                                                                                              0x006ac4e0
                                                                                                                              0x006ac4e2
                                                                                                                              0x00000000
                                                                                                                              0x006ac4e4
                                                                                                                              0x006ac4e6
                                                                                                                              0x006ac4e7
                                                                                                                              0x006ac4ec
                                                                                                                              0x006ac4ef
                                                                                                                              0x006ac4fa
                                                                                                                              0x006ac4ff
                                                                                                                              0x006ac501
                                                                                                                              0x006ac504
                                                                                                                              0x006ac507
                                                                                                                              0x006ac50c
                                                                                                                              0x006ac50f
                                                                                                                              0x006ac510
                                                                                                                              0x006ac515
                                                                                                                              0x006ac515
                                                                                                                              0x006ac491
                                                                                                                              0x006ac493
                                                                                                                              0x006ac494
                                                                                                                              0x006ac499
                                                                                                                              0x006ac49c
                                                                                                                              0x006ac4a7
                                                                                                                              0x006ac4ac
                                                                                                                              0x006ac4ae
                                                                                                                              0x006ac4b1
                                                                                                                              0x006ac4b4
                                                                                                                              0x006ac4b9
                                                                                                                              0x006ac4bc
                                                                                                                              0x006ac4bd
                                                                                                                              0x006ac4c2
                                                                                                                              0x006ac4c2
                                                                                                                              0x006ac43e
                                                                                                                              0x006ac440
                                                                                                                              0x006ac441
                                                                                                                              0x006ac446
                                                                                                                              0x006ac449
                                                                                                                              0x006ac454
                                                                                                                              0x006ac45b
                                                                                                                              0x006ac45e
                                                                                                                              0x006ac461
                                                                                                                              0x006ac466
                                                                                                                              0x006ac469
                                                                                                                              0x006ac46a
                                                                                                                              0x006ac46f
                                                                                                                              0x006ac46f
                                                                                                                              0x006ac43c
                                                                                                                              0x006ac41e

                                                                                                                              APIs
                                                                                                                              • SHGetKnownFolderPath.SHELL32(006CD7F4,00008000,00000000,?,00000000,006AC586,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A), ref: 006AC434
                                                                                                                              • CoTaskMemFree.OLE32(?,006AC477,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC46A
                                                                                                                              • SHGetKnownFolderPath.SHELL32(006CD804,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC487
                                                                                                                              • CoTaskMemFree.OLE32(?,006AC4CA,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4BD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FolderFreeKnownPathTask
                                                                                                                              • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                              • API String ID: 969438705-544719455
                                                                                                                              • Opcode ID: ec3cb168b877b120c350cc1f5a47d9f0c809b7928d19a34dd6d1cc36d3f4d27c
                                                                                                                              • Instruction ID: b9958020655176fa4da1f40778f72373ecd7cbade583b9d7093994fb637c8e1d
                                                                                                                              • Opcode Fuzzy Hash: ec3cb168b877b120c350cc1f5a47d9f0c809b7928d19a34dd6d1cc36d3f4d27c
                                                                                                                              • Instruction Fuzzy Hash: A281D530E012049FDB10FFA4E852BAD7BA7EB8A714F50447AF400A7395C678AD51CF65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00410BF4 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 258COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 180 410bf4-410c8e call 4110a4 call 4110b4 call 4110c4 call 4110d4 * 3 193 410c90-410cb3 RaiseException 180->193 194 410cb8-410cc5 180->194 195 410ec8-410ece 193->195 196 410cc7 194->196 197 410cca-410cea 194->197 196->197 198 410cfd-410d05 197->198 199 410cec-410cfb call 4110e4 197->199 201 410d08-410d11 198->201 199->201 203 410d13-410d23 201->203 204 410d2a-410d2c 201->204 203->204 216 410d25 203->216 205 410d32-410d39 204->205 206 410dee-410df8 204->206 207 410d49-410d4b 205->207 208 410d3b-410d47 205->208 209 410e08-410e0a 206->209 210 410dfa-410e06 206->210 212 410d58-410d5a 207->212 213 410d4d-410d56 LoadLibraryA 207->213 208->207 214 410e57-410e59 209->214 215 410e0c-410e10 209->215 210->209 220 410da7-410db3 call 41057c 212->220 221 410d5c-410d6b GetLastError 212->221 213->212 217 410ea1-410ea4 214->217 218 410e5b-410e6a GetLastError 214->218 223 410e12-410e16 215->223 224 410e4b-410e55 GetProcAddress 215->224 225 410ea6-410ead 216->225 217->225 226 410e7a-410e7c 218->226 227 410e6c-410e78 218->227 238 410db5-410db9 220->238 239 410de8-410de9 FreeLibrary 220->239 228 410d7b-410d7d 221->228 229 410d6d-410d79 221->229 223->224 232 410e18-410e23 223->232 224->214 230 410ec6 225->230 231 410eaf-410ebe 225->231 226->217 234 410e7e-410e9e RaiseException 226->234 227->226 228->220 235 410d7f-410da2 RaiseException 228->235 229->228 230->195 231->230 232->224 236 410e25-410e2b 232->236 234->217 235->195 236->224 242 410e2d-410e3a 236->242 238->206 243 410dbb-410dc9 LocalAlloc 238->243 239->206 242->224 244 410e3c-410e47 242->244 243->206 245 410dcb-410de6 243->245 244->224 246 410e49 244->246 245->206 246->217
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E00410BF4(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t133;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x6c5c50, 8 << 2);
				_pop(_t194);
				_v56 =  *0x6c5c50;
				_v52 = E004110A4( *0x006C5C54);
				_v48 = E004110B4( *0x006C5C58);
				_v44 = E004110C4( *0x006C5C5C);
				_v40 = E004110D4( *0x006C5C60);
				_v36 = E004110D4( *0x006C5C64);
				_v32 = E004110D4( *0x006C5C68);
				_v28 =  *0x006C5C6C;
				memcpy( &_v92, 0x6c5c70, 9 << 2);
				_t196 = _t194;
				_v88 = 0x6c5c70;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x6c5c94; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E004110E4( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x6d2644 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x6d2644 != 0) {
							_t191 =  *0x6d2644(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x6d2648 != 0) {
									_t191 =  *0x6d2648(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x6c5c9c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x6d2644 != 0) {
						_t142 =  *0x6d2644(1,  &_v92);
					}
					if(_t142 == 0) {
						_t133 = LoadLibraryA(_v80); // executed
						_t142 = _t133;
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0041057C(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x6c5c4c; // 0x0
									 *_v20 = _t126;
									 *0x6c5c4c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x6d2648 != 0) {
							_t142 =  *0x6d2648(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x6c5c98; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x6d2644(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x6d2644 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x6d2644(5,  &_v92);
						}
						return _t191;
					}
				}
			}








































                                                                                                                              0x00410c08
                                                                                                                              0x00410c0e
                                                                                                                              0x00410c10
                                                                                                                              0x00410c13
                                                                                                                              0x00410c20
                                                                                                                              0x00410c2d
                                                                                                                              0x00410c3a
                                                                                                                              0x00410c47
                                                                                                                              0x00410c54
                                                                                                                              0x00410c61
                                                                                                                              0x00410c6a
                                                                                                                              0x00410c78
                                                                                                                              0x00410c7a
                                                                                                                              0x00410c7b
                                                                                                                              0x00410c81
                                                                                                                              0x00410c87
                                                                                                                              0x00410c8e
                                                                                                                              0x00410c90
                                                                                                                              0x00410c96
                                                                                                                              0x00410c9c
                                                                                                                              0x00410cac
                                                                                                                              0x00000000
                                                                                                                              0x00410cb1
                                                                                                                              0x00410cbe
                                                                                                                              0x00410cc3
                                                                                                                              0x00410cc5
                                                                                                                              0x00410cc7
                                                                                                                              0x00410cc7
                                                                                                                              0x00410ccd
                                                                                                                              0x00410cd0
                                                                                                                              0x00410cd8
                                                                                                                              0x00410ce2
                                                                                                                              0x00410ce5
                                                                                                                              0x00410cea
                                                                                                                              0x00410d05
                                                                                                                              0x00410cec
                                                                                                                              0x00410cf8
                                                                                                                              0x00410cf8
                                                                                                                              0x00410d08
                                                                                                                              0x00410d11
                                                                                                                              0x00410d2a
                                                                                                                              0x00410d2c
                                                                                                                              0x00410dee
                                                                                                                              0x00410dee
                                                                                                                              0x00410df8
                                                                                                                              0x00410e06
                                                                                                                              0x00410e06
                                                                                                                              0x00410e0a
                                                                                                                              0x00410e57
                                                                                                                              0x00410e59
                                                                                                                              0x00410e60
                                                                                                                              0x00410e6a
                                                                                                                              0x00410e78
                                                                                                                              0x00410e78
                                                                                                                              0x00410e7c
                                                                                                                              0x00410e7e
                                                                                                                              0x00410e83
                                                                                                                              0x00410e89
                                                                                                                              0x00410e99
                                                                                                                              0x00410e9e
                                                                                                                              0x00410e9e
                                                                                                                              0x00410e7c
                                                                                                                              0x00000000
                                                                                                                              0x00410e0c
                                                                                                                              0x00410e10
                                                                                                                              0x00410e4b
                                                                                                                              0x00410e55
                                                                                                                              0x00000000
                                                                                                                              0x00410e18
                                                                                                                              0x00410e1b
                                                                                                                              0x00410e23
                                                                                                                              0x00000000
                                                                                                                              0x00410e3c
                                                                                                                              0x00410e42
                                                                                                                              0x00410e47
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00410ea1
                                                                                                                              0x00410ea4
                                                                                                                              0x00000000
                                                                                                                              0x00410ea4
                                                                                                                              0x00410e23
                                                                                                                              0x00410e10
                                                                                                                              0x00410e0a
                                                                                                                              0x00410d39
                                                                                                                              0x00410d47
                                                                                                                              0x00410d47
                                                                                                                              0x00410d4b
                                                                                                                              0x00410d51
                                                                                                                              0x00410d56
                                                                                                                              0x00410d56
                                                                                                                              0x00410d5a
                                                                                                                              0x00410da7
                                                                                                                              0x00410db3
                                                                                                                              0x00410de9
                                                                                                                              0x00410db5
                                                                                                                              0x00410db9
                                                                                                                              0x00410dbf
                                                                                                                              0x00410dc4
                                                                                                                              0x00410dc9
                                                                                                                              0x00410dd0
                                                                                                                              0x00410dd6
                                                                                                                              0x00410ddb
                                                                                                                              0x00410de0
                                                                                                                              0x00410de0
                                                                                                                              0x00410dc9
                                                                                                                              0x00410db9
                                                                                                                              0x00000000
                                                                                                                              0x00410d5c
                                                                                                                              0x00410d61
                                                                                                                              0x00410d6b
                                                                                                                              0x00410d79
                                                                                                                              0x00410d79
                                                                                                                              0x00410d7d
                                                                                                                              0x00000000
                                                                                                                              0x00410d7f
                                                                                                                              0x00410d7f
                                                                                                                              0x00410d84
                                                                                                                              0x00410d8a
                                                                                                                              0x00410d9a
                                                                                                                              0x00000000
                                                                                                                              0x00410d9f
                                                                                                                              0x00410d7d
                                                                                                                              0x00410d13
                                                                                                                              0x00410d1f
                                                                                                                              0x00410d23
                                                                                                                              0x00000000
                                                                                                                              0x00410d25
                                                                                                                              0x00410ea6
                                                                                                                              0x00410ead
                                                                                                                              0x00410eb1
                                                                                                                              0x00410eb4
                                                                                                                              0x00410eb7
                                                                                                                              0x00410ec0
                                                                                                                              0x00410ec0
                                                                                                                              0x00000000
                                                                                                                              0x00410ec6
                                                                                                                              0x00410d23

                                                                                                                              APIs
                                                                                                                              • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00410CAC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionRaise
                                                                                                                              • String ID: P\l$p\l
                                                                                                                              • API String ID: 3997070919-2963016475
                                                                                                                              • Opcode ID: aa0e87082271f6f024034dc3e0c9ed7691aad24ca827c03d937f00bb865530d3
                                                                                                                              • Instruction ID: dea4787ea8a346106a271a8220094215500c3d30852de538169348a6bce77c0f
                                                                                                                              • Opcode Fuzzy Hash: aa0e87082271f6f024034dc3e0c9ed7691aad24ca827c03d937f00bb865530d3
                                                                                                                              • Instruction Fuzzy Hash: EDA18D75A003099FDB24CFA9D881BEEBBB6EB58310F14452AE505A7390DBB4E9C1CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060F06C Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 157COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 53%
                                                                                                                              			E0060F06C(signed char __eax, void* __ebx, char __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, void* _a8, signed short _a12, signed char _a16, char _a20) {
				char _v8;
				signed char _v9;
				short _v32;
				intOrPtr _v36;
				char _v80;
				void* _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t75;
				intOrPtr _t107;
				char _t114;
				intOrPtr _t132;
				void* _t142;
				intOrPtr* _t144;
				void* _t147;

				_t116 = __ecx;
				_v116 = 0;
				_v120 = 0;
				_v108 = 0;
				_v112 = 0;
				_v104 = 0;
				_v100 = 0;
				_v8 = 0;
				_t114 = __ecx;
				_t142 = __edx;
				_v9 = __eax;
				_t144 = _a4;
				E0040A2AC(_a20);
				_push(_t147);
				_push(0x60f26e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147 + 0xffffff8c;
				E0040B660(_t142, 0x60f28c);
				if(0 != 0) {
					_push(0x60f29c);
					_push(_t142);
					_push(0x60f29c);
					E0040B550( &_v8, _t114, 3, _t142, _t144);
					__eflags = _t114;
					if(_t114 != 0) {
						_push(_v8);
						_push(0x60f2ac);
						_push(_t114);
						E0040B550( &_v8, _t114, 3, _t142, _t144);
					}
					E005C53D0(_t142,  &_v100);
					_t63 = E00422368(_v100, _t116, L".bat");
					__eflags = _t63;
					if(_t63 == 0) {
						L6:
						_t64 = E005C77E8();
						__eflags = _t64;
						if(_t64 == 0) {
							_push(0x60f29c);
							E005C7430( &_v120);
							E005C4EA4(_v120,  &_v116);
							_push(_v116);
							_push(L"COMMAND.COM\" /C ");
							_push(_v8);
							E0040B550( &_v8, _t114, 4, _t142, _t144);
						} else {
							_push(0x60f29c);
							E005C745C( &_v112);
							E005C4EA4(_v112,  &_v108);
							_push(_v108);
							_push(L"cmd.exe\" /C \"");
							_push(_v8);
							_push(0x60f29c);
							E0040B550( &_v8, _t114, 5, _t142, _t144);
						}
						goto L9;
					} else {
						E005C53D0(_t142,  &_v104);
						_t107 = E00422368(_v104, _t116, L".cmd");
						__eflags = _t107;
						if(_t107 != 0) {
							L9:
							__eflags = _a20;
							if(_a20 == 0) {
								E005C5378(_t142, _t116,  &_a20);
							}
							goto L11;
						}
						goto L6;
					}
				} else {
					E0040A5F0( &_v8, _t114);
					L11:
					E00407760( &_v80, 0x44);
					_v80 = 0x44;
					_v36 = 1;
					_v32 = _a12 & 0x0000ffff;
					_t150 = _a20;
					if(_a20 == 0) {
						E005C745C( &_a20);
					}
					_t75 = E0040B278(_a20);
					E0060C038(_v9 & 0x000000ff, E0040B278(_v8), 0, _t150,  &_v96,  &_v80, _t75, 0, 0x4000000, 0, 0, 0); // executed
					asm("sbb ebx, ebx");
					_t115 = _t114 + 1;
					if(_t114 + 1 != 0) {
						CloseHandle(_v92);
						E0060EFD8(_v96, _t115, _a16 & 0x000000ff, _t142, _t144, _t144); // executed
					} else {
						 *_t144 = GetLastError();
					}
					_pop(_t132);
					 *[fs:eax] = _t132;
					_push(E0060F275);
					E0040A228( &_v120, 6);
					E0040A1C8( &_v8);
					return E0040A1C8( &_a20);
				}
			}

























                                                                                                                              0x0060f06c
                                                                                                                              0x0060f077
                                                                                                                              0x0060f07a
                                                                                                                              0x0060f07d
                                                                                                                              0x0060f080
                                                                                                                              0x0060f083
                                                                                                                              0x0060f086
                                                                                                                              0x0060f089
                                                                                                                              0x0060f08c
                                                                                                                              0x0060f08e
                                                                                                                              0x0060f090
                                                                                                                              0x0060f093
                                                                                                                              0x0060f099
                                                                                                                              0x0060f0a0
                                                                                                                              0x0060f0a1
                                                                                                                              0x0060f0a6
                                                                                                                              0x0060f0a9
                                                                                                                              0x0060f0b3
                                                                                                                              0x0060f0b8
                                                                                                                              0x0060f0c9
                                                                                                                              0x0060f0ce
                                                                                                                              0x0060f0cf
                                                                                                                              0x0060f0dc
                                                                                                                              0x0060f0e1
                                                                                                                              0x0060f0e3
                                                                                                                              0x0060f0e5
                                                                                                                              0x0060f0e8
                                                                                                                              0x0060f0ed
                                                                                                                              0x0060f0f6
                                                                                                                              0x0060f0f6
                                                                                                                              0x0060f100
                                                                                                                              0x0060f10d
                                                                                                                              0x0060f112
                                                                                                                              0x0060f114
                                                                                                                              0x0060f131
                                                                                                                              0x0060f131
                                                                                                                              0x0060f136
                                                                                                                              0x0060f138
                                                                                                                              0x0060f171
                                                                                                                              0x0060f179
                                                                                                                              0x0060f184
                                                                                                                              0x0060f189
                                                                                                                              0x0060f18c
                                                                                                                              0x0060f191
                                                                                                                              0x0060f19c
                                                                                                                              0x0060f13a
                                                                                                                              0x0060f13a
                                                                                                                              0x0060f142
                                                                                                                              0x0060f14d
                                                                                                                              0x0060f152
                                                                                                                              0x0060f155
                                                                                                                              0x0060f15a
                                                                                                                              0x0060f15d
                                                                                                                              0x0060f16a
                                                                                                                              0x0060f16a
                                                                                                                              0x00000000
                                                                                                                              0x0060f116
                                                                                                                              0x0060f11b
                                                                                                                              0x0060f128
                                                                                                                              0x0060f12d
                                                                                                                              0x0060f12f
                                                                                                                              0x0060f1a1
                                                                                                                              0x0060f1a1
                                                                                                                              0x0060f1a5
                                                                                                                              0x0060f1ac
                                                                                                                              0x0060f1ac
                                                                                                                              0x00000000
                                                                                                                              0x0060f1a5
                                                                                                                              0x00000000
                                                                                                                              0x0060f12f
                                                                                                                              0x0060f0ba
                                                                                                                              0x0060f0bf
                                                                                                                              0x0060f1b1
                                                                                                                              0x0060f1bb
                                                                                                                              0x0060f1c0
                                                                                                                              0x0060f1c7
                                                                                                                              0x0060f1d2
                                                                                                                              0x0060f1d6
                                                                                                                              0x0060f1da
                                                                                                                              0x0060f1df
                                                                                                                              0x0060f1df
                                                                                                                              0x0060f1f4
                                                                                                                              0x0060f212
                                                                                                                              0x0060f21a
                                                                                                                              0x0060f21c
                                                                                                                              0x0060f21f
                                                                                                                              0x0060f22e
                                                                                                                              0x0060f23e
                                                                                                                              0x0060f221
                                                                                                                              0x0060f226
                                                                                                                              0x0060f226
                                                                                                                              0x0060f245
                                                                                                                              0x0060f248
                                                                                                                              0x0060f24b
                                                                                                                              0x0060f258
                                                                                                                              0x0060f260
                                                                                                                              0x0060f26d
                                                                                                                              0x0060f26d

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0060F29C,0060F29C,?,0060F29C,00000000), ref: 0060F221
                                                                                                                              • CloseHandle.KERNEL32(006B7E1B,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0060F29C,0060F29C,?,0060F29C), ref: 0060F22E
                                                                                                                                • Part of subcall function 0060EFD8: WaitForInputIdle.USER32 ref: 0060F004
                                                                                                                                • Part of subcall function 0060EFD8: MsgWaitForMultipleObjects.USER32 ref: 0060F026
                                                                                                                                • Part of subcall function 0060EFD8: GetExitCodeProcess.KERNEL32 ref: 0060F037
                                                                                                                                • Part of subcall function 0060EFD8: CloseHandle.KERNEL32(00000001,0060F064,0060F05D,?,?,?,00000001,?,?,0060F406,?,00000000,0060F41C,?,?,?), ref: 0060F057
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                                                              • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                                                              • API String ID: 854858120-615399546
                                                                                                                              • Opcode ID: 37798d967bf2bc8f5dd076eef84a83c65ab93f51f66ea8aa3974d2d4880a61b7
                                                                                                                              • Instruction ID: 0730013a778409a59d543d7128fc9cae65caf948aa4e6a3f37707057903c9a02
                                                                                                                              • Opcode Fuzzy Hash: 37798d967bf2bc8f5dd076eef84a83c65ab93f51f66ea8aa3974d2d4880a61b7
                                                                                                                              • Instruction Fuzzy Hash: 69512134A8030DABDB14EFE5C892ADEBBBAFF44304F60447AB404A76C1D7749E059B95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005B85F0 Relevance: 10.6, APIs: 7, Instructions: 105windowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 311 5b85f0-5b860b PeekMessageW 312 5b86f9-5b8700 311->312 313 5b8611-5b8615 311->313 314 5b8617-5b861f IsWindowUnicode 313->314 315 5b8625 313->315 314->315 316 5b8621-5b8623 314->316 317 5b8627-5b8630 315->317 316->317 318 5b8648-5b865b PeekMessageA 317->318 319 5b8632-5b8646 PeekMessageW 317->319 320 5b865c-5b865e 318->320 319->320 320->312 321 5b8664-5b866a 320->321 322 5b86f2 321->322 323 5b8670-5b867c 321->323 322->312 324 5b868e-5b8699 call 5ba368 323->324 325 5b867e-5b8682 323->325 324->312 328 5b869b-5b86a6 call 5b8488 324->328 325->324 328->312 331 5b86a8-5b86ac 328->331 331->312 332 5b86ae-5b86b9 call 5b8340 331->332 332->312 335 5b86bb-5b86c6 call 5b8390 332->335 335->312 338 5b86c8-5b86d3 call 5b82f8 335->338 338->312 341 5b86d5-5b86e0 TranslateMessage 338->341 342 5b86ea-5b86f0 DispatchMessageA 341->342 343 5b86e2-5b86e8 DispatchMessageW 341->343 342->312 343->312
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E005B85F0(void* __eax, void* __ecx, struct tagMSG* __edx) {
				char _v19;
				int _t10;
				char _t12;
				int _t13;
				void* _t14;
				int _t30;
				int _t32;
				MSG* _t43;
				void* _t44;
				char* _t46;

				_t43 = __edx;
				_t44 = __eax;
				_t32 = 0;
				_t10 = PeekMessageW(__edx, 0, 0, 0, 0); // executed
				if(_t10 != 0) {
					_v19 = _t12;
					if(_v19 == 0) {
						_t13 = PeekMessageA(_t43, 0, 0, 0, 1);
						asm("sbb eax, eax");
						_t14 = _t13 + 1;
					} else {
						_t30 = PeekMessageW(_t43, 0, 0, 0, 1); // executed
						asm("sbb eax, eax");
						_t14 = _t30 + 1;
					}
					if(_t14 != 0) {
						_t32 = 1;
						if(_t43->message == 0x12) {
							 *((char*)(_t44 + 0xbc)) = 1;
						} else {
							 *_t46 = 0;
							if( *((short*)(_t44 + 0x122)) != 0) {
								 *((intOrPtr*)(_t44 + 0x120))();
							}
							if(E005BA368(_t44, _t43) == 0 && E005B8488(_t44, _t43) == 0 &&  *_t46 == 0 && E005B8340(_t44, _t43) == 0 && E005B8390(_t44, _t43) == 0 && E005B82F8(_t44, _t43) == 0) {
								TranslateMessage(_t43);
								if(_v19 == 0) {
									DispatchMessageA(_t43);
								} else {
									DispatchMessageW(_t43); // executed
								}
							}
						}
					}
				}
				return _t32;
			}













                                                                                                                              0x005b85f5
                                                                                                                              0x005b85f7
                                                                                                                              0x005b85f9
                                                                                                                              0x005b8604
                                                                                                                              0x005b860b
                                                                                                                              0x005b8627
                                                                                                                              0x005b8630
                                                                                                                              0x005b8651
                                                                                                                              0x005b8659
                                                                                                                              0x005b865b
                                                                                                                              0x005b8632
                                                                                                                              0x005b863b
                                                                                                                              0x005b8643
                                                                                                                              0x005b8645
                                                                                                                              0x005b8645
                                                                                                                              0x005b865e
                                                                                                                              0x005b8664
                                                                                                                              0x005b866a
                                                                                                                              0x005b86f2
                                                                                                                              0x005b8670
                                                                                                                              0x005b8670
                                                                                                                              0x005b867c
                                                                                                                              0x005b8688
                                                                                                                              0x005b8688
                                                                                                                              0x005b8699
                                                                                                                              0x005b86d6
                                                                                                                              0x005b86e0
                                                                                                                              0x005b86eb
                                                                                                                              0x005b86e2
                                                                                                                              0x005b86e3
                                                                                                                              0x005b86e3
                                                                                                                              0x005b86e0
                                                                                                                              0x005b8699
                                                                                                                              0x005b866a
                                                                                                                              0x005b865e
                                                                                                                              0x005b8700

                                                                                                                              APIs
                                                                                                                              • PeekMessageW.USER32 ref: 005B8604
                                                                                                                              • IsWindowUnicode.USER32 ref: 005B8618
                                                                                                                              • PeekMessageW.USER32 ref: 005B863B
                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 005B8651
                                                                                                                              • TranslateMessage.USER32 ref: 005B86D6
                                                                                                                              • DispatchMessageW.USER32 ref: 005B86E3
                                                                                                                              • DispatchMessageA.USER32 ref: 005B86EB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2190272339-0
                                                                                                                              • Opcode ID: 2f195b20c59e7edbc16b7d2fd048cba63cfdff170111f45a03f5aac70044babc
                                                                                                                              • Instruction ID: 67b3953643da56f9c200822127d0531685f000c00b35d7cfb42a732a483186e2
                                                                                                                              • Opcode Fuzzy Hash: 2f195b20c59e7edbc16b7d2fd048cba63cfdff170111f45a03f5aac70044babc
                                                                                                                              • Instruction Fuzzy Hash: 4921D83034478065EA312D2A1C15BFE9FDD6FF1B49F14545EF58197282CEA9F846C21E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006AC8CC Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 102COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E006AC8CC(long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char* _t40;
				intOrPtr _t41;
				int _t47;
				intOrPtr _t77;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t94;
				intOrPtr _t107;
				intOrPtr _t108;

				_t105 = __esi;
				_t104 = __edi;
				_t79 = __ebx;
				_t107 = _t108;
				_t80 = 6;
				do {
					_push(0);
					_push(0);
					_t80 = _t80 - 1;
				} while (_t80 != 0);
				_push(_t80);
				_push(__ebx);
				_push(_t107);
				_push(0x6aca22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t108;
				E0060D530( &_v20, __ebx, __edx, __edi, __esi); // executed
				E0040A5A8(0x6d6530, _v20);
				_t81 =  *0x6d6530; // 0x0
				E0040B4C8( &_v24, _t81, L"Created temporary directory: ");
				E00616130(_v24, _t79, __edi, __esi);
				_t40 =  *0x6cdfdc; // 0x6d62e4
				if( *_t40 != 0) {
					_t77 =  *0x6d6530; // 0x0
					E0061583C(_t77);
				}
				_t41 =  *0x6d6530; // 0x0
				E005C4EA4(_t41,  &_v28);
				E0040B4C8( &_v8, L"_isetup", _v28);
				_t47 = CreateDirectoryW(E0040B278(_v8), 0); // executed
				if(_t47 == 0) {
					_t79 = GetLastError();
					E005CD508(0x3d,  &_v48, _v8);
					_v44 = _v48;
					E0042302C( &_v52, _t61, 0);
					_v40 = _v52;
					E005C857C(_t79,  &_v56);
					_v36 = _v56;
					E005CD4D8(0x81, 2,  &_v44,  &_v32);
					E00429008(_v32, 1);
					E004098C4();
				}
				E0062554C( &_v12);
				_t113 = _v12;
				if(_v12 != 0) {
					E0040B4C8( &_v16, L"\\_setup64.tmp", _v8);
					E006AC874(_v12, _t79, _v16, _t104, _t105, _t113); // executed
					E006255A4(_v16);
				}
				_pop(_t94);
				 *[fs:eax] = _t94;
				_push(E006ACA29);
				E0040A228( &_v56, 3);
				return E0040A228( &_v32, 7);
			}

























                                                                                                                              0x006ac8cc
                                                                                                                              0x006ac8cc
                                                                                                                              0x006ac8cc
                                                                                                                              0x006ac8cd
                                                                                                                              0x006ac8cf
                                                                                                                              0x006ac8d4
                                                                                                                              0x006ac8d4
                                                                                                                              0x006ac8d6
                                                                                                                              0x006ac8d8
                                                                                                                              0x006ac8d8
                                                                                                                              0x006ac8db
                                                                                                                              0x006ac8dc
                                                                                                                              0x006ac8df
                                                                                                                              0x006ac8e0
                                                                                                                              0x006ac8e5
                                                                                                                              0x006ac8e8
                                                                                                                              0x006ac8ee
                                                                                                                              0x006ac8fb
                                                                                                                              0x006ac903
                                                                                                                              0x006ac90e
                                                                                                                              0x006ac916
                                                                                                                              0x006ac91b
                                                                                                                              0x006ac923
                                                                                                                              0x006ac925
                                                                                                                              0x006ac92a
                                                                                                                              0x006ac92a
                                                                                                                              0x006ac932
                                                                                                                              0x006ac937
                                                                                                                              0x006ac947
                                                                                                                              0x006ac957
                                                                                                                              0x006ac95e
                                                                                                                              0x006ac965
                                                                                                                              0x006ac975
                                                                                                                              0x006ac97d
                                                                                                                              0x006ac989
                                                                                                                              0x006ac991
                                                                                                                              0x006ac999
                                                                                                                              0x006ac9a1
                                                                                                                              0x006ac9b0
                                                                                                                              0x006ac9bf
                                                                                                                              0x006ac9c4
                                                                                                                              0x006ac9c4
                                                                                                                              0x006ac9cc
                                                                                                                              0x006ac9d1
                                                                                                                              0x006ac9d5
                                                                                                                              0x006ac9e2
                                                                                                                              0x006ac9ed
                                                                                                                              0x006ac9f5
                                                                                                                              0x006ac9f5
                                                                                                                              0x006ac9fc
                                                                                                                              0x006ac9ff
                                                                                                                              0x006aca02
                                                                                                                              0x006aca0f
                                                                                                                              0x006aca21

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,006ACA22,?,?,00000005,00000000,00000000,?,006B92B5,00000000,006B946A,?,00000000,006B94CE), ref: 006AC957
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,00000000,006ACA22,?,?,00000005,00000000,00000000,?,006B92B5,00000000,006B946A,?,00000000,006B94CE), ref: 006AC960
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                              • String ID: Created temporary directory: $\_setup64.tmp$_isetup$bm
                                                                                                                              • API String ID: 1375471231-4222912607
                                                                                                                              • Opcode ID: a86aa8a2acc0a94b1db93ec364803f94f2229d477fc06fb0c9cde1c9b68dee1f
                                                                                                                              • Instruction ID: fab29f73b12df9647497e51388a78cad5e0a4b86d3a417c00642db4583a337af
                                                                                                                              • Opcode Fuzzy Hash: a86aa8a2acc0a94b1db93ec364803f94f2229d477fc06fb0c9cde1c9b68dee1f
                                                                                                                              • Instruction Fuzzy Hash: 00412E34A102099BDB01FBA4D891AEEB7B6FF89704F50417AF501B7391DA34AE458B64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C92C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91windowregistryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E005C92C8(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t10;
				intOrPtr _t17;
				intOrPtr _t24;
				intOrPtr* _t27;
				struct HWND__* _t33;
				void* _t42;
				intOrPtr _t44;
				void* _t49;
				intOrPtr _t51;
				struct HWND__* _t52;
				intOrPtr _t54;
				intOrPtr _t55;

				_t50 = __esi;
				_t42 = __edx;
				_t54 = _t55;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				if(__edx != 0) {
					_t55 = _t55 + 0xfffffff0;
					_t10 = E00408A40(_t10, _t54);
				}
				_t49 = _t10;
				_push(_t54);
				_push(0x5c93da);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55;
				E00408414(0);
				 *((intOrPtr*)(_t49 + 0xc)) = GetActiveWindow();
				 *((intOrPtr*)(_t49 + 0x10)) = GetFocus();
				_t17 = E005ABB4C(0, _t42, _t49, _t50); // executed
				 *((intOrPtr*)(_t49 + 0x14)) = _t17;
				if( *0x6d5822 == 0) {
					 *0x6d5822 = RegisterClassW(0x6ccd0c);
				}
				if( *0x6d5822 != 0) {
					_t24 = E00414DA0(0, L"TWindowDisabler-Window", 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0x88000000); // executed
					_t51 = _t24;
					 *((intOrPtr*)(_t49 + 8)) = _t51;
					if(_t51 != 0) {
						_t5 = _t49 + 8; // 0x4134a000
						_t27 =  *0x6cdec4; // 0x6d579c
						E005B8044( *_t27,  &_v8);
						E0040B278(_v8);
						_t33 = E00414DA0(0, L"TWindowDisabler-Window", 0,  *0x6d2634, 0,  *_t5, 0, 0, 0, 0, 0x80000000); // executed
						_t52 = _t33;
						 *(_t49 + 4) = _t52;
						if(_t52 != 0) {
							ShowWindow(_t52, 8); // executed
						}
					}
				}
				SetFocus(0);
				_pop(_t44);
				 *[fs:eax] = _t44;
				_push(E005C93E1);
				return E0040A1C8( &_v8);
			}
















                                                                                                                              0x005c92c8
                                                                                                                              0x005c92c8
                                                                                                                              0x005c92c9
                                                                                                                              0x005c92cb
                                                                                                                              0x005c92cd
                                                                                                                              0x005c92ce
                                                                                                                              0x005c92cf
                                                                                                                              0x005c92d2
                                                                                                                              0x005c92d4
                                                                                                                              0x005c92d7
                                                                                                                              0x005c92d7
                                                                                                                              0x005c92de
                                                                                                                              0x005c92e2
                                                                                                                              0x005c92e3
                                                                                                                              0x005c92e8
                                                                                                                              0x005c92eb
                                                                                                                              0x005c92f2
                                                                                                                              0x005c92fc
                                                                                                                              0x005c9304
                                                                                                                              0x005c9309
                                                                                                                              0x005c930e
                                                                                                                              0x005c9319
                                                                                                                              0x005c9325
                                                                                                                              0x005c9325
                                                                                                                              0x005c9333
                                                                                                                              0x005c935e
                                                                                                                              0x005c9363
                                                                                                                              0x005c9365
                                                                                                                              0x005c936a
                                                                                                                              0x005c9379
                                                                                                                              0x005c938a
                                                                                                                              0x005c9391
                                                                                                                              0x005c9399
                                                                                                                              0x005c93a7
                                                                                                                              0x005c93ac
                                                                                                                              0x005c93ae
                                                                                                                              0x005c93b3
                                                                                                                              0x005c93b8
                                                                                                                              0x005c93b8
                                                                                                                              0x005c93b3
                                                                                                                              0x005c936a
                                                                                                                              0x005c93bf
                                                                                                                              0x005c93c6
                                                                                                                              0x005c93c9
                                                                                                                              0x005c93cc
                                                                                                                              0x005c93d9

                                                                                                                              APIs
                                                                                                                              • GetActiveWindow.USER32 ref: 005C92F7
                                                                                                                              • GetFocus.USER32(00000000,005C93DA,?,?,?,00000001,00000000,?,00624EAB,006D579C,?,006B93C5,?,?,00000000,006B9450), ref: 005C92FF
                                                                                                                              • RegisterClassW.USER32 ref: 005C9320
                                                                                                                              • ShowWindow.USER32(00000000,00000008,00000000,?,00000000,4134A000,00000000,00000000,00000000,00000000,80000000,00000000,?,00000000,00000000,00000000), ref: 005C93B8
                                                                                                                              • SetFocus.USER32(00000000,00000000,005C93DA,?,?,?,00000001,00000000,?,00624EAB,006D579C,?,006B93C5,?,?,00000000), ref: 005C93BF
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FocusWindow$ActiveClassRegisterShow
                                                                                                                              • String ID: TWindowDisabler-Window
                                                                                                                              • API String ID: 495420250-1824977358
                                                                                                                              • Opcode ID: 6784ae0ba7057f0a8a26c4c85bfb57be43722a071822028f1ce80f015718ad1f
                                                                                                                              • Instruction ID: 15dfa4f4c92537cee7ed1e4bf608ea9bac44f034fc845b592ccaf34af6f1c1de
                                                                                                                              • Opcode Fuzzy Hash: 6784ae0ba7057f0a8a26c4c85bfb57be43722a071822028f1ce80f015718ad1f
                                                                                                                              • Instruction Fuzzy Hash: 1321E570A41700AFD710EBA59C56F5ABBA5FB85B00F51452DF900EB6D1EB78AC40C7D8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006C4660 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			_entry_() {
				intOrPtr* _t12;
				signed int _t15;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr* _t28;
				intOrPtr* _t31;
				intOrPtr* _t35;
				intOrPtr _t36;
				void* _t61;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr _t77;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t82;
				intOrPtr _t83;
				void* _t84;
				void* _t86;
				intOrPtr* _t88;
				intOrPtr _t89;
				void* _t90;
				intOrPtr _t92;
				void* _t93;

				E00410BA8(0x6b9a98);
				_t12 =  *0x6cdec4; // 0x6d579c
				_t15 = GetWindowLongW( *( *_t12 + 0x188), 0xffffffec);
				_t73 =  *0x6cdec4; // 0x6d579c
				SetWindowLongW( *( *_t73 + 0x188), 0xffffffec, _t15 & 0xffffff7f); // executed
				_push(_t88);
				_push(0x6c46f1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				SetErrorMode(1); // executed
				E006B9800(_t90);
				_t21 =  *0x6b96c0; // 0x6b9718
				_t22 =  *0x6cdec4; // 0x6d579c
				E005B8740( *_t22, E006B9758, _t21);
				_t76 =  *0x6cdd3c; // 0x6d57d8
				 *_t76 = 0x6b4380;
				E006B9870(_t62, _t84, _t86, _t90, _t93);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_t28 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t28, L"Setup", _t90);
				_t31 =  *0x6cdec4; // 0x6d579c
				ShowWindow( *( *_t31 + 0x188), 5);
				_t35 =  *0x6cdec4; // 0x6d579c
				_t36 =  *_t35;
				_t79 =  *0x6a6ef4; // 0x6a6f4c
				 *((intOrPtr*)(_t36 + 0x10c)) = _t79;
				 *((intOrPtr*)(_t36 + 0x108)) = 0x6b3994;
				_push(_t88);
				_push(0x6c479a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				E005B881C(); // executed
				L006B09B0(_t62, _t84, _t86, _t93);
				L005B8834( *((intOrPtr*)( *0x6cdec4)), _t62,  *0x6cdab4,  *0x6a6ef4, _t84, _t86);
				L006B3B64(_t90, _t93);
				_pop(_t81);
				 *[fs:eax] = _t81;
				_push(_t88);
				_push(0x6c481d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				L005B8990( *((intOrPtr*)( *0x6cdec4)), _t62, _t84, _t86);
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(_t88);
				_push(0x6c4854);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				L006B2AB0( *0x6cdcd4 & 0xffffff00 |  *( *0x6cdcd4) == 0x00000000, _t62, _t84, _t86,  *( *0x6cdcd4));
				_pop(_t83);
				 *[fs:eax] = _t83;
				_t61 = E0040A028( *( *0x6cdcd4));
				E00409EF8();
				 *((intOrPtr*)(_t61 - 0xfffdfc)) =  *((intOrPtr*)(_t61 - 0xfffdfc)) + _t83;
				asm("invalid");
				 *0x53000000 =  *0x53000000 + 1;
				 *_t88 =  *_t88 + _t61;
				_t92 =  *_t88;
				if (_t92 == 0) goto L5;
				if (_t92 != 0) goto L6;
				if (_t92 < 0) goto 0x6c488e;
			}



























                                                                                                                              0x006c466e
                                                                                                                              0x006c4673
                                                                                                                              0x006c4683
                                                                                                                              0x006c4688
                                                                                                                              0x006c469f
                                                                                                                              0x006c46a6
                                                                                                                              0x006c46a7
                                                                                                                              0x006c46ac
                                                                                                                              0x006c46af
                                                                                                                              0x006c46b4
                                                                                                                              0x006c46b9
                                                                                                                              0x006c46be
                                                                                                                              0x006c46c9
                                                                                                                              0x006c46d0
                                                                                                                              0x006c46da
                                                                                                                              0x006c46e0
                                                                                                                              0x006c46e2
                                                                                                                              0x006c46e9
                                                                                                                              0x006c46ec
                                                                                                                              0x006c470a
                                                                                                                              0x006c4716
                                                                                                                              0x006c471d
                                                                                                                              0x006c472b
                                                                                                                              0x006c4730
                                                                                                                              0x006c4735
                                                                                                                              0x006c4737
                                                                                                                              0x006c473d
                                                                                                                              0x006c4743
                                                                                                                              0x006c474f
                                                                                                                              0x006c4750
                                                                                                                              0x006c4755
                                                                                                                              0x006c4758
                                                                                                                              0x006c4762
                                                                                                                              0x006c4767
                                                                                                                              0x006c477f
                                                                                                                              0x006c478b
                                                                                                                              0x006c4792
                                                                                                                              0x006c4795
                                                                                                                              0x006c47fb
                                                                                                                              0x006c47fc
                                                                                                                              0x006c4801
                                                                                                                              0x006c4804
                                                                                                                              0x006c480e
                                                                                                                              0x006c4815
                                                                                                                              0x006c4818
                                                                                                                              0x006c482e
                                                                                                                              0x006c482f
                                                                                                                              0x006c4834
                                                                                                                              0x006c4837
                                                                                                                              0x006c4845
                                                                                                                              0x006c484c
                                                                                                                              0x006c484f
                                                                                                                              0x006c486a
                                                                                                                              0x006c4872
                                                                                                                              0x006c4877
                                                                                                                              0x006c487d
                                                                                                                              0x006c487f
                                                                                                                              0x006c4885
                                                                                                                              0x006c4885
                                                                                                                              0x006c4888
                                                                                                                              0x006c488a
                                                                                                                              0x006c488c

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00410BA8: GetModuleHandleW.KERNEL32(00000000,?,006C4673), ref: 00410BB4
                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 006C4683
                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 006C469F
                                                                                                                              • SetErrorMode.KERNEL32(00000001,00000000,006C46F1), ref: 006C46B4
                                                                                                                                • Part of subcall function 006B9800: GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,006C46BE,00000001,00000000,006C46F1), ref: 006B980A
                                                                                                                                • Part of subcall function 005B8740: SendMessageW.USER32(?,0000B020,00000000,?), ref: 005B8765
                                                                                                                                • Part of subcall function 005B8250: SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                                                                              • ShowWindow.USER32(?,00000005,00000000,006C46F1), ref: 006C472B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$HandleLongModule$ErrorMessageModeSendShowText
                                                                                                                              • String ID: Loj$Setup
                                                                                                                              • API String ID: 1533765661-1180797960
                                                                                                                              • Opcode ID: 3d0304c784d3bd607acd89935b1016d88a71efec8a9d6f2a7abca0b2f7454e11
                                                                                                                              • Instruction ID: d4d45baa3e9a68820d1f8b3b63154724c7fffc608bd47f906fb52fcab16a7fb3
                                                                                                                              • Opcode Fuzzy Hash: 3d0304c784d3bd607acd89935b1016d88a71efec8a9d6f2a7abca0b2f7454e11
                                                                                                                              • Instruction Fuzzy Hash: BE216D782046009FD700EF29DC91DA67BFAEB9E71071145B8F9008B3A2CE74BC80CB64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005CE26C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 51%
                                                                                                                              			E005CE26C(void* __eax, void* __ebx, long* __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				struct tagTEXTMETRICW _v76;
				signed int _t26;
				signed int _t27;
				void* _t36;
				intOrPtr _t43;
				long* _t45;
				signed int* _t47;
				void* _t50;

				_t37 = __ecx;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t45 = __ecx;
				_t47 = __edx;
				_t36 = __eax;
				_v8 = GetDC(0);
				_push(_t50);
				_push(0x5ce2f8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xffffffb8;
				SelectObject(_v8, E004EE238(_t36, _t36, _t37, _t45, _t47));
				GetTextExtentPointW(_v8, L"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", 0x34,  &_v16); // executed
				asm("cdq");
				_t26 = _v16.cx / 0x1a + 1;
				_t27 = _t26 >> 1;
				if(_t26 < 0) {
					asm("adc eax, 0x0");
				}
				 *_t47 = _t27;
				GetTextMetricsW(_v8,  &_v76);
				 *_t45 = _v76.tmHeight;
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(E005CE2FF);
				return ReleaseDC(0, _v8);
			}













                                                                                                                              0x005ce26c
                                                                                                                              0x005ce272
                                                                                                                              0x005ce273
                                                                                                                              0x005ce274
                                                                                                                              0x005ce275
                                                                                                                              0x005ce277
                                                                                                                              0x005ce279
                                                                                                                              0x005ce282
                                                                                                                              0x005ce287
                                                                                                                              0x005ce288
                                                                                                                              0x005ce28d
                                                                                                                              0x005ce290
                                                                                                                              0x005ce29f
                                                                                                                              0x005ce2b3
                                                                                                                              0x005ce2c0
                                                                                                                              0x005ce2c3
                                                                                                                              0x005ce2c4
                                                                                                                              0x005ce2c6
                                                                                                                              0x005ce2c8
                                                                                                                              0x005ce2c8
                                                                                                                              0x005ce2cb
                                                                                                                              0x005ce2d5
                                                                                                                              0x005ce2dd
                                                                                                                              0x005ce2e1
                                                                                                                              0x005ce2e4
                                                                                                                              0x005ce2e7
                                                                                                                              0x005ce2f7

                                                                                                                              APIs
                                                                                                                              • GetDC.USER32(00000000), ref: 005CE27D
                                                                                                                                • Part of subcall function 004EE238: EnterCriticalSection.KERNEL32(?,00000000,004EE4A7,?,?), ref: 004EE280
                                                                                                                              • SelectObject.GDI32(00000001,00000000), ref: 005CE29F
                                                                                                                              • GetTextExtentPointW.GDI32(00000001,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 005CE2B3
                                                                                                                              • GetTextMetricsW.GDI32(00000001,?,00000000,005CE2F8,?,00000000,?,0068D5D0,00000001), ref: 005CE2D5
                                                                                                                              • ReleaseDC.USER32 ref: 005CE2F2
                                                                                                                              Strings
                                                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 005CE2AA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Text$CriticalEnterExtentMetricsObjectPointReleaseSectionSelect
                                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                                                              • API String ID: 1334710084-222967699
                                                                                                                              • Opcode ID: 325bd83ac94b98e0ccaeb91b867b8168358bc3f43770baf6a1d651e33ba30b3f
                                                                                                                              • Instruction ID: 68d2e7468c57547273e36bf030651d7f5f3d68c5ac32077f2b8cb66f1dd3ef54
                                                                                                                              • Opcode Fuzzy Hash: 325bd83ac94b98e0ccaeb91b867b8168358bc3f43770baf6a1d651e33ba30b3f
                                                                                                                              • Instruction Fuzzy Hash: 8E01847AA14204BFE704DEE9CC42F9EB7ECEB49704F510469F604E7280D678AD008724
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409EF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 434 409ef8-409f0c 435 409f0e-409f1a call 409dd8 call 409e60 434->435 436 409f1f-409f26 434->436 435->436 437 409f28-409f33 GetCurrentThreadId 436->437 438 409f49-409f4d 436->438 437->438 440 409f35-409f44 call 409b30 call 409e34 437->440 441 409f71-409f75 438->441 442 409f4f-409f56 438->442 440->438 447 409f81-409f85 441->447 448 409f77-409f7a 441->448 442->441 446 409f58-409f6f 442->446 446->441 450 409fa4-409fad call 409b58 447->450 451 409f87-409f90 call 406fd0 447->451 448->447 453 409f7c-409f7e 448->453 461 409fb4-409fb9 450->461 462 409faf-409fb2 450->462 451->450 460 409f92-409fa2 call 408444 call 406fd0 451->460 453->447 460->450 464 409fd5-409fe0 call 409b30 461->464 465 409fbb-409fc9 call 40ebb8 461->465 462->461 462->464 473 409fe2 464->473 474 409fe5-409fe9 464->474 465->464 472 409fcb-409fcd 465->472 472->464 476 409fcf-409fd0 FreeLibrary 472->476 473->474 477 409ff2-409ff5 474->477 478 409feb-409fed call 409e34 474->478 476->464 480 409ff7-409ffe 477->480 481 40a00e 477->481 478->477 482 40a000 480->482 483 40a006-40a009 ExitProcess 480->483 482->483
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00409EF8() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x6c5004 != 0) {
					E00409DD8();
					E00409E60(_t46);
					 *0x6c5004 = 0;
				}
				if( *0x6d1bd0 != 0 && GetCurrentThreadId() ==  *0x6d1bf8) {
					E00409B30(0x6d1bcc);
					E00409E34(0x6d1bcc);
				}
				if( *0x006D1BC4 != 0 ||  *0x6cf058 == 0) {
					L8:
					if( *((char*)(0x6d1bc4)) == 2 &&  *0x6c5000 == 0) {
						 *0x006D1BA8 = 0;
					}
					if( *((char*)(0x6d1bc4)) != 0) {
						L14:
						E00409B58(); // executed
						if( *((char*)(0x6d1bc4)) <= 1 ||  *0x6c5000 != 0) {
							_t15 =  *0x006D1BAC;
							if( *0x006D1BAC != 0) {
								E0040EBB8(_t15);
								_t31 =  *((intOrPtr*)(0x6d1bac));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00409B30(0x6d1b9c);
						if( *((char*)(0x6d1bc4)) == 1) {
							 *0x006D1BC0();
						}
						if( *((char*)(0x6d1bc4)) != 0) {
							E00409E34(0x6d1b9c);
						}
						if( *0x6d1b9c == 0) {
							if( *0x6cf038 != 0) {
								 *0x6cf038();
							}
							ExitProcess( *0x6c5000); // executed
						}
						memcpy(0x6d1b9c,  *0x6d1b9c, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x6c5000 = 0x6c5000;
						0x6d1b9c = 0x6d1b9c;
						goto L8;
					} else {
						_t20 = E00406FD0();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00408444(_t44);
							_t23 = E00406FD0();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x6cf058; // 0x0
						 *0x6cf058 = 0;
						 *_t33();
					} while ( *0x6cf058 != 0);
					L8:
					while(1) {
					}
				}
			}










                                                                                                                              0x00409f0c
                                                                                                                              0x00409f0e
                                                                                                                              0x00409f13
                                                                                                                              0x00409f1a
                                                                                                                              0x00409f1a
                                                                                                                              0x00409f26
                                                                                                                              0x00409f3a
                                                                                                                              0x00409f44
                                                                                                                              0x00409f44
                                                                                                                              0x00409f4d
                                                                                                                              0x00409f71
                                                                                                                              0x00409f75
                                                                                                                              0x00409f7e
                                                                                                                              0x00409f7e
                                                                                                                              0x00409f85
                                                                                                                              0x00409fa4
                                                                                                                              0x00409fa4
                                                                                                                              0x00409fad
                                                                                                                              0x00409fb4
                                                                                                                              0x00409fb9
                                                                                                                              0x00409fbb
                                                                                                                              0x00409fc0
                                                                                                                              0x00409fc3
                                                                                                                              0x00409fc3
                                                                                                                              0x00409fc6
                                                                                                                              0x00409fc9
                                                                                                                              0x00409fd0
                                                                                                                              0x00409fd0
                                                                                                                              0x00409fc9
                                                                                                                              0x00409fb9
                                                                                                                              0x00409fd7
                                                                                                                              0x00409fe0
                                                                                                                              0x00409fe2
                                                                                                                              0x00409fe2
                                                                                                                              0x00409fe9
                                                                                                                              0x00409fed
                                                                                                                              0x00409fed
                                                                                                                              0x00409ff5
                                                                                                                              0x00409ffe
                                                                                                                              0x0040a000
                                                                                                                              0x0040a000
                                                                                                                              0x0040a009
                                                                                                                              0x0040a009
                                                                                                                              0x0040a01b
                                                                                                                              0x0040a01b
                                                                                                                              0x0040a01d
                                                                                                                              0x0040a01e
                                                                                                                              0x00000000
                                                                                                                              0x00409f87
                                                                                                                              0x00409f87
                                                                                                                              0x00409f8c
                                                                                                                              0x00409f90
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00409f92
                                                                                                                              0x00409f92
                                                                                                                              0x00409f94
                                                                                                                              0x00409f99
                                                                                                                              0x00409f9e
                                                                                                                              0x00409fa0
                                                                                                                              0x00000000
                                                                                                                              0x00409f92
                                                                                                                              0x00409f58
                                                                                                                              0x00409f58
                                                                                                                              0x00409f58
                                                                                                                              0x00409f61
                                                                                                                              0x00409f66
                                                                                                                              0x00409f68
                                                                                                                              0x00000000
                                                                                                                              0x00409f71
                                                                                                                              0x00000000
                                                                                                                              0x00409f71

                                                                                                                              APIs
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00409F28
                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 00409FD0
                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 0040A009
                                                                                                                                • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                                                                                • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                                                                                • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                                                                                • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                              • String ID: MZP
                                                                                                                              • API String ID: 3490077880-2889622443
                                                                                                                              • Opcode ID: 19759392ed06106502a1c1b2e6486d6f2820d04f59653749a07cc7070f676968
                                                                                                                              • Instruction ID: e2cc099636b1ff89dc3d2fe7d8b391202ea9480b4d839bd65efd70e323d436a8
                                                                                                                              • Opcode Fuzzy Hash: 19759392ed06106502a1c1b2e6486d6f2820d04f59653749a07cc7070f676968
                                                                                                                              • Instruction Fuzzy Hash: 60316F20B006429AD720AB7A9484B2777E66B44328F14053FE449E62E3D7BCDCC4C75D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409EF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 484 409ef0-409f0c 485 409f0e-409f1a call 409dd8 call 409e60 484->485 486 409f1f-409f26 484->486 485->486 487 409f28-409f33 GetCurrentThreadId 486->487 488 409f49-409f4d 486->488 487->488 490 409f35-409f44 call 409b30 call 409e34 487->490 491 409f71-409f75 488->491 492 409f4f-409f56 488->492 490->488 497 409f81-409f85 491->497 498 409f77-409f7a 491->498 492->491 496 409f58-409f6f 492->496 496->491 500 409fa4-409fad call 409b58 497->500 501 409f87-409f90 call 406fd0 497->501 498->497 503 409f7c-409f7e 498->503 511 409fb4-409fb9 500->511 512 409faf-409fb2 500->512 501->500 510 409f92-409fa2 call 408444 call 406fd0 501->510 503->497 510->500 514 409fd5-409fe0 call 409b30 511->514 515 409fbb-409fc9 call 40ebb8 511->515 512->511 512->514 523 409fe2 514->523 524 409fe5-409fe9 514->524 515->514 522 409fcb-409fcd 515->522 522->514 526 409fcf-409fd0 FreeLibrary 522->526 523->524 527 409ff2-409ff5 524->527 528 409feb-409fed call 409e34 524->528 526->514 530 409ff7-409ffe 527->530 531 40a00e 527->531 528->527 532 40a000 530->532 533 40a006-40a009 ExitProcess 530->533 532->533
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00409EF0() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x6c5004 != 0) {
					E00409DD8();
					E00409E60(_t50);
					 *0x6c5004 = 0;
				}
				if( *0x6d1bd0 != 0 && GetCurrentThreadId() ==  *0x6d1bf8) {
					E00409B30(0x6d1bcc);
					E00409E34(0x6d1bcc);
				}
				if( *0x006D1BC4 != 0 ||  *0x6cf058 == 0) {
					L9:
					if( *((char*)(0x6d1bc4)) == 2 &&  *0x6c5000 == 0) {
						 *0x006D1BA8 = 0;
					}
					if( *((char*)(0x6d1bc4)) != 0) {
						L15:
						E00409B58(); // executed
						if( *((char*)(0x6d1bc4)) <= 1 ||  *0x6c5000 != 0) {
							_t18 =  *0x006D1BAC;
							if( *0x006D1BAC != 0) {
								E0040EBB8(_t18);
								_t34 =  *((intOrPtr*)(0x6d1bac));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00409B30(0x6d1b9c);
						if( *((char*)(0x6d1bc4)) == 1) {
							 *0x006D1BC0();
						}
						if( *((char*)(0x6d1bc4)) != 0) {
							E00409E34(0x6d1b9c);
						}
						if( *0x6d1b9c == 0) {
							if( *0x6cf038 != 0) {
								 *0x6cf038();
							}
							ExitProcess( *0x6c5000); // executed
						}
						memcpy(0x6d1b9c,  *0x6d1b9c, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x6c5000 = 0x6c5000;
						0x6d1b9c = 0x6d1b9c;
						goto L9;
					} else {
						_t23 = E00406FD0();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00408444(_t48);
							_t26 = E00406FD0();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x6cf058; // 0x0
						 *0x6cf058 = 0;
						 *_t36();
					} while ( *0x6cf058 != 0);
					L9:
					while(1) {
					}
				}
			}











                                                                                                                              0x00409ef2
                                                                                                                              0x00409f0c
                                                                                                                              0x00409f0e
                                                                                                                              0x00409f13
                                                                                                                              0x00409f1a
                                                                                                                              0x00409f1a
                                                                                                                              0x00409f26
                                                                                                                              0x00409f3a
                                                                                                                              0x00409f44
                                                                                                                              0x00409f44
                                                                                                                              0x00409f4d
                                                                                                                              0x00409f71
                                                                                                                              0x00409f75
                                                                                                                              0x00409f7e
                                                                                                                              0x00409f7e
                                                                                                                              0x00409f85
                                                                                                                              0x00409fa4
                                                                                                                              0x00409fa4
                                                                                                                              0x00409fad
                                                                                                                              0x00409fb4
                                                                                                                              0x00409fb9
                                                                                                                              0x00409fbb
                                                                                                                              0x00409fc0
                                                                                                                              0x00409fc3
                                                                                                                              0x00409fc3
                                                                                                                              0x00409fc6
                                                                                                                              0x00409fc9
                                                                                                                              0x00409fd0
                                                                                                                              0x00409fd0
                                                                                                                              0x00409fc9
                                                                                                                              0x00409fb9
                                                                                                                              0x00409fd7
                                                                                                                              0x00409fe0
                                                                                                                              0x00409fe2
                                                                                                                              0x00409fe2
                                                                                                                              0x00409fe9
                                                                                                                              0x00409fed
                                                                                                                              0x00409fed
                                                                                                                              0x00409ff5
                                                                                                                              0x00409ffe
                                                                                                                              0x0040a000
                                                                                                                              0x0040a000
                                                                                                                              0x0040a009
                                                                                                                              0x0040a009
                                                                                                                              0x0040a01b
                                                                                                                              0x0040a01b
                                                                                                                              0x0040a01d
                                                                                                                              0x0040a01e
                                                                                                                              0x00000000
                                                                                                                              0x00409f87
                                                                                                                              0x00409f87
                                                                                                                              0x00409f8c
                                                                                                                              0x00409f90
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00409f92
                                                                                                                              0x00409f92
                                                                                                                              0x00409f94
                                                                                                                              0x00409f99
                                                                                                                              0x00409f9e
                                                                                                                              0x00409fa0
                                                                                                                              0x00000000
                                                                                                                              0x00409f92
                                                                                                                              0x00409f58
                                                                                                                              0x00409f58
                                                                                                                              0x00409f58
                                                                                                                              0x00409f61
                                                                                                                              0x00409f66
                                                                                                                              0x00409f68
                                                                                                                              0x00000000
                                                                                                                              0x00409f71
                                                                                                                              0x00000000
                                                                                                                              0x00409f71

                                                                                                                              APIs
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00409F28
                                                                                                                              • FreeLibrary.KERNEL32(00400000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 00409FD0
                                                                                                                              • ExitProcess.KERNEL32(00000000,?,?,?,0040A032,0040701B,00407062,?,?,0040707B,?,?,?,?,004B58EA,00000000), ref: 0040A009
                                                                                                                                • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                                                                                • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                                                                                • Part of subcall function 00409E60: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                                                                                • Part of subcall function 00409E60: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                              • String ID: MZP
                                                                                                                              • API String ID: 3490077880-2889622443
                                                                                                                              • Opcode ID: 86ca27ab4cbfe576b0a3ee541a0fe11273007b0e3819c982b8d9582f61fa1f39
                                                                                                                              • Instruction ID: 07d30fd0877b4d42c88f7c1dd8669400ca79996a2773cdc214a63d44a36a60ff
                                                                                                                              • Opcode Fuzzy Hash: 86ca27ab4cbfe576b0a3ee541a0fe11273007b0e3819c982b8d9582f61fa1f39
                                                                                                                              • Instruction Fuzzy Hash: C4316E20A007828ADB21AB769494B2777E26F15318F14487FE049E62E3D7BCDCC4C71E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060C038 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60processCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 534 60c038-60c053 call 60bf74 537 60c055-60c0cb 534->537 538 60c05c-60c0ac CreateProcessW GetLastError call 60bfb0 534->538 541 60c0b1 538->541
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E0060C038(void* __eax, WCHAR* __ecx, WCHAR* __edx, void* __eflags, struct _PROCESS_INFORMATION* _a4, struct _STARTUPINFOW* _a8, char _a12, void* _a16, char _a20, int _a24, struct _SECURITY_ATTRIBUTES* _a28, struct _SECURITY_ATTRIBUTES* _a32) {
				int _v8;
				char _v16;
				long _v20;
				int _t27;
				intOrPtr _t42;
				void* _t50;
				void* _t52;
				intOrPtr _t53;

				_t50 = _t52;
				_t53 = _t52 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t50);
					_push(0x60c0b2);
					_push( *[fs:eax]);
					 *[fs:eax] = _t53;
					_t5 =  &_a12; // 0x624d3e
					_t7 =  &_a20; // 0x624d58
					_t27 = CreateProcessW(__edx, __ecx, _a32, _a28, _a24,  *_t7, _a16,  *_t5, _a8, _a4); // executed
					_v8 = _t27;
					_v20 = GetLastError();
					_pop(_t42);
					 *[fs:eax] = _t42;
					_push(E0060C0B9);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                                                                              0x0060c039
                                                                                                                              0x0060c03b
                                                                                                                              0x0060c053
                                                                                                                              0x0060c05e
                                                                                                                              0x0060c05f
                                                                                                                              0x0060c064
                                                                                                                              0x0060c067
                                                                                                                              0x0060c072
                                                                                                                              0x0060c07a
                                                                                                                              0x0060c08c
                                                                                                                              0x0060c091
                                                                                                                              0x0060c099
                                                                                                                              0x0060c09e
                                                                                                                              0x0060c0a1
                                                                                                                              0x0060c0a4
                                                                                                                              0x0060c0b1
                                                                                                                              0x0060c055
                                                                                                                              0x0060c057
                                                                                                                              0x0060c0cb
                                                                                                                              0x0060c0cb

                                                                                                                              APIs
                                                                                                                              • CreateProcessW.KERNEL32 ref: 0060C08C
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,006D579C,?,?,XMb,00000000,>Mb,?,?,00000000,0060C0B2,?,?,?,00000001), ref: 0060C094
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateErrorLastProcess
                                                                                                                              • String ID: >Mb$XMb
                                                                                                                              • API String ID: 2919029540-2660256435
                                                                                                                              • Opcode ID: cc071ed51034117dff2eb24da789fdfe7696ce97c15fb88c7d50c2d671ecce20
                                                                                                                              • Instruction ID: 6fed8a1d79b3fe7fb7c31d778b9d5703ccb9eb2a1393ada51090ba1ca1dee2d9
                                                                                                                              • Opcode Fuzzy Hash: cc071ed51034117dff2eb24da789fdfe7696ce97c15fb88c7d50c2d671ecce20
                                                                                                                              • Instruction Fuzzy Hash: DA113972640208AFCB54DFA9DC81DDFB7ECEB4D320B518666F908D3280D635AE108BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004785F8 Relevance: 6.1, APIs: 4, Instructions: 59registryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 571 4785f8-478626 GetClassInfoW 572 478632-478634 571->572 573 478628-478630 571->573 574 478647-47864c RegisterClassW 572->574 575 478636-478642 UnregisterClassW 572->575 573->572 576 478651-478686 call 414da0 573->576 574->576 575->574 579 47869c-4786a2 576->579 580 478688-47868e call 47845c 576->580 582 478693-478697 SetWindowLongW 580->582 582->579
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E004785F8(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSW _v44;
				WCHAR* _t8;
				int _t10;
				void* _t11;
				struct HWND__* _t15;
				long _t17;
				WCHAR* _t20;
				struct HWND__* _t22;
				WCHAR* _t24;

				 *0x6c7aa8 =  *0x6d2634;
				_t8 =  *0x6c7abc; // 0x4785dc
				_t10 = GetClassInfoW( *0x6d2634, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L00414778 != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t20 =  *0x6c7abc; // 0x4785dc
						UnregisterClassW(_t20,  *0x6d2634);
					}
					RegisterClassW(0x6c7a98);
				}
				_t24 =  *0x6c7abc; // 0x4785dc
				_t15 = E00414DA0(0x80, _t24, 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0x80000000); // executed
				_t22 = _t15;
				if(_a6 != 0) {
					_t17 = E0047845C(_a4, _a8); // executed
					SetWindowLongW(_t22, 0xfffffffc, _t17);
				}
				return _t22;
			}












                                                                                                                              0x00478604
                                                                                                                              0x0047860d
                                                                                                                              0x00478619
                                                                                                                              0x00478621
                                                                                                                              0x00478623
                                                                                                                              0x00478626
                                                                                                                              0x00478634
                                                                                                                              0x0047863c
                                                                                                                              0x00478642
                                                                                                                              0x00478642
                                                                                                                              0x0047864c
                                                                                                                              0x0047864c
                                                                                                                              0x0047866f
                                                                                                                              0x0047867a
                                                                                                                              0x0047867f
                                                                                                                              0x00478686
                                                                                                                              0x0047868e
                                                                                                                              0x00478697
                                                                                                                              0x00478697
                                                                                                                              0x004786a2

                                                                                                                              APIs
                                                                                                                              • GetClassInfoW.USER32 ref: 00478619
                                                                                                                              • UnregisterClassW.USER32 ref: 00478642
                                                                                                                              • RegisterClassW.USER32 ref: 0047864C
                                                                                                                              • SetWindowLongW.USER32(00000000,000000FC,00000000), ref: 00478697
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4025006896-0
                                                                                                                              • Opcode ID: c13718059519df6099dbd22287901c2cd341ee5024df696f59e832b4f8273898
                                                                                                                              • Instruction ID: 194e1b82028893281538589df9a22bcce55ada3cdaffe31495447ecbac098301
                                                                                                                              • Opcode Fuzzy Hash: c13718059519df6099dbd22287901c2cd341ee5024df696f59e832b4f8273898
                                                                                                                              • Instruction Fuzzy Hash: D501C4716452057BCB10EB98EC85FDF739EE758314F10811AF508E7391CA39E9418BA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060EFD8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • WaitForInputIdle.USER32 ref: 0060F004
                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 0060F026
                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 0060F037
                                                                                                                              • CloseHandle.KERNEL32(00000001,0060F064,0060F05D,?,?,?,00000001,?,?,0060F406,?,00000000,0060F41C,?,?,?), ref: 0060F057
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4071923889-0
                                                                                                                              • Opcode ID: b2c0e9a815401a59890ae953dc8cc514a32d7d884ad163320893ed3959533c1a
                                                                                                                              • Instruction ID: 3bf9388a4eab4805cc6f518967bcd8e0b9f61bd1b59095cebcc575be48bbaf87
                                                                                                                              • Opcode Fuzzy Hash: b2c0e9a815401a59890ae953dc8cc514a32d7d884ad163320893ed3959533c1a
                                                                                                                              • Instruction Fuzzy Hash: 24012D70A80308BEEB3497A58D16FEBBBADDF45760F510536F604C36C2D5759D40C664
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006ACABC Relevance: 6.0, APIs: 4, Instructions: 34sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E006ACABC(signed char __eax, void* __ecx, void* __edx, void* __eflags) {
				long _t7;
				void* _t9;
				void* _t14;
				void* _t15;
				signed char* _t16;

				_t17 = __eflags;
				_push(__ecx);
				_t14 = __ecx;
				_t15 = __edx;
				 *_t16 = __eax;
				while(1) {
					E0060C158( *_t16 & 0x000000ff, _t15, _t17); // executed
					asm("sbb ebx, ebx");
					_t9 = _t9 + 1;
					if(_t9 != 0 || GetLastError() == 2 || GetLastError() == 3) {
						break;
					}
					_t7 = GetTickCount();
					_t17 = _t7 - _t14 - 0x7d0;
					if(_t7 - _t14 < 0x7d0) {
						Sleep(0x32); // executed
						continue;
					}
					break;
				}
				return _t9;
			}








                                                                                                                              0x006acabc
                                                                                                                              0x006acabf
                                                                                                                              0x006acac0
                                                                                                                              0x006acac2
                                                                                                                              0x006acac4
                                                                                                                              0x006acac7
                                                                                                                              0x006acacd
                                                                                                                              0x006acad5
                                                                                                                              0x006acad7
                                                                                                                              0x006acada
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x006acaf0
                                                                                                                              0x006acaf7
                                                                                                                              0x006acafc
                                                                                                                              0x006acb00
                                                                                                                              0x00000000
                                                                                                                              0x006acb00
                                                                                                                              0x00000000
                                                                                                                              0x006acafc
                                                                                                                              0x006acb0d

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$CountSleepTick
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2227064392-0
                                                                                                                              • Opcode ID: c0addea9e44982609d73b82cccd6ed059b5e010c00bab0bb0001373379f263d4
                                                                                                                              • Instruction ID: 650aecd8dda8324acb9ef1ef12543e615cdaddf0aa48ac4ca6bdf88ba774c7be
                                                                                                                              • Opcode Fuzzy Hash: c0addea9e44982609d73b82cccd6ed059b5e010c00bab0bb0001373379f263d4
                                                                                                                              • Instruction Fuzzy Hash: 2AE02B7234838094D725356E58864BE8D5ACFC3376F280A3FF0C4D2182C4058D85C576
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006AE3C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E006AE3C8(long __eax, void* __ecx, void* __fp0) {
				void* __ebx;
				void* __ebp;
				long _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t59;
				intOrPtr _t64;
				intOrPtr* _t69;
				struct HWND__* _t72;
				int _t73;
				intOrPtr _t74;
				void* _t77;
				void* _t79;
				void* _t93;
				void* _t94;
				void* _t95;
				intOrPtr _t98;
				void* _t100;
				intOrPtr _t104;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t120;
				long _t126;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t147;

				_t147 = __fp0;
				_t95 = __ecx;
				_t23 = __eax;
				_t126 = __eax;
				_t131 = _t126 -  *0x6cd738; // 0x0
				if(_t131 == 0) {
					L28:
					return _t23;
				}
				_t24 =  *0x6d66f8; // 0x0
				_t93 = E00464CD0(_t24, __eax);
				_t1 = _t93 + 0x18; // 0x18
				_t100 = E0040A77C(_t1);
				_t28 =  *((intOrPtr*)(_t93 + 0x18));
				if(_t28 != 0) {
					_t28 =  *((intOrPtr*)(_t28 - 4));
				}
				E005CD600(_t100, _t95, _t28);
				E005C77C4();
				E005C77C4();
				 *0x6cd738 = _t126;
				_t104 =  *0x5cac34; // 0x5cac38
				E0040BFAC(0x6d66b8, _t104);
				_t98 =  *0x5cac34; // 0x5cac38
				E0040C278(0x6d66b8, _t98, _t93, _t147);
				if( *0x6d66e0 == 0x411 &&  *0x6d67f0 < 0x5010000 && E005C7F8C(L"MS PGothic", _t93) != 0) {
					E0040A5A8(0x6d66c8, L"MS PGothic");
					 *0x6d66ec = 0xc;
				}
				if( *((intOrPtr*)(_t93 + 0x1c)) == 0) {
					_t106 =  *0x6d6601; // 0x0
					E0040A644(0x6d6744, _t106);
				} else {
					E0040A644(0x6d6744,  *((intOrPtr*)(_t93 + 0x1c)));
				}
				if( *((intOrPtr*)(_t93 + 0x20)) == 0) {
					_t107 =  *0x6d6605; // 0x0
					E0040A644(0x6d6748, _t107);
				} else {
					E0040A644(0x6d6748,  *((intOrPtr*)(_t93 + 0x20)));
				}
				_t139 =  *((intOrPtr*)(_t93 + 0x24));
				if( *((intOrPtr*)(_t93 + 0x24)) == 0) {
					_t108 =  *0x6d6609; // 0x0
					E0040A644(0x6d674c, _t108);
				} else {
					E0040A644(0x6d674c,  *((intOrPtr*)(_t93 + 0x24)));
				}
				E005C9044( *0x6d66f4 & 0x000000ff);
				_t49 =  *0x6cded8; // 0x6d5c28
				_t10 = _t49 + 0x1e8; // 0x0
				E005C8FB8(0, _t98, E0040B278( *_t10), _t139);
				_t54 =  *0x6cded8; // 0x6d5c28
				_t11 = _t54 + 0xb0; // 0x0
				E005C8FB8(1, _t98, E0040B278( *_t11), _t139);
				_t59 =  *0x6cded8; // 0x6d5c28
				_t12 = _t59 + 0x164; // 0x0
				E005C8FB8(2, _t98, E0040B278( *_t12), _t139);
				_t64 =  *0x6cded8; // 0x6d5c28
				_t13 = _t64 + 0x164; // 0x0
				E005C8FB8(3, _t98, E0040B278( *_t13), _t139);
				_t113 =  *0x6cded8; // 0x6d5c28
				_t14 = _t113 + 0x2f8; // 0x0
				_t69 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t69,  *_t14, _t139);
				_t23 =  *0x6d6704; // 0x0
				_t128 =  *((intOrPtr*)(_t23 + 8)) - 1;
				if(_t128 < 0) {
					L26:
					if( *0x6d64a4 == 0) {
						goto L28;
					}
					_t72 =  *0x6d64a8; // 0xb03e2
					_t73 = SendNotifyMessageW(_t72, 0x496, 0x2711, _t126); // executed
					return _t73;
				} else {
					_t129 = _t128 + 1;
					_t130 = 0;
					do {
						_t74 =  *0x6d6704; // 0x0
						_t94 = E00464CD0(_t74, _t130);
						_t77 = ( *(_t94 + 0x25) & 0x000000ff) - 1;
						if(_t77 == 0) {
							_t17 = _t94 + 4; // 0x4
							_t116 =  *0x6cded8; // 0x6d5c28
							_t18 = _t116 + 0x1c8; // 0x0
							_t23 = E0040A5A8(_t17,  *_t18);
						} else {
							_t79 = _t77 - 1;
							if(_t79 == 0) {
								_t19 = _t94 + 4; // 0x4
								_t118 =  *0x6cded8; // 0x6d5c28
								_t20 = _t118 + 0x94; // 0x0
								_t23 = E0040A5A8(_t19,  *_t20);
							} else {
								_t23 = _t79 - 1;
								if(_t23 == 0) {
									_t21 = _t94 + 4; // 0x4
									_t120 =  *0x6cded8; // 0x6d5c28
									_t22 = _t120 + 0xb8; // 0x0
									_t23 = E0040A5A8(_t21,  *_t22);
								}
							}
						}
						_t130 = _t130 + 1;
						_t129 = _t129 - 1;
					} while (_t129 != 0);
					goto L26;
				}
			}





































                                                                                                                              0x006ae3c8
                                                                                                                              0x006ae3c8
                                                                                                                              0x006ae3c8
                                                                                                                              0x006ae3cc
                                                                                                                              0x006ae3ce
                                                                                                                              0x006ae3d4
                                                                                                                              0x006ae621
                                                                                                                              0x006ae621
                                                                                                                              0x006ae621
                                                                                                                              0x006ae3dc
                                                                                                                              0x006ae3e6
                                                                                                                              0x006ae3e8
                                                                                                                              0x006ae3f0
                                                                                                                              0x006ae3f2
                                                                                                                              0x006ae3f7
                                                                                                                              0x006ae3fc
                                                                                                                              0x006ae3fc
                                                                                                                              0x006ae3ff
                                                                                                                              0x006ae413
                                                                                                                              0x006ae427
                                                                                                                              0x006ae42c
                                                                                                                              0x006ae437
                                                                                                                              0x006ae43d
                                                                                                                              0x006ae449
                                                                                                                              0x006ae44f
                                                                                                                              0x006ae45e
                                                                                                                              0x006ae484
                                                                                                                              0x006ae489
                                                                                                                              0x006ae489
                                                                                                                              0x006ae497
                                                                                                                              0x006ae4ad
                                                                                                                              0x006ae4b3
                                                                                                                              0x006ae499
                                                                                                                              0x006ae4a1
                                                                                                                              0x006ae4a1
                                                                                                                              0x006ae4bc
                                                                                                                              0x006ae4d2
                                                                                                                              0x006ae4d8
                                                                                                                              0x006ae4be
                                                                                                                              0x006ae4c6
                                                                                                                              0x006ae4c6
                                                                                                                              0x006ae4dd
                                                                                                                              0x006ae4e1
                                                                                                                              0x006ae4f7
                                                                                                                              0x006ae4fd
                                                                                                                              0x006ae4e3
                                                                                                                              0x006ae4eb
                                                                                                                              0x006ae4eb
                                                                                                                              0x006ae509
                                                                                                                              0x006ae50e
                                                                                                                              0x006ae513
                                                                                                                              0x006ae522
                                                                                                                              0x006ae527
                                                                                                                              0x006ae52c
                                                                                                                              0x006ae53b
                                                                                                                              0x006ae540
                                                                                                                              0x006ae545
                                                                                                                              0x006ae554
                                                                                                                              0x006ae559
                                                                                                                              0x006ae55e
                                                                                                                              0x006ae56d
                                                                                                                              0x006ae572
                                                                                                                              0x006ae578
                                                                                                                              0x006ae57e
                                                                                                                              0x006ae585
                                                                                                                              0x006ae58a
                                                                                                                              0x006ae592
                                                                                                                              0x006ae595
                                                                                                                              0x006ae5fe
                                                                                                                              0x006ae605
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x006ae612
                                                                                                                              0x006ae618
                                                                                                                              0x00000000
                                                                                                                              0x006ae597
                                                                                                                              0x006ae597
                                                                                                                              0x006ae598
                                                                                                                              0x006ae59a
                                                                                                                              0x006ae59c
                                                                                                                              0x006ae5a6
                                                                                                                              0x006ae5ac
                                                                                                                              0x006ae5ae
                                                                                                                              0x006ae5ba
                                                                                                                              0x006ae5bd
                                                                                                                              0x006ae5c3
                                                                                                                              0x006ae5c9
                                                                                                                              0x006ae5b0
                                                                                                                              0x006ae5b0
                                                                                                                              0x006ae5b2
                                                                                                                              0x006ae5d0
                                                                                                                              0x006ae5d3
                                                                                                                              0x006ae5d9
                                                                                                                              0x006ae5df
                                                                                                                              0x006ae5b4
                                                                                                                              0x006ae5b4
                                                                                                                              0x006ae5b6
                                                                                                                              0x006ae5e6
                                                                                                                              0x006ae5e9
                                                                                                                              0x006ae5ef
                                                                                                                              0x006ae5f5
                                                                                                                              0x006ae5f5
                                                                                                                              0x006ae5b6
                                                                                                                              0x006ae5b2
                                                                                                                              0x006ae5fa
                                                                                                                              0x006ae5fb
                                                                                                                              0x006ae5fb
                                                                                                                              0x00000000
                                                                                                                              0x006ae59a

                                                                                                                              APIs
                                                                                                                              • SendNotifyMessageW.USER32(000B03E2,00000496,00002711,-00000001), ref: 006AE618
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageNotifySend
                                                                                                                              • String ID: (\m$MS PGothic
                                                                                                                              • API String ID: 3556456075-219475269
                                                                                                                              • Opcode ID: 2500a480fbb503b296a3365eb03bbe38222c632a9ea8e700226d7071bd3521c7
                                                                                                                              • Instruction ID: c4b29eded5dd607060819086577383edb80d612be209ecb45f272f1b38c29540
                                                                                                                              • Opcode Fuzzy Hash: 2500a480fbb503b296a3365eb03bbe38222c632a9ea8e700226d7071bd3521c7
                                                                                                                              • Instruction Fuzzy Hash: 295150347011448BC700FF69D88AE5A77E3EB9A308B54557AF4049F366CA7AEC42CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060D530 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E0060D530(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x60d629);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E005C75E4( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E0060D294(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E0040B278(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E005CD508(0x3d,  &_v32, _v8);
						_v28 = _v32;
						E0042302C( &_v36, _t54, 0);
						_v24 = _v36;
						E005C857C(_t54,  &_v40);
						_v20 = _v40;
						E005CD4D8(0x81, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E00429008(_v16, 1);
						E004098C4();
					}
				}
				E0040A5A8(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E0060D630);
				E0040A228( &_v40, 3);
				return E0040A228( &_v16, 3);
			}


















                                                                                                                              0x0060d530
                                                                                                                              0x0060d530
                                                                                                                              0x0060d531
                                                                                                                              0x0060d533
                                                                                                                              0x0060d538
                                                                                                                              0x0060d538
                                                                                                                              0x0060d53a
                                                                                                                              0x0060d53c
                                                                                                                              0x0060d53c
                                                                                                                              0x0060d53f
                                                                                                                              0x0060d540
                                                                                                                              0x0060d542
                                                                                                                              0x0060d544
                                                                                                                              0x0060d546
                                                                                                                              0x0060d547
                                                                                                                              0x0060d54c
                                                                                                                              0x0060d54f
                                                                                                                              0x0060d552
                                                                                                                              0x0060d559
                                                                                                                              0x0060d561
                                                                                                                              0x0060d568
                                                                                                                              0x0060d578
                                                                                                                              0x0060d57f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0060d586
                                                                                                                              0x0060d588
                                                                                                                              0x0060d58e
                                                                                                                              0x0060d59e
                                                                                                                              0x0060d5a6
                                                                                                                              0x0060d5b2
                                                                                                                              0x0060d5ba
                                                                                                                              0x0060d5c2
                                                                                                                              0x0060d5ca
                                                                                                                              0x0060d5d9
                                                                                                                              0x0060d5de
                                                                                                                              0x0060d5e8
                                                                                                                              0x0060d5ed
                                                                                                                              0x0060d5ed
                                                                                                                              0x0060d58e
                                                                                                                              0x0060d5fc
                                                                                                                              0x0060d601
                                                                                                                              0x0060d603
                                                                                                                              0x0060d606
                                                                                                                              0x0060d609
                                                                                                                              0x0060d616
                                                                                                                              0x0060d628

                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,0060D629,?,006D579C,?,00000003,00000000,00000000,?,006AC8F3,00000000,006ACA22), ref: 0060D578
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?,00000000,0060D629,?,006D579C,?,00000003,00000000,00000000,?,006AC8F3,00000000,006ACA22), ref: 0060D581
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                              • String ID: .tmp
                                                                                                                              • API String ID: 1375471231-2986845003
                                                                                                                              • Opcode ID: 700c33376fecb8bc38bd3f13de197efb40e320337efdb4074975c7bffee76c3c
                                                                                                                              • Instruction ID: 90e89e80a8d15c693f6baa1c53929b57ef88e13b94ce627ec608a80cc6a9e7e5
                                                                                                                              • Opcode Fuzzy Hash: 700c33376fecb8bc38bd3f13de197efb40e320337efdb4074975c7bffee76c3c
                                                                                                                              • Instruction Fuzzy Hash: F4219975A502089FDB05EBE4CC51EEEB7B9EB88304F10457AF901F3381DA75AE058B64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060F338 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E0060F338(void* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, void* _a8, intOrPtr _a12, signed char _a16, char _a20) {
				intOrPtr _v8;
				struct _SHELLEXECUTEINFOW _v68;
				void* _t52;
				intOrPtr _t61;
				void* _t65;
				intOrPtr* _t67;
				void* _t70;

				_v8 = __ecx;
				_t65 = __edx;
				_t52 = __eax;
				_t67 = _a4;
				E0040A2AC(_a20);
				_push(_t70);
				_push(0x60f41c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70 + 0xffffffc0;
				if(_a20 == 0) {
					E005C5378(_t65, __ecx,  &_a20);
					if(_a20 == 0) {
						E005C745C( &_a20);
					}
				}
				E00407760( &_v68, 0x3c);
				_v68.cbSize = 0x3c;
				_v68.fMask = 0x540;
				if(_t52 != 0) {
					_v68.lpVerb = E0040B278(_t52);
				}
				_v68.lpFile = E0040B278(_t65);
				_v68.lpParameters = E0040B278(_v8);
				_v68.lpDirectory = E0040B278(_a20);
				_v68.nShow = _a12;
				ShellExecuteExW( &_v68); // executed
				asm("sbb ebx, ebx");
				_t53 = _t52 + 1;
				if(_t52 + 1 != 0) {
					 *_t67 = 0x103;
					_t39 = _v68.hProcess;
					if(_v68.hProcess != 0) {
						E0060EFD8(_t39, _t53, _a16 & 0x000000ff, _t65, _t67, _t67); // executed
					}
				} else {
					 *_t67 = GetLastError();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0060F423);
				return E0040A1C8( &_a20);
			}










                                                                                                                              0x0060f341
                                                                                                                              0x0060f344
                                                                                                                              0x0060f346
                                                                                                                              0x0060f348
                                                                                                                              0x0060f34e
                                                                                                                              0x0060f355
                                                                                                                              0x0060f356
                                                                                                                              0x0060f35b
                                                                                                                              0x0060f35e
                                                                                                                              0x0060f365
                                                                                                                              0x0060f36c
                                                                                                                              0x0060f375
                                                                                                                              0x0060f37a
                                                                                                                              0x0060f37a
                                                                                                                              0x0060f375
                                                                                                                              0x0060f389
                                                                                                                              0x0060f38e
                                                                                                                              0x0060f395
                                                                                                                              0x0060f39e
                                                                                                                              0x0060f3a7
                                                                                                                              0x0060f3a7
                                                                                                                              0x0060f3b1
                                                                                                                              0x0060f3bc
                                                                                                                              0x0060f3c7
                                                                                                                              0x0060f3cd
                                                                                                                              0x0060f3d4
                                                                                                                              0x0060f3dc
                                                                                                                              0x0060f3de
                                                                                                                              0x0060f3e1
                                                                                                                              0x0060f3ec
                                                                                                                              0x0060f3f2
                                                                                                                              0x0060f3f7
                                                                                                                              0x0060f401
                                                                                                                              0x0060f401
                                                                                                                              0x0060f3e3
                                                                                                                              0x0060f3e8
                                                                                                                              0x0060f3e8
                                                                                                                              0x0060f408
                                                                                                                              0x0060f40b
                                                                                                                              0x0060f40e
                                                                                                                              0x0060f41b

                                                                                                                              APIs
                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 0060F3D4
                                                                                                                              • GetLastError.KERNEL32(00000000,0060F41C,?,?,?,00000001), ref: 0060F3E3
                                                                                                                                • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                                                              • String ID: <
                                                                                                                              • API String ID: 893404051-4251816714
                                                                                                                              • Opcode ID: f8c06f0fd5ec12499d2546462358be1630a5d3ac077188efd353605c38ea70c3
                                                                                                                              • Instruction ID: dcf8102ceadd4487f49ba87b12be971fda6b0883f73445cbcbdd13ac2b4765a0
                                                                                                                              • Opcode Fuzzy Hash: f8c06f0fd5ec12499d2546462358be1630a5d3ac077188efd353605c38ea70c3
                                                                                                                              • Instruction Fuzzy Hash: 6C216D70A40209DFDB24EFA5C885ADE7BE9EF58394F50003AF800E7691E77899518B98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006ACB10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 70%
                                                                                                                              			E006ACB10(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char* _t12;
				long _t13;
				void* _t15;
				void* _t22;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t29;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_t22 = __ebx;
				_push(0);
				_push(_t35);
				_push(0x6acba2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				E006255B8(0);
				E006255A4(0);
				if( *0x6d6530 != 0) {
					_t12 =  *0x6cdfdc; // 0x6d62e4
					if( *_t12 != 0) {
						E0061583C(0);
					}
					_t13 = GetTickCount();
					_t29 =  *0x6d6530; // 0x0
					_t15 = E0060DCC8(0, _t22, 1, _t29, _t13, E006ACABC, 0, 0, 1, 1); // executed
					if(_t15 == 0) {
						_t26 =  *0x6d6530; // 0x0
						E0040B4C8( &_v8, _t26, L"Failed to remove temporary directory: ");
						E00616130(_v8, _t22, _t31, _t32);
					}
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E006ACBA9);
				return E0040A1C8( &_v8);
			}














                                                                                                                              0x006acb10
                                                                                                                              0x006acb10
                                                                                                                              0x006acb10
                                                                                                                              0x006acb13
                                                                                                                              0x006acb17
                                                                                                                              0x006acb18
                                                                                                                              0x006acb1d
                                                                                                                              0x006acb20
                                                                                                                              0x006acb25
                                                                                                                              0x006acb2c
                                                                                                                              0x006acb38
                                                                                                                              0x006acb3a
                                                                                                                              0x006acb42
                                                                                                                              0x006acb46
                                                                                                                              0x006acb46
                                                                                                                              0x006acb58
                                                                                                                              0x006acb60
                                                                                                                              0x006acb68
                                                                                                                              0x006acb6f
                                                                                                                              0x006acb74
                                                                                                                              0x006acb7f
                                                                                                                              0x006acb87
                                                                                                                              0x006acb87
                                                                                                                              0x006acb6f
                                                                                                                              0x006acb8e
                                                                                                                              0x006acb91
                                                                                                                              0x006acb94
                                                                                                                              0x006acba1

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountTick
                                                                                                                              • String ID: Failed to remove temporary directory: $bm
                                                                                                                              • API String ID: 536389180-2673898769
                                                                                                                              • Opcode ID: bfd70c40cb1ad8d181033c251dcb3b43325d86ef4477ff23258a823bd8f54122
                                                                                                                              • Instruction ID: 78e05ed3d0f448852bd59dbbb99a4cbd83d81d15065c7e17e95d6b7c04c680f0
                                                                                                                              • Opcode Fuzzy Hash: bfd70c40cb1ad8d181033c251dcb3b43325d86ef4477ff23258a823bd8f54122
                                                                                                                              • Instruction Fuzzy Hash: 9401D430610704AAD751FB75EC47F9A73979B46B10F51046AF500A72D2D7769C40CA28
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006AC180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E006AC180() {
				void* _v8;
				void* __ecx;
				void* _t9;
				long _t15;
				void* _t16;

				if( *0x6d67dd == 0) {
					_t16 = 0;
				} else {
					_t16 = 2;
				}
				_t9 = E005C7A14(_t16,  *((intOrPtr*)(0x6cd7ec + ( *0x6d67dc & 0x000000ff) * 4)), 0x80000002,  &_v8, 1, 0); // executed
				if(_t9 == 0) {
					E005C793C();
					E005C793C();
					_t15 = RegCloseKey(_v8); // executed
					return _t15;
				}
				return _t9;
			}








                                                                                                                              0x006ac18c
                                                                                                                              0x006ac192
                                                                                                                              0x006ac18e
                                                                                                                              0x006ac18e
                                                                                                                              0x006ac18e
                                                                                                                              0x006ac1b1
                                                                                                                              0x006ac1b8
                                                                                                                              0x006ac1c7
                                                                                                                              0x006ac1d9
                                                                                                                              0x006ac1e2
                                                                                                                              0x00000000
                                                                                                                              0x006ac1e2
                                                                                                                              0x006ac1ea

                                                                                                                              APIs
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,006AC56B,00000000,006AC586,?,00000000,00000000,?,006B7B68,00000006), ref: 006AC1E2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close
                                                                                                                              • String ID: RegisteredOrganization$RegisteredOwner
                                                                                                                              • API String ID: 3535843008-1113070880
                                                                                                                              • Opcode ID: bd898d473dd1f21ff1d6f1f73f3955f0af61235c1559c7df92e3e59f0577a32c
                                                                                                                              • Instruction ID: ca4fc0b31771868649da923643cba903dbb3fbd6f1f7080981924f9495942079
                                                                                                                              • Opcode Fuzzy Hash: bd898d473dd1f21ff1d6f1f73f3955f0af61235c1559c7df92e3e59f0577a32c
                                                                                                                              • Instruction Fuzzy Hash: E8F09030744108AFE700EAD4DC56BAA7B9FE787714F60106AF1008BB82C630AE00CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040952E Relevance: 4.6, APIs: 3, Instructions: 83COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E0040952E(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				struct _EXCEPTION_RECORD* _t22;
				intOrPtr* _t25;
				long _t28;
				long _t30;
				long _t31;
				long _t32;
				void* _t33;
				void* _t38;
				long _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t50;

				_t48 = __ebp;
				_t47 = __esi;
				_t45 = __edi;
				_t33 = __ebx;
				_t22 = _a4.ExceptionRecord;
				if((_t22->ExceptionFlags & 0x00000006) == 0) {
					_t41 = _t22->ExceptionInformation[1];
					_t38 = _t22->ExceptionInformation;
					if(_t22->ExceptionCode == 0xeedfade) {
						L11:
						if( *0x6c5035 <= 1 ||  *0x6c5034 > 0) {
							goto L14;
						}
						_t28 = UnhandledExceptionFilter( &_a4);
						_t38 = _t38;
						_t41 = _t41;
						_t22 = _t22;
						if(_t28 != 0) {
							goto L14;
						}
					} else {
						asm("cld");
						E00408328(_t22);
						_t43 =  *0x6cf018; // 0x0
						if(_t43 != 0) {
							_t30 =  *_t43();
							if(_t30 != 0) {
								_t44 = _a12;
								if(_a4.ExceptionRecord->ExceptionCode == 0xeefface) {
									L10:
									_t41 = _t30;
									_t22 = _a4.ExceptionRecord;
									_t38 = _t22->ExceptionAddress;
									goto L11;
								} else {
									_t30 = E00409448(_t30, _t44, __edi);
									if( *0x6c5035 <= 0 ||  *0x6c5034 > 0) {
										goto L10;
									} else {
										_t31 = UnhandledExceptionFilter( &_a4);
										_t32 = _t30;
										if(_t31 != 0) {
											_t41 = _t32;
											_t22 = _a4.ExceptionRecord;
											_t38 = _t22->ExceptionAddress;
											L14:
											_t22->ExceptionFlags = _t22->ExceptionFlags | 0x00000002;
											 *0x6cf020(_a8, "true", _t22, 0, _t38, _t41, _t22,  *[fs:ebx], _t48, _t45, _t47, _t33); // executed
											_t46 = _v8;
											_t25 = E0041063C();
											_push( *_t25);
											 *_t25 = _t50;
											 *((intOrPtr*)(_v8 + 4)) = E00409634;
											E00409498(_t25,  *((intOrPtr*)(_t46 + 4)) + 5, _t47);
											goto __ebx;
										}
									}
								}
							}
						}
					}
				}
				return 1;
			}



















                                                                                                                              0x0040952e
                                                                                                                              0x0040952e
                                                                                                                              0x0040952e
                                                                                                                              0x0040952e
                                                                                                                              0x00409530
                                                                                                                              0x0040953b
                                                                                                                              0x00409547
                                                                                                                              0x0040954a
                                                                                                                              0x0040954d
                                                                                                                              0x004095bd
                                                                                                                              0x004095c4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004095d7
                                                                                                                              0x004095df
                                                                                                                              0x004095e0
                                                                                                                              0x004095e1
                                                                                                                              0x004095e2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040954f
                                                                                                                              0x0040954f
                                                                                                                              0x00409550
                                                                                                                              0x00409555
                                                                                                                              0x0040955d
                                                                                                                              0x00409563
                                                                                                                              0x00409567
                                                                                                                              0x0040956d
                                                                                                                              0x0040957b
                                                                                                                              0x004095b4
                                                                                                                              0x004095b4
                                                                                                                              0x004095b6
                                                                                                                              0x004095ba
                                                                                                                              0x00000000
                                                                                                                              0x0040957d
                                                                                                                              0x0040957d
                                                                                                                              0x00409589
                                                                                                                              0x00000000
                                                                                                                              0x00409594
                                                                                                                              0x0040959a
                                                                                                                              0x004095a2
                                                                                                                              0x004095a3
                                                                                                                              0x004095a9
                                                                                                                              0x004095ab
                                                                                                                              0x004095af
                                                                                                                              0x004095e4
                                                                                                                              0x004095e4
                                                                                                                              0x00409602
                                                                                                                              0x00409608
                                                                                                                              0x0040960c
                                                                                                                              0x00409611
                                                                                                                              0x00409617
                                                                                                                              0x00409623
                                                                                                                              0x0040962d
                                                                                                                              0x00409632
                                                                                                                              0x00409632
                                                                                                                              0x004095a3
                                                                                                                              0x00409589
                                                                                                                              0x0040957b
                                                                                                                              0x00409567
                                                                                                                              0x0040955d
                                                                                                                              0x0040954d
                                                                                                                              0x00409659

                                                                                                                              APIs
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 0040959A
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,Function_00009530), ref: 004095D7
                                                                                                                              • RtlUnwind.KERNEL32(?,?,Function_00009530,00000000,?,?,Function_00009530,?), ref: 00409602
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled$Unwind
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1141220122-0
                                                                                                                              • Opcode ID: 10adfa0cc2659dd66b4bdc3dd275d95b606efc8875210184098051ace2cc0050
                                                                                                                              • Instruction ID: e545f85d7011ee45bc6c766d7eccadc728dc4c1814e3ea314169116c21f0ec9d
                                                                                                                              • Opcode Fuzzy Hash: 10adfa0cc2659dd66b4bdc3dd275d95b606efc8875210184098051ace2cc0050
                                                                                                                              • Instruction Fuzzy Hash: 8C3180B1604200AFD720DB15CC84F67B7E5EB84714F14896AF408972A3CB39EC84CB69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0045DCD4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E0045DCD4(void* __eax, struct HINSTANCE__* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				intOrPtr _t15;
				struct HINSTANCE__* _t20;
				intOrPtr* _t22;
				intOrPtr _t30;
				void* _t32;
				intOrPtr* _t35;
				intOrPtr _t38;
				intOrPtr _t40;

				_t38 = _t40;
				_push(_t22);
				_t35 = _t22;
				_t20 = __edx;
				_t32 = __eax;
				if(__edx == 0) {
					_t20 =  *0x6d2634;
				}
				_t10 = FindResourceW(_t20, E0040B278(_t32), 0xa) & 0xffffff00 | _t9 != 0x00000000;
				_t43 = _t10;
				if(_t10 == 0) {
					return _t10;
				} else {
					_v8 = E0046A120(_t20, 1, 0xa, _t32);
					_push(_t38);
					_push(0x45dd48);
					_push( *[fs:eax]);
					 *[fs:eax] = _t40;
					_t15 = E0046970C(_v8, _t20,  *_t35, _t32, _t35, _t43); // executed
					 *_t35 = _t15;
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(E0045DD4F);
					return E00408444(_v8);
				}
			}


















                                                                                                                              0x0045dcd5
                                                                                                                              0x0045dcd7
                                                                                                                              0x0045dcdb
                                                                                                                              0x0045dcdd
                                                                                                                              0x0045dcdf
                                                                                                                              0x0045dce3
                                                                                                                              0x0045dce5
                                                                                                                              0x0045dce5
                                                                                                                              0x0045dcfd
                                                                                                                              0x0045dd00
                                                                                                                              0x0045dd02
                                                                                                                              0x0045dd56
                                                                                                                              0x0045dd04
                                                                                                                              0x0045dd15
                                                                                                                              0x0045dd1a
                                                                                                                              0x0045dd1b
                                                                                                                              0x0045dd20
                                                                                                                              0x0045dd23
                                                                                                                              0x0045dd2b
                                                                                                                              0x0045dd30
                                                                                                                              0x0045dd34
                                                                                                                              0x0045dd37
                                                                                                                              0x0045dd3a
                                                                                                                              0x0045dd47
                                                                                                                              0x0045dd47

                                                                                                                              APIs
                                                                                                                              • FindResourceW.KERNEL32(00000000,00000000,0000000A,?,?,00000000,00000000,?,00464898,00000000,004648B0,?,0000FFA2,00000000,00000000), ref: 0045DCF6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FindResource
                                                                                                                              • String ID: PJD
                                                                                                                              • API String ID: 1635176832-3906655652
                                                                                                                              • Opcode ID: a8616691fbc2da826dea9b93831b71930a3867dd4cb04563159d19eacc59c7aa
                                                                                                                              • Instruction ID: 9e9cb69db72ad1d60b1701949aaf6aea8306ac3adf786de72eece40cda775536
                                                                                                                              • Opcode Fuzzy Hash: a8616691fbc2da826dea9b93831b71930a3867dd4cb04563159d19eacc59c7aa
                                                                                                                              • Instruction Fuzzy Hash: 9601F771700300ABD711DF66EC9292AB7ADEB85715B11007EF90097251EA79DC059668
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00414DA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00414DA0(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00407404();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E004073F4(_t13);
				return _t24;
			}








                                                                                                                              0x00414da7
                                                                                                                              0x00414dac
                                                                                                                              0x00414dae
                                                                                                                              0x00414ddf
                                                                                                                              0x00414de8
                                                                                                                              0x00414df4

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateWindow
                                                                                                                              • String ID: TWindowDisabler-Window
                                                                                                                              • API String ID: 716092398-1824977358
                                                                                                                              • Opcode ID: b8b775b51f73ca30bac71de3a5aa2dd226752c973776daaf732847dd1bb66243
                                                                                                                              • Instruction ID: a9fb6cbc93b7d8fca137cee03195aa1e05eb631c50c99d8148995e53eb0ae486
                                                                                                                              • Opcode Fuzzy Hash: b8b775b51f73ca30bac71de3a5aa2dd226752c973776daaf732847dd1bb66243
                                                                                                                              • Instruction Fuzzy Hash: 7BF092B2604158BF9B80DE9DDC81EDB77ECEB4D2A4B05416AFA0CE3201D634ED118BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006AC0D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E006AC0D0(void* __eax, void* __edx, void* __eflags) {
				void* _v8;
				void* __ecx;
				void* _t7;
				void* _t17;
				void* _t24;

				_t24 = _t17;
				_t7 = E005C7A14(__eax, L"Software\\Microsoft\\Windows\\CurrentVersion", 0x80000002,  &_v8, 1, 0); // executed
				if(_t7 != 0) {
					return E0040A1C8(_t24);
				}
				if(E005C793C() == 0) {
					E0040A1C8(_t24);
				}
				return RegCloseKey(_v8);
			}








                                                                                                                              0x006ac0d7
                                                                                                                              0x006ac0f1
                                                                                                                              0x006ac0f8
                                                                                                                              0x00000000
                                                                                                                              0x006ac11e
                                                                                                                              0x006ac108
                                                                                                                              0x006ac10c
                                                                                                                              0x006ac10c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005C7A14: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,006B813A,?,006AC32E,00000000,006AC586,?,00000000,00000000), ref: 006AC115
                                                                                                                              Strings
                                                                                                                              • Software\Microsoft\Windows\CurrentVersion, xrefs: 006AC0E7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpen
                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                                                                              • API String ID: 47109696-1019749484
                                                                                                                              • Opcode ID: d229eceb27129c019e3bbbd4ff4b76b51703ff84893012891c3f6baec18ca04a
                                                                                                                              • Instruction ID: 9fe961e3a0f1dd2c49f778430c2599f74e8698f8579e7211867226b13b49c2b0
                                                                                                                              • Opcode Fuzzy Hash: d229eceb27129c019e3bbbd4ff4b76b51703ff84893012891c3f6baec18ca04a
                                                                                                                              • Instruction Fuzzy Hash: 8FF082317042186BEA04B69E6C52BAEA69D9B86764F60007EF608D7283D9A49E0107A9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C7A14 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E005C7A14(void* __eax, short* __ecx, void* __edx, void** _a4, int _a8, int _a12) {
				long _t7;
				short* _t8;
				void* _t9;
				int _t10;

				_t9 = __edx;
				_t8 = __ecx;
				_t10 = _a8;
				if(__eax == 2) {
					_t10 = _t10 | 0x00000100;
				}
				_t7 = RegOpenKeyExW(_t9, _t8, _a12, _t10, _a4); // executed
				return _t7;
			}







                                                                                                                              0x005c7a14
                                                                                                                              0x005c7a14
                                                                                                                              0x005c7a18
                                                                                                                              0x005c7a1d
                                                                                                                              0x005c7a1f
                                                                                                                              0x005c7a1f
                                                                                                                              0x005c7a30
                                                                                                                              0x005c7a37

                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                                                                              Strings
                                                                                                                              • Control Panel\Desktop\ResourceLocale, xrefs: 005C7A2E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Open
                                                                                                                              • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                              • API String ID: 71445658-1109908249
                                                                                                                              • Opcode ID: 70164fc1d6b4e41ca9030a5e3a3f45ae5443899c1e2da83a1a4ff0aa131be92f
                                                                                                                              • Instruction ID: f7a531ddb9cdcc56bc9141aac83b8570c2bea4ceb2af7b348951fcc1ebd06380
                                                                                                                              • Opcode Fuzzy Hash: 70164fc1d6b4e41ca9030a5e3a3f45ae5443899c1e2da83a1a4ff0aa131be92f
                                                                                                                              • Instruction Fuzzy Hash: C3D0C97291022C7B9B009ED9DC41EFB7B9DEB19360F40845AFD0897100C2B4EDA18BF4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060DCC8 Relevance: 3.2, APIs: 2, Instructions: 192fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E0060DCC8(signed int __eax, void* __ebx, char __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int _a16, signed int _a20, char _a24) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v17;
				intOrPtr _v24;
				char _v25;
				signed int _v26;
				void* _v32;
				struct _WIN32_FIND_DATAW _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				signed char _t106;
				signed char _t108;
				void* _t114;
				int _t122;
				signed int _t127;
				signed char _t135;
				signed char _t139;
				void* _t155;
				signed int _t158;
				intOrPtr _t177;
				intOrPtr _t187;
				void* _t201;
				void* _t202;
				intOrPtr _t203;

				_t159 = __ecx;
				_t201 = _t202;
				_t203 = _t202 + 0xfffffd84;
				_push(__ebx);
				_v640 = 0;
				_v636 = 0;
				_v632 = 0;
				_v628 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v25 = __ecx;
				_v24 = __edx;
				_v17 = __eax;
				_push(_t201);
				_push(0x60df66);
				_push( *[fs:eax]);
				 *[fs:eax] = _t203;
				_v26 = 1;
				if(_a24 == 0) {
					L26:
					__eflags = _a16 & 0x000000ff ^ 0x00000001 | _v26;
					if((_a16 & 0x000000ff ^ 0x00000001 | _v26) != 0) {
						__eflags = _v25;
						if(_v25 != 0) {
							__eflags = _a12;
							if(__eflags == 0) {
								_t106 = E0060C664(_v17 & 0x000000ff, _v24, __eflags); // executed
								__eflags = _t106;
								if(_t106 == 0) {
									_v26 = 0;
								}
							} else {
								_t108 = _a12();
								__eflags = _t108;
								if(_t108 == 0) {
									_v26 = 0;
								}
							}
						}
					}
					__eflags = 0;
					_pop(_t177);
					 *[fs:eax] = _t177;
					_push(E0060DF6D);
					E0040A228( &_v640, 4);
					return E0040A228( &_v16, 3);
				} else {
					_t205 = _v25;
					if(_v25 == 0) {
						L3:
						_t207 = _v25;
						if(_v25 == 0) {
							E005C5428(_v24, _t159,  &_v8);
							E0040A5F0( &_v12, _v24);
						} else {
							E005C4EA4(_v24,  &_v8);
							E0040B4C8( &_v12, 0x60df84, _v8);
						}
						_t114 = E0060C2B0(_v17 & 0x000000ff,  &_v624, _v12, _t207); // executed
						_v32 = _t114;
						if(_v32 == 0xffffffff) {
							goto L26;
						} else {
							_push(_t201);
							_push(0x60def2);
							_push( *[fs:eax]);
							 *[fs:eax] = _t203;
							do {
								E0040B318( &_v16, 0x104,  &(_v624.cFileName));
								E0040B660(_v16, 0x60df94);
								if(0 != 0) {
									_t127 = E0040B660(_v16, 0x60dfa4);
									if(0 != 0) {
										_t158 = _v624.dwFileAttributes;
										if((_t158 & 0x00000001) != 0 && (_t127 & 0xffffff00 | (_t158 & 0x00000010) == 0x00000000 | _a20) != 0) {
											E0040B4C8( &_v628, _v16, _v8);
											E0060C6DC(_v17 & 0x000000ff, _t158 & 0xfffffffe, _v628, _t158 & 0xfffffffe);
										}
										if((_v624.dwFileAttributes & 0x00000010) != 0) {
											__eflags = _a20;
											if(_a20 != 0) {
												E0040B4C8( &_v640, _v16, _v8);
												_t135 = E0060DCC8(_v17 & 0x000000ff, _t158, 1, _v640, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1); // executed
												__eflags = _t135;
												if(_t135 == 0) {
													_v26 = 0;
												}
											}
										} else {
											if(_a8 == 0) {
												E0040B4C8( &_v636, _v16, _v8);
												_t139 = E0060C158(_v17 & 0x000000ff, _v636, __eflags);
												__eflags = _t139;
												if(_t139 == 0) {
													_v26 = 0;
												}
											} else {
												E0040B4C8( &_v632, _v16, _v8);
												if(_a8() == 0) {
													_v26 = 0;
												}
											}
										}
									}
								}
								if(_a16 == 0 || _v26 != 0) {
									goto L24;
								}
								break;
								L24:
								_t122 = FindNextFileW(_v32,  &_v624); // executed
							} while (_t122 != 0);
							_pop(_t187);
							 *[fs:eax] = _t187;
							_push(E0060DEF9);
							return FindClose(_v32);
						}
					} else {
						_t155 = E0060C474(_v17 & 0x000000ff, _v24, _t205); // executed
						if(_t155 == 0) {
							goto L26;
						} else {
							goto L3;
						}
					}
				}
			}






























                                                                                                                              0x0060dcc8
                                                                                                                              0x0060dcc9
                                                                                                                              0x0060dccb
                                                                                                                              0x0060dcd1
                                                                                                                              0x0060dcd4
                                                                                                                              0x0060dcda
                                                                                                                              0x0060dce0
                                                                                                                              0x0060dce6
                                                                                                                              0x0060dcec
                                                                                                                              0x0060dcef
                                                                                                                              0x0060dcf2
                                                                                                                              0x0060dcf5
                                                                                                                              0x0060dcf8
                                                                                                                              0x0060dcfb
                                                                                                                              0x0060dd00
                                                                                                                              0x0060dd01
                                                                                                                              0x0060dd06
                                                                                                                              0x0060dd09
                                                                                                                              0x0060dd0c
                                                                                                                              0x0060dd14
                                                                                                                              0x0060def9
                                                                                                                              0x0060deff
                                                                                                                              0x0060df02
                                                                                                                              0x0060df04
                                                                                                                              0x0060df08
                                                                                                                              0x0060df0a
                                                                                                                              0x0060df0e
                                                                                                                              0x0060df2e
                                                                                                                              0x0060df33
                                                                                                                              0x0060df35
                                                                                                                              0x0060df37
                                                                                                                              0x0060df37
                                                                                                                              0x0060df10
                                                                                                                              0x0060df1a
                                                                                                                              0x0060df1d
                                                                                                                              0x0060df1f
                                                                                                                              0x0060df21
                                                                                                                              0x0060df21
                                                                                                                              0x0060df1f
                                                                                                                              0x0060df0e
                                                                                                                              0x0060df08
                                                                                                                              0x0060df3b
                                                                                                                              0x0060df3d
                                                                                                                              0x0060df40
                                                                                                                              0x0060df43
                                                                                                                              0x0060df53
                                                                                                                              0x0060df65
                                                                                                                              0x0060dd1a
                                                                                                                              0x0060dd1a
                                                                                                                              0x0060dd1e
                                                                                                                              0x0060dd34
                                                                                                                              0x0060dd34
                                                                                                                              0x0060dd38
                                                                                                                              0x0060dd5d
                                                                                                                              0x0060dd68
                                                                                                                              0x0060dd3a
                                                                                                                              0x0060dd40
                                                                                                                              0x0060dd50
                                                                                                                              0x0060dd50
                                                                                                                              0x0060dd7a
                                                                                                                              0x0060dd7f
                                                                                                                              0x0060dd86
                                                                                                                              0x00000000
                                                                                                                              0x0060dd8c
                                                                                                                              0x0060dd8e
                                                                                                                              0x0060dd8f
                                                                                                                              0x0060dd94
                                                                                                                              0x0060dd97
                                                                                                                              0x0060dd9a
                                                                                                                              0x0060dda8
                                                                                                                              0x0060ddb5
                                                                                                                              0x0060ddba
                                                                                                                              0x0060ddc8
                                                                                                                              0x0060ddcd
                                                                                                                              0x0060ddd3
                                                                                                                              0x0060dddc
                                                                                                                              0x0060ddf5
                                                                                                                              0x0060de09
                                                                                                                              0x0060de09
                                                                                                                              0x0060de15
                                                                                                                              0x0060de72
                                                                                                                              0x0060de76
                                                                                                                              0x0060de99
                                                                                                                              0x0060deaa
                                                                                                                              0x0060deaf
                                                                                                                              0x0060deb1
                                                                                                                              0x0060deb3
                                                                                                                              0x0060deb3
                                                                                                                              0x0060deb1
                                                                                                                              0x0060de17
                                                                                                                              0x0060de1b
                                                                                                                              0x0060de54
                                                                                                                              0x0060de63
                                                                                                                              0x0060de68
                                                                                                                              0x0060de6a
                                                                                                                              0x0060de6c
                                                                                                                              0x0060de6c
                                                                                                                              0x0060de1d
                                                                                                                              0x0060de29
                                                                                                                              0x0060de40
                                                                                                                              0x0060de42
                                                                                                                              0x0060de42
                                                                                                                              0x0060de40
                                                                                                                              0x0060de1b
                                                                                                                              0x0060de15
                                                                                                                              0x0060ddcd
                                                                                                                              0x0060debb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0060dec3
                                                                                                                              0x0060dece
                                                                                                                              0x0060ded3
                                                                                                                              0x0060dedd
                                                                                                                              0x0060dee0
                                                                                                                              0x0060dee3
                                                                                                                              0x0060def1
                                                                                                                              0x0060def1
                                                                                                                              0x0060dd20
                                                                                                                              0x0060dd27
                                                                                                                              0x0060dd2e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0060dd2e
                                                                                                                              0x0060dd1e

                                                                                                                              APIs
                                                                                                                              • FindNextFileW.KERNEL32(000000FF,?,00000000,0060DEF2,?,00000000,0060DF66,?,?,?,006ACB6D,00000000,006ACABC,00000000,00000000,00000001), ref: 0060DECE
                                                                                                                              • FindClose.KERNEL32(000000FF,0060DEF9,0060DEF2,?,00000000,0060DF66,?,?,?,006ACB6D,00000000,006ACABC,00000000,00000000,00000001,00000001), ref: 0060DEEC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseFileNext
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2066263336-0
                                                                                                                              • Opcode ID: 4925fb02580f23e68c4b72b511463b6fd5631979ef7b1eae30a24794829dff09
                                                                                                                              • Instruction ID: 99f5a77a41558a3604df8ac4250e6fc047523390e4335a570d25b15aca54e13b
                                                                                                                              • Opcode Fuzzy Hash: 4925fb02580f23e68c4b72b511463b6fd5631979ef7b1eae30a24794829dff09
                                                                                                                              • Instruction Fuzzy Hash: CD81B0309442899EDF15DFA5C845BEFBBB6AF45304F1482AAE844673C1C7349F45CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C77F4 Relevance: 3.1, APIs: 2, Instructions: 112registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E005C77F4(void* __eax, void* __ebx, intOrPtr __ecx, short* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				short* _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				long _t46;
				signed int _t58;
				char _t66;
				intOrPtr _t82;
				void* _t87;
				signed int _t93;
				void* _t96;

				_v8 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_t87 = __eax;
				_push(_t96);
				_push(0x5c792a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t96 + 0xffffffec;
				while(1) {
					_v24 = 0;
					_t46 = RegQueryValueExW(_t87, _v12, 0,  &_v20, 0,  &_v24); // executed
					if(_t46 != 0 || _v20 != _a8 && _v20 != _a4) {
						break;
					}
					if(_v24 != 0) {
						__eflags = _v24 - 0x70000000;
						if(__eflags >= 0) {
							E00428FFC();
						}
						_t80 = _v24 + 1 >> 1;
						E0040A350( &_v8, _v24 + 1 >> 1, 0, __eflags);
						_t58 = RegQueryValueExW(_t87, _v12, 0,  &_v20, E0040A774( &_v8),  &_v24); // executed
						__eflags = _t58 - 0xea;
						if(_t58 == 0xea) {
							continue;
						} else {
							__eflags = _t58;
							if(_t58 != 0) {
								break;
							}
							__eflags = _v20 - _a8;
							if(_v20 == _a8) {
								L12:
								_t93 = _v24 >> 1;
								while(1) {
									__eflags = _t93;
									if(_t93 == 0) {
										break;
									}
									_t66 = _v8;
									__eflags =  *((short*)(_t66 + _t93 * 2 - 2));
									if( *((short*)(_t66 + _t93 * 2 - 2)) == 0) {
										_t93 = _t93 - 1;
										__eflags = _t93;
										continue;
									}
									break;
								}
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t93;
									if(_t93 != 0) {
										_t93 = _t93 + 1;
										__eflags = _t93;
									}
								}
								E0040B3F0( &_v8, _t80, _t93);
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t93;
									if(_t93 != 0) {
										(E0040A774( &_v8))[_t93 * 2 - 2] = 0;
									}
								}
								E0040A5A8(_v16, _v8);
								break;
							}
							__eflags = _v20 - _a4;
							if(_v20 != _a4) {
								break;
							}
							goto L12;
						}
					} else {
						E0040A1C8(_v16);
						break;
					}
				}
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E005C7931);
				return E0040A1C8( &_v8);
			}















                                                                                                                              0x005c77ff
                                                                                                                              0x005c7802
                                                                                                                              0x005c7805
                                                                                                                              0x005c7808
                                                                                                                              0x005c780c
                                                                                                                              0x005c780d
                                                                                                                              0x005c7812
                                                                                                                              0x005c7815
                                                                                                                              0x005c781a
                                                                                                                              0x005c781c
                                                                                                                              0x005c7830
                                                                                                                              0x005c7837
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x005c7855
                                                                                                                              0x005c7866
                                                                                                                              0x005c786d
                                                                                                                              0x005c786f
                                                                                                                              0x005c786f
                                                                                                                              0x005c787d
                                                                                                                              0x005c7881
                                                                                                                              0x005c789e
                                                                                                                              0x005c78a3
                                                                                                                              0x005c78a8
                                                                                                                              0x00000000
                                                                                                                              0x005c78ae
                                                                                                                              0x005c78ae
                                                                                                                              0x005c78b0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x005c78b5
                                                                                                                              0x005c78b8
                                                                                                                              0x005c78c2
                                                                                                                              0x005c78c5
                                                                                                                              0x005c78ca
                                                                                                                              0x005c78ca
                                                                                                                              0x005c78cc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x005c78ce
                                                                                                                              0x005c78d1
                                                                                                                              0x005c78d7
                                                                                                                              0x005c78c9
                                                                                                                              0x005c78c9
                                                                                                                              0x00000000
                                                                                                                              0x005c78c9
                                                                                                                              0x00000000
                                                                                                                              0x005c78d7
                                                                                                                              0x005c78d9
                                                                                                                              0x005c78dd
                                                                                                                              0x005c78df
                                                                                                                              0x005c78e1
                                                                                                                              0x005c78e3
                                                                                                                              0x005c78e3
                                                                                                                              0x005c78e3
                                                                                                                              0x005c78e1
                                                                                                                              0x005c78e9
                                                                                                                              0x005c78ee
                                                                                                                              0x005c78f2
                                                                                                                              0x005c78f4
                                                                                                                              0x005c78f6
                                                                                                                              0x005c7900
                                                                                                                              0x005c7900
                                                                                                                              0x005c78f6
                                                                                                                              0x005c790d
                                                                                                                              0x00000000
                                                                                                                              0x005c7912
                                                                                                                              0x005c78bd
                                                                                                                              0x005c78c0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x005c78c0
                                                                                                                              0x005c7857
                                                                                                                              0x005c785a
                                                                                                                              0x00000000
                                                                                                                              0x005c785f
                                                                                                                              0x005c7855
                                                                                                                              0x005c7916
                                                                                                                              0x005c7919
                                                                                                                              0x005c791c
                                                                                                                              0x005c7929

                                                                                                                              APIs
                                                                                                                              • RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,?,00000000,005C792A,?,006AE670,00000000), ref: 005C7830
                                                                                                                              • RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,70000000,00000001,?,00000000,00000000,00000000,?,00000000,005C792A,?,006AE670), ref: 005C789E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: QueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3660427363-0
                                                                                                                              • Opcode ID: 219030aa86ff9910a63d4c9807014d365cf926d69447e10331fae156c47b7636
                                                                                                                              • Instruction ID: 9b528eccc0d206dd4e001c403f359889162c2cb04d4ae21286424304afe4548d
                                                                                                                              • Opcode Fuzzy Hash: 219030aa86ff9910a63d4c9807014d365cf926d69447e10331fae156c47b7636
                                                                                                                              • Instruction Fuzzy Hash: 0D414731A0421DAFDB10DBD5C985EAEBBB8FB08700F50486AE915B7690D734AE04CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005D0A74 Relevance: 3.1, APIs: 2, Instructions: 107COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E005D0A74(intOrPtr* __eax, void* __eflags, void* __fp0) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t68;
				int _t72;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t94;
				void* _t102;
				intOrPtr _t103;
				intOrPtr _t111;
				void* _t113;
				int _t114;
				void* _t116;
				void* _t121;
				void* _t123;
				intOrPtr _t124;
				void* _t126;

				_t126 = __eflags;
				_t121 = _t123;
				_t124 = _t123 + 0xffffffe8;
				_push(_t89);
				_push(_t116);
				_push(_t113);
				_v8 = __eax;
				_t94 =  *0x6cdb9c; // 0x6d66b8
				_t2 = _t94 + 0x2c; // 0x8
				_t103 =  *0x6cdb9c; // 0x6d66b8
				_t3 = _t103 + 8; // 0x0
				E005CE198( *((intOrPtr*)(_v8 + 0x74)), _t89,  *_t2,  *_t3, _t113, _t116, __fp0, 8, 0); // executed
				E005CE26C( *((intOrPtr*)(_v8 + 0x74)), _t89, _v8 + 0x3d4, _v8 + 0x3d0, _t113, _t116, _t126); // executed
				if( *(_v8 + 0x3d0) != 6) {
					L2:
					_v12 = E005D10C4(0, 1, _t113);
					 *[fs:eax] = _t124;
					E005D0564(_v8, _v12);
					E005CE3FC(_v8, 6,  *(_v8 + 0x3d0), _t128, 0xd,  *(_v8 + 0x3d4));
					 *((intOrPtr*)( *_v8 + 0x70))( *[fs:eax], 0x5d0bae, _t121);
					_t114 = _v20;
					_t68 = MulDiv(_t114,  *(_v8 + 0x3d0), 6);
					_t72 = MulDiv(_v16,  *(_v8 + 0x3d4), 0xd);
					E005AE564(_v8);
					 *((intOrPtr*)( *_v8 + 0xc8))(E005AE584(_v8), _t72 +  *((intOrPtr*)(_v8 + 0x5c)) - _v16, _t68 +  *((intOrPtr*)(_v8 + 0x58)) - _t114);
					_pop(_t111);
					_pop(_t102);
					 *[fs:eax] = _t111;
					_push(E005D0BB5);
					return E005D05DC( *_v8, _t102, _v12, 0);
				} else {
					_t88 = _v8;
					_t128 =  *((intOrPtr*)(_t88 + 0x3d4)) - 0xd;
					if( *((intOrPtr*)(_t88 + 0x3d4)) == 0xd) {
						return _t88;
					} else {
						goto L2;
					}
				}
			}



























                                                                                                                              0x005d0a74
                                                                                                                              0x005d0a75
                                                                                                                              0x005d0a77
                                                                                                                              0x005d0a7a
                                                                                                                              0x005d0a7b
                                                                                                                              0x005d0a7c
                                                                                                                              0x005d0a7d
                                                                                                                              0x005d0a84
                                                                                                                              0x005d0a8a
                                                                                                                              0x005d0a8d
                                                                                                                              0x005d0a93
                                                                                                                              0x005d0a9c
                                                                                                                              0x005d0ab9
                                                                                                                              0x005d0ac8
                                                                                                                              0x005d0ada
                                                                                                                              0x005d0ae8
                                                                                                                              0x005d0af6
                                                                                                                              0x005d0aff
                                                                                                                              0x005d0b21
                                                                                                                              0x005d0b2e
                                                                                                                              0x005d0b3d
                                                                                                                              0x005d0b41
                                                                                                                              0x005d0b58
                                                                                                                              0x005d0b82
                                                                                                                              0x005d0b8f
                                                                                                                              0x005d0b97
                                                                                                                              0x005d0b99
                                                                                                                              0x005d0b9a
                                                                                                                              0x005d0b9d
                                                                                                                              0x005d0bad
                                                                                                                              0x005d0aca
                                                                                                                              0x005d0aca
                                                                                                                              0x005d0acd
                                                                                                                              0x005d0ad4
                                                                                                                              0x005d0bbb
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x005d0ad4

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005CE26C: GetDC.USER32(00000000), ref: 005CE27D
                                                                                                                                • Part of subcall function 005CE26C: SelectObject.GDI32(00000001,00000000), ref: 005CE29F
                                                                                                                                • Part of subcall function 005CE26C: GetTextExtentPointW.GDI32(00000001,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 005CE2B3
                                                                                                                                • Part of subcall function 005CE26C: GetTextMetricsW.GDI32(00000001,?,00000000,005CE2F8,?,00000000,?,0068D5D0,00000001), ref: 005CE2D5
                                                                                                                                • Part of subcall function 005CE26C: ReleaseDC.USER32 ref: 005CE2F2
                                                                                                                              • MulDiv.KERNEL32(006B66BF,00000006,00000006), ref: 005D0B41
                                                                                                                              • MulDiv.KERNEL32(?,?,0000000D), ref: 005D0B58
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Text$ExtentMetricsObjectPointReleaseSelect
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 844173074-0
                                                                                                                              • Opcode ID: 56f948a4803d8bda42e55077044f91e3e5fa0501c30f1b7e22e41dab0d924d4d
                                                                                                                              • Instruction ID: 4b3286446c155bbe1f679e64263f80cdfde84c69ba5731eb2fff00bff0d4e1b0
                                                                                                                              • Opcode Fuzzy Hash: 56f948a4803d8bda42e55077044f91e3e5fa0501c30f1b7e22e41dab0d924d4d
                                                                                                                              • Instruction Fuzzy Hash: 8F41E735A00108EFDB00DBA8D986EADB7F9FB88704F1541A6F904EB361D771AE41DB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E8BC Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E0040E8BC(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				E0040A2AC(_v12);
				_push(_t84);
				_push(0x40e9d3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E0040A1C8(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040E9DA);
					return E0040A228( &_v28, 6);
				}
				E0040A5F0( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040E5E0(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L0040524C();
						E0040DF90(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040E70C(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x6d1c10;
							if( *0x6d1c10 == 0) {
								L00405254();
								E0040DF90(_t46, _t60,  &_v28, _t79, _t81);
								E0040E70C(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040E7F0(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040E70C(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E0040B698(_v12, _t60, 1,  &_v20);
				goto L7;
			}

















                                                                                                                              0x0040e8bc
                                                                                                                              0x0040e8bc
                                                                                                                              0x0040e8bf
                                                                                                                              0x0040e8c1
                                                                                                                              0x0040e8c3
                                                                                                                              0x0040e8c5
                                                                                                                              0x0040e8c7
                                                                                                                              0x0040e8c9
                                                                                                                              0x0040e8cb
                                                                                                                              0x0040e8cc
                                                                                                                              0x0040e8cd
                                                                                                                              0x0040e8cf
                                                                                                                              0x0040e8d2
                                                                                                                              0x0040e8d8
                                                                                                                              0x0040e8e0
                                                                                                                              0x0040e8e7
                                                                                                                              0x0040e8e8
                                                                                                                              0x0040e8ed
                                                                                                                              0x0040e8f0
                                                                                                                              0x0040e8f5
                                                                                                                              0x0040e8fe
                                                                                                                              0x0040e9b8
                                                                                                                              0x0040e9ba
                                                                                                                              0x0040e9bd
                                                                                                                              0x0040e9c0
                                                                                                                              0x0040e9d2
                                                                                                                              0x0040e9d2
                                                                                                                              0x0040e90a
                                                                                                                              0x0040e90f
                                                                                                                              0x0040e914
                                                                                                                              0x0040e919
                                                                                                                              0x0040e919
                                                                                                                              0x0040e91b
                                                                                                                              0x0040e920
                                                                                                                              0x0040e947
                                                                                                                              0x0040e94d
                                                                                                                              0x0040e956
                                                                                                                              0x0040e967
                                                                                                                              0x0040e96f
                                                                                                                              0x0040e97c
                                                                                                                              0x0040e981
                                                                                                                              0x0040e984
                                                                                                                              0x0040e986
                                                                                                                              0x0040e98d
                                                                                                                              0x0040e98f
                                                                                                                              0x0040e997
                                                                                                                              0x0040e9a4
                                                                                                                              0x0040e9a4
                                                                                                                              0x0040e98d
                                                                                                                              0x0040e9a9
                                                                                                                              0x0040e9ac
                                                                                                                              0x0040e9b3
                                                                                                                              0x0040e9b3
                                                                                                                              0x0040e958
                                                                                                                              0x0040e960
                                                                                                                              0x0040e960
                                                                                                                              0x00000000
                                                                                                                              0x0040e956
                                                                                                                              0x0040e922
                                                                                                                              0x0040e942
                                                                                                                              0x0040e943
                                                                                                                              0x0040e945
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040e945
                                                                                                                              0x0040e931
                                                                                                                              0x0040e93b
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetUserDefaultUILanguage.KERNEL32(00000000,0040E9D3,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040EA5A,00000000,?,00000105), ref: 0040E967
                                                                                                                              • GetSystemDefaultUILanguage.KERNEL32(00000000,0040E9D3,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040EA5A,00000000,?,00000105), ref: 0040E98F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DefaultLanguage$SystemUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 384301227-0
                                                                                                                              • Opcode ID: 71c01383dce129321d42375a4320665508c6a8894fd0ab1ecb023abfc2bbde49
                                                                                                                              • Instruction ID: f222509f0094d30d647024d0898a7a2300edb3e6cc60590d57b3240daf1099d8
                                                                                                                              • Opcode Fuzzy Hash: 71c01383dce129321d42375a4320665508c6a8894fd0ab1ecb023abfc2bbde49
                                                                                                                              • Instruction Fuzzy Hash: F1312170A002199FDB10EB9AC881BAEB7B5EF44308F50497BE400B73D1D7789D558B59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E9E0 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E0040E9E0(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40ea9a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E0040B2DC( &_v536, _t49);
				_push(_v536);
				E0040B318( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040E8BC(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E0040B278(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040EAA1);
				E0040A228( &_v540, 2);
				return E0040A1C8( &_v8);
			}











                                                                                                                              0x0040e9ed
                                                                                                                              0x0040e9f3
                                                                                                                              0x0040e9f9
                                                                                                                              0x0040e9fc
                                                                                                                              0x0040ea00
                                                                                                                              0x0040ea01
                                                                                                                              0x0040ea06
                                                                                                                              0x0040ea09
                                                                                                                              0x0040ea1c
                                                                                                                              0x0040ea29
                                                                                                                              0x0040ea34
                                                                                                                              0x0040ea46
                                                                                                                              0x0040ea54
                                                                                                                              0x0040ea55
                                                                                                                              0x0040ea5e
                                                                                                                              0x0040ea6d
                                                                                                                              0x0040ea72
                                                                                                                              0x0040ea76
                                                                                                                              0x0040ea79
                                                                                                                              0x0040ea7c
                                                                                                                              0x0040ea8c
                                                                                                                              0x0040ea99

                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA1C
                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA6D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileLibraryLoadModuleName
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1159719554-0
                                                                                                                              • Opcode ID: d8f8903bb8f55f7d45334c9080d72fcc7eb242fea3614e091d73e0bd29641f10
                                                                                                                              • Instruction ID: bfcf378974dcce41ca09e2914a43810c414f47049a433e9fa093b73340916525
                                                                                                                              • Opcode Fuzzy Hash: d8f8903bb8f55f7d45334c9080d72fcc7eb242fea3614e091d73e0bd29641f10
                                                                                                                              • Instruction Fuzzy Hash: 46114270A4021CABDB10EB61DC86BDE73B8EB18304F5145FEA508B72D1DB785E848E99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005ABB4C Relevance: 3.0, APIs: 2, Instructions: 50threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E005ABB4C(intOrPtr __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _t12;
				intOrPtr _t16;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				void* _t30;
				void* _t31;
				intOrPtr _t32;

				_t30 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_t23 =  *0x6ccbac; // 0x0
				_v12 = _t23;
				_t24 =  *0x6ccbbc; // 0x0
				_v16 = _t24;
				 *0x6ccbac = __eax;
				 *0x6ccbbc = 0;
				_push(_t30);
				_push(0x5abbf9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				 *0x6ccbb8 = 1;
				_push(_t30);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				EnumThreadWindows(GetCurrentThreadId(), 0x5abafc, 0);
				_t12 =  *0x6ccbbc; // 0x0
				_v8 = _t12;
				_pop(_t25);
				 *[fs:eax] = _t25;
				_t26 = 0x5abbbb;
				 *[fs:eax] = _t26;
				_push(E005ABC00);
				 *0x6ccbb8 = 0;
				 *0x6ccbbc = _v16;
				_t16 = _v12;
				 *0x6ccbac = _t16;
				return _t16;
			}















                                                                                                                              0x005abb4d
                                                                                                                              0x005abb4f
                                                                                                                              0x005abb55
                                                                                                                              0x005abb5b
                                                                                                                              0x005abb5e
                                                                                                                              0x005abb64
                                                                                                                              0x005abb67
                                                                                                                              0x005abb6e
                                                                                                                              0x005abb7a
                                                                                                                              0x005abb7b
                                                                                                                              0x005abb80
                                                                                                                              0x005abb83
                                                                                                                              0x005abb86
                                                                                                                              0x005abb8f
                                                                                                                              0x005abb95
                                                                                                                              0x005abb98
                                                                                                                              0x005abba4
                                                                                                                              0x005abba9
                                                                                                                              0x005abbae
                                                                                                                              0x005abbb3
                                                                                                                              0x005abbb6
                                                                                                                              0x005abbd6
                                                                                                                              0x005abbd9
                                                                                                                              0x005abbdc
                                                                                                                              0x005abbe1
                                                                                                                              0x005abbeb
                                                                                                                              0x005abbf0
                                                                                                                              0x005abbf3
                                                                                                                              0x005abbf8

                                                                                                                              APIs
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 005ABB9E
                                                                                                                              • EnumThreadWindows.USER32(00000000,005ABAFC,00000000), ref: 005ABBA4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Thread$CurrentEnumWindows
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2396873506-0
                                                                                                                              • Opcode ID: 50b1606a0afe4943f6b819d05498a248b249cba9426d36aa2a532158776b3fde
                                                                                                                              • Instruction ID: ee6e8008b641080cd7585ababab2aba3c455f5a37fbde39c0718e37cfc8f8a06
                                                                                                                              • Opcode Fuzzy Hash: 50b1606a0afe4943f6b819d05498a248b249cba9426d36aa2a532158776b3fde
                                                                                                                              • Instruction Fuzzy Hash: C5112574A08744AFD711CF66DCA2D6ABFE9E74A720F1194AAE804D3791E7756C00CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060C6DC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E0060C6DC(void* __eax, long __ecx, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t28;
				void* _t36;
				void* _t38;
				intOrPtr _t39;

				_t36 = _t38;
				_t39 = _t38 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t36);
					_push(0x60c73d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t39;
					_t13 = SetFileAttributesW(E0040B278(__edx), __ecx); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t28);
					 *[fs:eax] = _t28;
					_push(E0060C744);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                                                                              0x0060c6dd
                                                                                                                              0x0060c6df
                                                                                                                              0x0060c6f7
                                                                                                                              0x0060c702
                                                                                                                              0x0060c703
                                                                                                                              0x0060c708
                                                                                                                              0x0060c70b
                                                                                                                              0x0060c717
                                                                                                                              0x0060c71c
                                                                                                                              0x0060c724
                                                                                                                              0x0060c729
                                                                                                                              0x0060c72c
                                                                                                                              0x0060c72f
                                                                                                                              0x0060c73c
                                                                                                                              0x0060c6f9
                                                                                                                              0x0060c6fb
                                                                                                                              0x0060c756
                                                                                                                              0x0060c756

                                                                                                                              APIs
                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,?,00000000,0060C73D,?,?,?,?), ref: 0060C717
                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000000,0060C73D,?,?,?,?), ref: 0060C71F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesErrorFileLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1799206407-0
                                                                                                                              • Opcode ID: ea6d292fc7c461655b0eea440cba72d6c836f988d7411a1ff2133ebb4dca1025
                                                                                                                              • Instruction ID: 5bd2e095344fadebd9d4515abb3e9951cbffbcd67f0ba67c15742bd66c6e9b14
                                                                                                                              • Opcode Fuzzy Hash: ea6d292fc7c461655b0eea440cba72d6c836f988d7411a1ff2133ebb4dca1025
                                                                                                                              • Instruction Fuzzy Hash: 33F0A431A44208ABCB14DBBA9C4189FF7EDDB8973075147BBF814E3281EB755E004AA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060C158 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E0060C158(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x60c1b5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E0040B278(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C1BC);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                                                                              0x0060c159
                                                                                                                              0x0060c15b
                                                                                                                              0x0060c170
                                                                                                                              0x0060c17b
                                                                                                                              0x0060c17c
                                                                                                                              0x0060c181
                                                                                                                              0x0060c184
                                                                                                                              0x0060c18f
                                                                                                                              0x0060c194
                                                                                                                              0x0060c19c
                                                                                                                              0x0060c1a1
                                                                                                                              0x0060c1a4
                                                                                                                              0x0060c1a7
                                                                                                                              0x0060c1b4
                                                                                                                              0x0060c172
                                                                                                                              0x0060c174
                                                                                                                              0x0060c1cd
                                                                                                                              0x0060c1cd

                                                                                                                              APIs
                                                                                                                              • DeleteFileW.KERNEL32(00000000,00000000,0060C1B5,?,?,?), ref: 0060C18F
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,0060C1B5,?,?,?), ref: 0060C197
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2018770650-0
                                                                                                                              • Opcode ID: 69ae15de9effa71a0ffa306cf77e1792f9f9152f3059beb619848b97606d8d59
                                                                                                                              • Instruction ID: 318e45fb2803f7fcaacad33ae20e8141f5d943eca3b4fb5a26b9ca9ca2c048f0
                                                                                                                              • Opcode Fuzzy Hash: 69ae15de9effa71a0ffa306cf77e1792f9f9152f3059beb619848b97606d8d59
                                                                                                                              • Instruction Fuzzy Hash: 9EF0C831A44308ABCB04DFB59C4149FB7E9DB0932075147FAF804D3382E7745E005994
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060C664 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E0060C664(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x60c6c1);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = RemoveDirectoryW(E0040B278(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E0060C6C8);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                                                                              0x0060c665
                                                                                                                              0x0060c667
                                                                                                                              0x0060c67c
                                                                                                                              0x0060c687
                                                                                                                              0x0060c688
                                                                                                                              0x0060c68d
                                                                                                                              0x0060c690
                                                                                                                              0x0060c69b
                                                                                                                              0x0060c6a0
                                                                                                                              0x0060c6a8
                                                                                                                              0x0060c6ad
                                                                                                                              0x0060c6b0
                                                                                                                              0x0060c6b3
                                                                                                                              0x0060c6c0
                                                                                                                              0x0060c67e
                                                                                                                              0x0060c680
                                                                                                                              0x0060c6d9
                                                                                                                              0x0060c6d9

                                                                                                                              APIs
                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,00000000,0060C6C1,?,?,00000000), ref: 0060C69B
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,0060C6C1,?,?,00000000), ref: 0060C6A3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DirectoryErrorLastRemove
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 377330604-0
                                                                                                                              • Opcode ID: 88551de9a018a34a664c83f13b1c0ff5502ea333e94a54201414f9b12ce810cf
                                                                                                                              • Instruction ID: 4dcda24c2f25390586e6dcbd063c7cff493c698b67123ab594910c5e431ffc76
                                                                                                                              • Opcode Fuzzy Hash: 88551de9a018a34a664c83f13b1c0ff5502ea333e94a54201414f9b12ce810cf
                                                                                                                              • Instruction Fuzzy Hash: 86F0C231A94208ABDB14DFB5AC418AFB3E9DB493207514BBAF804E3281EB755E105698
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060C330 Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E0060C330(void* __eax, void* __edx, void* __eflags) {
				long _v8;
				char _v16;
				long _v20;
				long _t13;
				intOrPtr _t26;
				void* _t31;
				void* _t33;
				intOrPtr _t34;

				_t31 = _t33;
				_t34 = _t33 + 0xfffffff0;
				if(E0060BF74(__eax,  &_v16) != 0) {
					_push(_t31);
					_push(0x60c38f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t34;
					_t13 = GetFileAttributesW(E0040B278(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t26);
					 *[fs:eax] = _t26;
					_push(E0060C396);
					return E0060BFB0( &_v16);
				} else {
					_v8 = 0xffffffff;
					return _v8;
				}
			}











                                                                                                                              0x0060c331
                                                                                                                              0x0060c333
                                                                                                                              0x0060c348
                                                                                                                              0x0060c355
                                                                                                                              0x0060c356
                                                                                                                              0x0060c35b
                                                                                                                              0x0060c35e
                                                                                                                              0x0060c369
                                                                                                                              0x0060c36e
                                                                                                                              0x0060c376
                                                                                                                              0x0060c37b
                                                                                                                              0x0060c37e
                                                                                                                              0x0060c381
                                                                                                                              0x0060c38e
                                                                                                                              0x0060c34a
                                                                                                                              0x0060c34a
                                                                                                                              0x0060c3a7
                                                                                                                              0x0060c3a7

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,0060C38F,?,?), ref: 0060C369
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,0060C38F,?,?), ref: 0060C371
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesErrorFileLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1799206407-0
                                                                                                                              • Opcode ID: ea04dffe93eb1ac71ee6cf78e3bd2101059dec196984c704414799d16383b704
                                                                                                                              • Instruction ID: ac4143f12262c7d0a901264d1351b7ede06df7ddc71b93cf3a94d9bbe58a4691
                                                                                                                              • Opcode Fuzzy Hash: ea04dffe93eb1ac71ee6cf78e3bd2101059dec196984c704414799d16383b704
                                                                                                                              • Instruction Fuzzy Hash: 74F0C831A94708ABCB18DFB59C018AEB3A9DB0972475187B6F814D36C1DB745E004598
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0042B848 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E0042B848(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x42b8ba);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x42b89c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E0040B278(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E0042B8A3);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                                                                                              0x0042b849
                                                                                                                              0x0042b84b
                                                                                                                              0x0042b84f
                                                                                                                              0x0042b852
                                                                                                                              0x0042b857
                                                                                                                              0x0042b85c
                                                                                                                              0x0042b85d
                                                                                                                              0x0042b862
                                                                                                                              0x0042b865
                                                                                                                              0x0042b868
                                                                                                                              0x0042b86d
                                                                                                                              0x0042b86e
                                                                                                                              0x0042b873
                                                                                                                              0x0042b876
                                                                                                                              0x0042b881
                                                                                                                              0x0042b886
                                                                                                                              0x0042b88b
                                                                                                                              0x0042b88e
                                                                                                                              0x0042b891
                                                                                                                              0x0042b896
                                                                                                                              0x0042b898
                                                                                                                              0x0042b89b

                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNEL32(00008000,00000000), ref: 0042B852
                                                                                                                              • LoadLibraryW.KERNEL32(00000000,00000000,0042B89C,?,00000000,0042B8BA,?,00008000,00000000), ref: 0042B881
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLibraryLoadMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2987862817-0
                                                                                                                              • Opcode ID: 56c95385e7de28241530f81c1942e7ebc726a3a305286d3cd261ddb2ef16c520
                                                                                                                              • Instruction ID: 1e325d9ebe5d0822fb749a998e89c34c252ba1fb5941e6000e67edf6569427d0
                                                                                                                              • Opcode Fuzzy Hash: 56c95385e7de28241530f81c1942e7ebc726a3a305286d3cd261ddb2ef16c520
                                                                                                                              • Instruction Fuzzy Hash: D6F08270614704BEDB016FB69C5286FBBECEB4AB0079349B6F814A2691E67D581086A8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005B8250 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E005B8250(void* __eax, void* __edx, void* __eflags) {
				void* _t9;
				void* _t17;
				void* _t22;
				void* _t23;

				_t23 = __eflags;
				_t22 = __edx;
				_t17 = __eax;
				_t9 = E0040B660( *((intOrPtr*)(__eax + 0xa4)), __edx);
				if(_t23 == 0) {
					return _t9;
				}
				if( *((char*)(_t17 + 0xc4)) != 0) {
					if( *((char*)(_t17 + 0xeb)) == 0) {
						SetWindowTextW( *(_t17 + 0x188), E0040B278(__edx));
					} else {
						SetWindowTextW( *(_t17 + 0x188), 0);
					}
				}
				_t6 = _t17 + 0xa4; // 0xa4
				return E0040A5A8(_t6, _t22);
			}







                                                                                                                              0x005b8250
                                                                                                                              0x005b8253
                                                                                                                              0x005b8255
                                                                                                                              0x005b825f
                                                                                                                              0x005b8264
                                                                                                                              0x005b82ac
                                                                                                                              0x005b82ac
                                                                                                                              0x005b826d
                                                                                                                              0x005b8276
                                                                                                                              0x005b8297
                                                                                                                              0x005b8278
                                                                                                                              0x005b8281
                                                                                                                              0x005b8281
                                                                                                                              0x005b8276
                                                                                                                              0x005b829c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 005B8297
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: TextWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 530164218-0
                                                                                                                              • Opcode ID: 33779a9760d10673c226e654349b0cc0fe433a542468b9758a9705a4e554b78e
                                                                                                                              • Instruction ID: 06eb74493f32fc7ca45b3b7e2b46e6e7fae3055f649a2dcd14cf2a1bc93d960e
                                                                                                                              • Opcode Fuzzy Hash: 33779a9760d10673c226e654349b0cc0fe433a542468b9758a9705a4e554b78e
                                                                                                                              • Instruction Fuzzy Hash: 2AF0A7743015002ADB11AA6A8885BFA678CAF86715F0801BAFE049F387CF785D41C3BA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006AC477 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 35%
                                                                                                                              			E006AC477() {
				void* _t13;
				void* _t15;
				intOrPtr _t16;
				intOrPtr _t24;
				intOrPtr _t32;
				intOrPtr _t37;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t57;

				_t13 =  *0x6d68ac(0x6cd804, 0x8000, 0, _t56 - 4); // executed
				if(_t13 != 0) {
					_t15 =  *0x6d68ac(0x6cd814, 0x8000, 0, _t56 - 4); // executed
					if(_t15 != 0) {
						if( *0x6d67dc == 0) {
							_t16 =  *0x6d6534; // 0x0
							E005C4EA4(_t16, _t56 - 0x38);
							E0040B4C8(0x6d6564, L"COMMAND.COM",  *((intOrPtr*)(_t56 - 0x38))); // executed
						} else {
							_t24 =  *0x6d6538; // 0x0
							E005C4EA4(_t24, _t56 - 0x34);
							E0040B4C8(0x6d6564, L"cmd.exe",  *((intOrPtr*)(_t56 - 0x34)));
						}
						E006AC180(); // executed
						_pop(_t48);
						 *[fs:eax] = _t48;
						_push(E006AC58D);
						return E0040A228(_t56 - 0x38, 0xd);
					} else {
						_push(_t56);
						_push(0x6ac516);
						_push( *[fs:eax]);
						 *[fs:eax] = _t57;
						E0040C8BC();
						_pop(_t53);
						 *[fs:eax] = _t53;
						_push(E006AC51D);
						_t32 =  *((intOrPtr*)(_t56 - 4));
						_push(_t32);
						L0043C214();
						return _t32;
					}
				} else {
					_push(_t56);
					_push(0x6ac4c3);
					_push( *[fs:eax]);
					 *[fs:eax] = _t57;
					E0040C8BC();
					_pop(_t55);
					 *[fs:eax] = _t55;
					_push(E006AC4CA);
					_t37 =  *((intOrPtr*)(_t56 - 4));
					_push(_t37);
					L0043C214();
					return _t37;
				}
			}














                                                                                                                              0x006ac487
                                                                                                                              0x006ac48f
                                                                                                                              0x006ac4da
                                                                                                                              0x006ac4e2
                                                                                                                              0x006ac524
                                                                                                                              0x006ac54a
                                                                                                                              0x006ac54f
                                                                                                                              0x006ac561
                                                                                                                              0x006ac526
                                                                                                                              0x006ac529
                                                                                                                              0x006ac52e
                                                                                                                              0x006ac540
                                                                                                                              0x006ac540
                                                                                                                              0x006ac566
                                                                                                                              0x006ac56d
                                                                                                                              0x006ac570
                                                                                                                              0x006ac573
                                                                                                                              0x006ac585
                                                                                                                              0x006ac4e4
                                                                                                                              0x006ac4e6
                                                                                                                              0x006ac4e7
                                                                                                                              0x006ac4ec
                                                                                                                              0x006ac4ef
                                                                                                                              0x006ac4fa
                                                                                                                              0x006ac501
                                                                                                                              0x006ac504
                                                                                                                              0x006ac507
                                                                                                                              0x006ac50c
                                                                                                                              0x006ac50f
                                                                                                                              0x006ac510
                                                                                                                              0x006ac515
                                                                                                                              0x006ac515
                                                                                                                              0x006ac491
                                                                                                                              0x006ac493
                                                                                                                              0x006ac494
                                                                                                                              0x006ac499
                                                                                                                              0x006ac49c
                                                                                                                              0x006ac4a7
                                                                                                                              0x006ac4ae
                                                                                                                              0x006ac4b1
                                                                                                                              0x006ac4b4
                                                                                                                              0x006ac4b9
                                                                                                                              0x006ac4bc
                                                                                                                              0x006ac4bd
                                                                                                                              0x006ac4c2
                                                                                                                              0x006ac4c2

                                                                                                                              APIs
                                                                                                                              • SHGetKnownFolderPath.SHELL32(006CD804,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC487
                                                                                                                              • CoTaskMemFree.OLE32(?,006AC4CA,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4BD
                                                                                                                              • SHGetKnownFolderPath.SHELL32(006CD814,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4DA
                                                                                                                              • CoTaskMemFree.OLE32(?,006AC51D,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC510
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FolderFreeKnownPathTask
                                                                                                                              • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                              • API String ID: 969438705-544719455
                                                                                                                              • Opcode ID: 8384953cfd88f85c37ee3bb36c9ff3900296b8c279f57d69efe11ea1f24b55c1
                                                                                                                              • Instruction ID: 8490eda7aae5474be0b02337b94e319d82e09844d8c50d4b14fc66eb57101d9e
                                                                                                                              • Opcode Fuzzy Hash: 8384953cfd88f85c37ee3bb36c9ff3900296b8c279f57d69efe11ea1f24b55c1
                                                                                                                              • Instruction Fuzzy Hash: 32E09232744700AEE711ABA5DC62F3A77E9E74DB10B62447AF404E2690D634AD009A28
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006AC4CA Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 47%
                                                                                                                              			E006AC4CA() {
				void* _t10;
				intOrPtr _t11;
				intOrPtr _t19;
				intOrPtr _t27;
				intOrPtr _t36;
				intOrPtr _t41;
				void* _t42;
				intOrPtr _t43;

				_t10 =  *0x6d68ac(0x6cd814, 0x8000, 0, _t42 - 4); // executed
				if(_t10 != 0) {
					if( *0x6d67dc == 0) {
						_t11 =  *0x6d6534; // 0x0
						E005C4EA4(_t11, _t42 - 0x38);
						E0040B4C8(0x6d6564, L"COMMAND.COM",  *((intOrPtr*)(_t42 - 0x38))); // executed
					} else {
						_t19 =  *0x6d6538; // 0x0
						E005C4EA4(_t19, _t42 - 0x34);
						E0040B4C8(0x6d6564, L"cmd.exe",  *((intOrPtr*)(_t42 - 0x34)));
					}
					E006AC180(); // executed
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E006AC58D);
					return E0040A228(_t42 - 0x38, 0xd);
				} else {
					_push(_t42);
					_push(0x6ac516);
					_push( *[fs:eax]);
					 *[fs:eax] = _t43;
					E0040C8BC();
					_pop(_t41);
					 *[fs:eax] = _t41;
					_push(E006AC51D);
					_t27 =  *((intOrPtr*)(_t42 - 4));
					_push(_t27);
					L0043C214();
					return _t27;
				}
			}











                                                                                                                              0x006ac4da
                                                                                                                              0x006ac4e2
                                                                                                                              0x006ac524
                                                                                                                              0x006ac54a
                                                                                                                              0x006ac54f
                                                                                                                              0x006ac561
                                                                                                                              0x006ac526
                                                                                                                              0x006ac529
                                                                                                                              0x006ac52e
                                                                                                                              0x006ac540
                                                                                                                              0x006ac540
                                                                                                                              0x006ac566
                                                                                                                              0x006ac56d
                                                                                                                              0x006ac570
                                                                                                                              0x006ac573
                                                                                                                              0x006ac585
                                                                                                                              0x006ac4e4
                                                                                                                              0x006ac4e6
                                                                                                                              0x006ac4e7
                                                                                                                              0x006ac4ec
                                                                                                                              0x006ac4ef
                                                                                                                              0x006ac4fa
                                                                                                                              0x006ac501
                                                                                                                              0x006ac504
                                                                                                                              0x006ac507
                                                                                                                              0x006ac50c
                                                                                                                              0x006ac50f
                                                                                                                              0x006ac510
                                                                                                                              0x006ac515
                                                                                                                              0x006ac515

                                                                                                                              APIs
                                                                                                                              • SHGetKnownFolderPath.SHELL32(006CD814,00008000,00000000,?,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC4DA
                                                                                                                              • CoTaskMemFree.OLE32(?,006AC51D,?,00000000,00000000,?,006B7B68,00000006,?,00000000,006B813A,?,00000000,006B81F9), ref: 006AC510
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FolderFreeKnownPathTask
                                                                                                                              • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                              • API String ID: 969438705-544719455
                                                                                                                              • Opcode ID: 313031661c9f3d937668f184e05f07051bbe0573f7bc91d8efeaafa51bbcf367
                                                                                                                              • Instruction ID: c6c261769d38d943bb646f4c75fbe89f1fed75b0b48c3df2323ffd2a5fb60eac
                                                                                                                              • Opcode Fuzzy Hash: 313031661c9f3d937668f184e05f07051bbe0573f7bc91d8efeaafa51bbcf367
                                                                                                                              • Instruction Fuzzy Hash: 7DE02230B00300AEEB12AFA8CC02F2A73A9EB09B40F62447AF400D6680D634ED108E38
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004786AC Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004786AC(struct HWND__* __eax) {
				int _t3;
				struct HWND__* _t7;

				_t7 = __eax;
				_t6 = GetWindowLongW(__eax, 0xfffffffc);
				_t3 = DestroyWindow(_t7); // executed
				if(_t2 != L00414778) {
					return E004784F4(_t6);
				}
				return _t3;
			}





                                                                                                                              0x004786ae
                                                                                                                              0x004786b8
                                                                                                                              0x004786bb
                                                                                                                              0x004786c6
                                                                                                                              0x00000000
                                                                                                                              0x004786ca
                                                                                                                              0x004786d1

                                                                                                                              APIs
                                                                                                                              • GetWindowLongW.USER32(00000000,000000FC), ref: 004786B3
                                                                                                                              • DestroyWindow.USER32(00000000,00000000,000000FC,?,?,0061559E,006B8C29), ref: 004786BB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$DestroyLong
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2871862000-0
                                                                                                                              • Opcode ID: 21f9de746b4a3ac2ffe65a062f9f41cf70f012a852ffe98306038f1eec2ec08f
                                                                                                                              • Instruction ID: 631b19700b559cadd17185a070b253bcc10ed0a910bd4b2a6cdfdfbedeaeb0c2
                                                                                                                              • Opcode Fuzzy Hash: 21f9de746b4a3ac2ffe65a062f9f41cf70f012a852ffe98306038f1eec2ec08f
                                                                                                                              • Instruction Fuzzy Hash: 14C012A12021302A161131796CC98EB00888C823A9329866FF824862D3DF8C0D8102ED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406DF0 Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00406DF0() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x006CFAE0;
				while(_t28 != 0x6cfadc) {
					_t2 = _t28 + 4; // 0x6cfadc
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x6c5084;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x6cfadc = 0x6cfadc;
				 *0x006CFAE0 = 0x6cfadc;
				_t26 = 0x400;
				_t23 = 0x6cfb7c;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x6cfb7c
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x6cfaf8 = 0;
				E00407760(0x6cfafc, 0x80);
				_t18 = 0;
				 *0x6cfaf4 = 0;
				_t31 =  *0x006D1B84;
				while(_t31 != 0x6d1b80) {
					_t10 = _t31 + 4; // 0x6d1b80
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x6d1b80 = 0x6d1b80;
				 *0x006D1B84 = 0x6d1b80;
				return _t18;
			}











                                                                                                                              0x00406dfe
                                                                                                                              0x00406e15
                                                                                                                              0x00406e03
                                                                                                                              0x00406e0e
                                                                                                                              0x00406e13
                                                                                                                              0x00406e13
                                                                                                                              0x00406e19
                                                                                                                              0x00406e1e
                                                                                                                              0x00406e23
                                                                                                                              0x00406e25
                                                                                                                              0x00406e2a
                                                                                                                              0x00406e2d
                                                                                                                              0x00406e36
                                                                                                                              0x00406e39
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3c
                                                                                                                              0x00406e3f
                                                                                                                              0x00406e41
                                                                                                                              0x00406e44
                                                                                                                              0x00406e49
                                                                                                                              0x00406e4e
                                                                                                                              0x00406e4e
                                                                                                                              0x00406e50
                                                                                                                              0x00406e52
                                                                                                                              0x00406e52
                                                                                                                              0x00406e55
                                                                                                                              0x00406e58
                                                                                                                              0x00406e58
                                                                                                                              0x00406e5d
                                                                                                                              0x00406e6e
                                                                                                                              0x00406e73
                                                                                                                              0x00406e75
                                                                                                                              0x00406e7a
                                                                                                                              0x00406e91
                                                                                                                              0x00406e7f
                                                                                                                              0x00406e8a
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e8f
                                                                                                                              0x00406e95
                                                                                                                              0x00406e97
                                                                                                                              0x00406e9e

                                                                                                                              APIs
                                                                                                                              • VirtualFree.KERNEL32(006CFADC,00000000,00008000), ref: 00406E0E
                                                                                                                              • VirtualFree.KERNEL32(006D1B80,00000000,00008000), ref: 00406E8A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1263568516-0
                                                                                                                              • Opcode ID: ba0a6a8ba3a490a9d7cf8823c3f45091e9916bb0961cb6397077b966313e451f
                                                                                                                              • Instruction ID: 8d3276661228be03e62c92a97986ee0a4f38eb12010ad15582d000b3628175ea
                                                                                                                              • Opcode Fuzzy Hash: ba0a6a8ba3a490a9d7cf8823c3f45091e9916bb0961cb6397077b966313e451f
                                                                                                                              • Instruction Fuzzy Hash: CA1194716007009FD7648F58D841B26BBE2EB84754F26807FE54EEF381D678AC018BD8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409B58 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00000000,00409BA6,?,006C5000,006D1B9C,?,?,00409FA9,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409B96
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2492992576-0
                                                                                                                              • Opcode ID: f8d181e33e77468429ffc4b921afeeebf03913a5087e96241a90740b508f10d8
                                                                                                                              • Instruction ID: 984d59f3d031b3db7ed4f0d205521ad444ca36c97295ef9fd1821bff389e3508
                                                                                                                              • Opcode Fuzzy Hash: f8d181e33e77468429ffc4b921afeeebf03913a5087e96241a90740b508f10d8
                                                                                                                              • Instruction Fuzzy Hash: 3BF09031B05705AED3314F0AB880E53BBACFB4A770755047BD808A6792E3B9BC00C5A4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004236A4 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004236A4(signed int __eax, signed int __edx) {
				signed int _t6;
				signed int _t9;
				void* _t14;
				signed int _t21;

				_t6 = __eax | 0xffffffff;
				_t21 = 0x00000003 & __edx;
				if(3 <= 2 && (0x000000f0 & __edx) <= 0x40) {
					_t9 = (0x000000f0 & __edx) >> 4;
					_t14 = CreateFileW(E0040B278(__eax),  *(0x6c7594 + _t21 * 4),  *(0x6c75a0 + _t9 * 4), 0, 3, 0x80, 0); // executed
					return _t14;
				}
				return _t6;
			}







                                                                                                                              0x004236ab
                                                                                                                              0x004236b3
                                                                                                                              0x004236b8
                                                                                                                              0x004236d8
                                                                                                                              0x004236f3
                                                                                                                              0x00000000
                                                                                                                              0x004236f3
                                                                                                                              0x004236fb

                                                                                                                              APIs
                                                                                                                              • CreateFileW.KERNEL32(00000000,000000F0,000000F0,00000000,00000003,00000080,00000000,?,?,00443D4C,004699CC,00000000,00469A4C,?,?,00443D4C), ref: 004236F3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 823142352-0
                                                                                                                              • Opcode ID: cef20477378f9b150fd007dd39d43cf6adb5a0d0c4b4fd096933627a819daba1
                                                                                                                              • Instruction ID: aa5746293d6dd75c5469c1425f757739e1be5bfdc5dd556d118ca91a685e0016
                                                                                                                              • Opcode Fuzzy Hash: cef20477378f9b150fd007dd39d43cf6adb5a0d0c4b4fd096933627a819daba1
                                                                                                                              • Instruction Fuzzy Hash: 66E02BA2B901203AF33069AD9C82F1B514E8795777F590276F615EB3C1C4988D0182AC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004236FC Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,?,?,00443D4C,00469961,00000000,00469A4C,?,?,00443D4C), ref: 00423745
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 823142352-0
                                                                                                                              • Opcode ID: 6f16c655491f78fa5763c8526b08530e2a4023042208957ddd042cfe4711d361
                                                                                                                              • Instruction ID: 502252b8251e75369e7d593655d0488969bd90bcda5cf89e16fadd6ec266699d
                                                                                                                              • Opcode Fuzzy Hash: 6f16c655491f78fa5763c8526b08530e2a4023042208957ddd042cfe4711d361
                                                                                                                              • Instruction Fuzzy Hash: AEE0DFE3B401243AF72069AE9C82F7B9159C781776F06023AFB60EB2D1C558EC0086E8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C857C Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E005C857C(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E0040A350(_t10, _t7, _t17, _t20);
			}








                                                                                                                              0x005c8583
                                                                                                                              0x005c859b
                                                                                                                              0x005c85a3
                                                                                                                              0x005c85a7
                                                                                                                              0x005c85b0
                                                                                                                              0x005c85a2
                                                                                                                              0x005c85a2
                                                                                                                              0x005c85a2
                                                                                                                              0x00000000
                                                                                                                              0x005c85b2
                                                                                                                              0x005c85b2
                                                                                                                              0x005c85b6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x005c85b6
                                                                                                                              0x00000000
                                                                                                                              0x005c85b0
                                                                                                                              0x005c85c9

                                                                                                                              APIs
                                                                                                                              • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,005CBEAE,00000000,005CBEFF,?,005CC0E0), ref: 005C859B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FormatMessage
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1306739567-0
                                                                                                                              • Opcode ID: 388da2a30acd779cb9b4506f5decf73e4625cccda17330470f141bc11173101f
                                                                                                                              • Instruction ID: 09862238c43e822cbcf5df792bab944b0a9534785c307f7411e32f5bd31f51a0
                                                                                                                              • Opcode Fuzzy Hash: 388da2a30acd779cb9b4506f5decf73e4625cccda17330470f141bc11173101f
                                                                                                                              • Instruction Fuzzy Hash: 30E020707543113EF32421950C43FFA1589F7C0B04FE4443D76409D2D5DEF9D8554296
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C6808 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 31%
                                                                                                                              			E005C6808(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x5c684e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E005C567C(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E0040B278(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E005C6855);
				return E0040A1C8( &_v8);
			}






                                                                                                                              0x005c680b
                                                                                                                              0x005c6812
                                                                                                                              0x005c6813
                                                                                                                              0x005c6818
                                                                                                                              0x005c681b
                                                                                                                              0x005c6823
                                                                                                                              0x005c6831
                                                                                                                              0x005c683a
                                                                                                                              0x005c683d
                                                                                                                              0x005c6840
                                                                                                                              0x005c684d

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,005C684E,?,00000000,00000000,?,005C689E,00000000,0060C275,00000000,0060C296,?,00000000,00000000,006B912A), ref: 005C6831
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: f1012d98df8117312cc2ec57860e2029d48c33066b48c9112d529acd4efbf65f
                                                                                                                              • Instruction ID: 7ef4f7d410bb1350c6c34c2cfd3ab79e32246cebd9daa6780dadc2d4ee8c12dd
                                                                                                                              • Opcode Fuzzy Hash: f1012d98df8117312cc2ec57860e2029d48c33066b48c9112d529acd4efbf65f
                                                                                                                              • Instruction Fuzzy Hash: 9AE09231344308AFE701EAF6CC52E5DB7EDE749704B924879F400D7682E678AE108458
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040D754 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040D754(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040E9E0(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}












                                                                                                                              0x0040d75c
                                                                                                                              0x0040d75e
                                                                                                                              0x0040d762
                                                                                                                              0x0040d772
                                                                                                                              0x0040d77b
                                                                                                                              0x0040d780
                                                                                                                              0x0040d782
                                                                                                                              0x0040d787
                                                                                                                              0x0040d78c
                                                                                                                              0x0040d78c
                                                                                                                              0x0040d787
                                                                                                                              0x0040d79a

                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 0040D772
                                                                                                                                • Part of subcall function 0040E9E0: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA1C
                                                                                                                                • Part of subcall function 0040E9E0: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040EA9A,?,?,00000000), ref: 0040EA6D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileModuleName$LibraryLoad
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4113206344-0
                                                                                                                              • Opcode ID: 0c4338d5c56e5e7d061b7f443bbaa86d882c427cb1541d3f25e0c99049ab022e
                                                                                                                              • Instruction ID: e6e9750417710ce6057aade1326652b07051d0f0da16d230474427610a1a2044
                                                                                                                              • Opcode Fuzzy Hash: 0c4338d5c56e5e7d061b7f443bbaa86d882c427cb1541d3f25e0c99049ab022e
                                                                                                                              • Instruction Fuzzy Hash: 6EE0C9B1A013109BCB10DE98C8C5A577794AF08754F044AA6ED64DF386D375D9248BD5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005118EC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E005118EC(intOrPtr* __eax, void* __edx) {
				void* _t15;
				intOrPtr _t16;
				intOrPtr* _t17;

				_t17 = __eax;
				_t1 = _t17 + 0x58; // 0x756c6156
				_push( *_t1);
				_t15 =  *((intOrPtr*)( *__eax + 0xc8))();
				 *(__eax + 0x98) =  *(__eax + 0x98) | 0x00000008;
				if(( *(__eax + 0x1c) & 0x00000002) != 0) {
					_t10 = _t17 + 0x5c; // 0x27365
					_t16 =  *_t10;
					 *((intOrPtr*)(__eax + 0x1bc)) = _t16;
					return _t16;
				}
				return _t15;
			}






                                                                                                                              0x005118ee
                                                                                                                              0x005118f0
                                                                                                                              0x005118f3
                                                                                                                              0x005118ff
                                                                                                                              0x00511905
                                                                                                                              0x00511910
                                                                                                                              0x00511912
                                                                                                                              0x00511912
                                                                                                                              0x00511915
                                                                                                                              0x00000000
                                                                                                                              0x00511915
                                                                                                                              0x0051191d

                                                                                                                              APIs
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00000000,756C6156,00000000,004C0068,006083FD,?,00000000,?,00000001,00000000,00000000,00000000,?,0068D5D0,00000001), ref: 005118FF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2492992576-0
                                                                                                                              • Opcode ID: 85bdc3385b207dada71018df6b1f57ab890a92785066421d2a406271edccbd75
                                                                                                                              • Instruction ID: 6af4db9eeccf4ff42fbbae530d0a0735680e8903c85d973bda31935d07d03d1d
                                                                                                                              • Opcode Fuzzy Hash: 85bdc3385b207dada71018df6b1f57ab890a92785066421d2a406271edccbd75
                                                                                                                              • Instruction Fuzzy Hash: C8E092712046408BEB48CE6DC4C5B967BE9AF4A215F0480E9ED498B25AC774AC49CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005118B8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E005118B8(intOrPtr* __eax, void* __edx) {
				void* _t15;
				intOrPtr _t16;
				intOrPtr* _t17;

				_t17 = __eax;
				_t1 = _t17 + 0x5c; // 0x27365
				_push( *_t1);
				_t15 =  *((intOrPtr*)( *__eax + 0xc8))();
				 *(__eax + 0x98) =  *(__eax + 0x98) | 0x00000004;
				if(( *(__eax + 0x1c) & 0x00000002) != 0) {
					_t10 = _t17 + 0x58; // 0x756c6156
					_t16 =  *_t10;
					 *((intOrPtr*)(__eax + 0x1b8)) = _t16;
					return _t16;
				}
				return _t15;
			}






                                                                                                                              0x005118ba
                                                                                                                              0x005118bd
                                                                                                                              0x005118c0
                                                                                                                              0x005118cb
                                                                                                                              0x005118d1
                                                                                                                              0x005118dc
                                                                                                                              0x005118de
                                                                                                                              0x005118de
                                                                                                                              0x005118e1
                                                                                                                              0x00000000
                                                                                                                              0x005118e1
                                                                                                                              0x005118e9

                                                                                                                              APIs
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00027365,00000000,00000000,004C0068,006083EC,?,00000000,?,00000001,00000000,00000000,00000000,?,0068D5D0,00000001), ref: 005118CB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2492992576-0
                                                                                                                              • Opcode ID: 1ef83a670f5add13b9a374239f5fba316326babbb4ed16e1d195e7c525f61efe
                                                                                                                              • Instruction ID: 9fcb5f38b0df23c263da8a60913ea9fccafb23266d8756c351c2c96681b23a4d
                                                                                                                              • Opcode Fuzzy Hash: 1ef83a670f5add13b9a374239f5fba316326babbb4ed16e1d195e7c525f61efe
                                                                                                                              • Instruction Fuzzy Hash: 70E09A712056405BEB84DE5CC4C5B957BE9AF49214F1440E5ED498B25BC7749C48CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C68A4 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E005C68A4(void* __eax) {
				signed char _t7;

				_t7 = GetFileAttributesW(E0040B278(__eax)); // executed
				if(_t7 == 0xffffffff || (_t7 & 0x00000010) == 0 || (_t7 & 0x00000004) != 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                                              0x005c68af
                                                                                                                              0x005c68b7
                                                                                                                              0x005c68c5
                                                                                                                              0x005c68c6
                                                                                                                              0x005c68c9
                                                                                                                              0x005c68c9

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,?,0060C4A9,00000000,0060C4C2,?,?,00000000), ref: 005C68AF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: df5fa9d8c8bc8a3e51468696a2f41e93479d04ebc0a0d195336a68a71e82ec28
                                                                                                                              • Instruction ID: d55d13c6b4de8628cf529bab2b0a17402205638270c5277f1e7dff5d9331f337
                                                                                                                              • Opcode Fuzzy Hash: df5fa9d8c8bc8a3e51468696a2f41e93479d04ebc0a0d195336a68a71e82ec28
                                                                                                                              • Instruction Fuzzy Hash: 75D012A034520019DE1455FE19F9F5907C45F85325B140B6EB965D51E2D3298F9B1059
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C685C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E005C685C(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesW(E0040B278(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) != 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                                              0x005c6867
                                                                                                                              0x005c686f
                                                                                                                              0x005c6878
                                                                                                                              0x005c6879
                                                                                                                              0x005c687c
                                                                                                                              0x005c687c

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,005CD6D7,00000000), ref: 005C6867
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: 7bd8201cf35cef5ac34834eb35f24739d6ee4f0a9922b51c306f62f8e5de1f5b
                                                                                                                              • Instruction ID: 78aee2f50b20cc69f9a983c300c852fe0a8819bfcc82724499c751dbdfa7c08b
                                                                                                                              • Opcode Fuzzy Hash: 7bd8201cf35cef5ac34834eb35f24739d6ee4f0a9922b51c306f62f8e5de1f5b
                                                                                                                              • Instruction Fuzzy Hash: 86C08CA02412000A6E1065FE1CC9E5902E85E0533A3240B6EF438E22E3D629CAA3201A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00413E90 Relevance: 1.5, APIs: 1, Instructions: 14synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E00413E90(struct _SECURITY_ATTRIBUTES* _a4, void* _a8, WCHAR* _a12) {
				void* _t8;

				_t4 = _a12;
				asm("sbb eax, eax");
				_t8 = CreateMutexW(_a4,  &(_a12[0]) & 0x0000007f, _t4); // executed
				return _t8;
			}




                                                                                                                              0x00413e93
                                                                                                                              0x00413e9b
                                                                                                                              0x00413ea6
                                                                                                                              0x00413eac

                                                                                                                              APIs
                                                                                                                              • CreateMutexW.KERNEL32(?,?,?,?,006B91D7,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000), ref: 00413EA6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateMutex
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1964310414-0
                                                                                                                              • Opcode ID: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                              • Instruction ID: 998b8db590697b8cd4d3fdef7820781a6c6844faac2d13c8a1210bf1408346bf
                                                                                                                              • Opcode Fuzzy Hash: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                              • Instruction Fuzzy Hash: B9C0127359034CAB8700EEA9DC05D9B33DC572860AB008419B918C7100C139E5908B60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00424020 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E00424020(void* __eax) {
				int _t4;

				_t4 = SetCurrentDirectoryW(E0040B278(__eax)); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                                              0x0042402b
                                                                                                                              0x00424033
                                                                                                                              0x00424037

                                                                                                                              APIs
                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00000000,?,006B8A06,00000000,006B8C15,?,?,00000005,00000000,006B8C4E,?,?,00000000), ref: 0042402B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentDirectory
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1611563598-0
                                                                                                                              • Opcode ID: df8aed0e477c8dea0ce41bbd81e691bd114315e892edfb9c442192a2e0a47cf9
                                                                                                                              • Instruction ID: daf6799c843f8394e9bb8cef5a1a486137c4a768e82a56cfe4f83ef7845b6ded
                                                                                                                              • Opcode Fuzzy Hash: df8aed0e477c8dea0ce41bbd81e691bd114315e892edfb9c442192a2e0a47cf9
                                                                                                                              • Instruction Fuzzy Hash: 9AB012A27903400ACE0075FF0CC9D1D00CCD95920F7200FBFB409D2143D57EC484001C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0042B8A3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E0042B8A3() {
				int _t4;
				intOrPtr _t7;
				void* _t8;

				_pop(_t7);
				 *[fs:eax] = _t7;
				_push(0x42b8c1);
				_t4 = SetErrorMode( *(_t8 - 0xc)); // executed
				return _t4;
			}






                                                                                                                              0x0042b8a5
                                                                                                                              0x0042b8a8
                                                                                                                              0x0042b8ab
                                                                                                                              0x0042b8b4
                                                                                                                              0x0042b8b9

                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNEL32(?,0042B8C1), ref: 0042B8B4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2340568224-0
                                                                                                                              • Opcode ID: f668b7aac12c857ffb67314c22418dc82c6b08374c4fda6f72eaba5712bdb9bb
                                                                                                                              • Instruction ID: 1e160e63f6e1d4a3e736ac7d2d169814141797cfe1ada65cb98a64290c0f9c9c
                                                                                                                              • Opcode Fuzzy Hash: f668b7aac12c857ffb67314c22418dc82c6b08374c4fda6f72eaba5712bdb9bb
                                                                                                                              • Instruction Fuzzy Hash: 9CB09B76F0C2005DA709B695745146C67D8EBC47103E148A7F404C2540D57C5444451C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006ACE20 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E006ACE20() {
				struct HINSTANCE__* _t2;

				 *0x6d68a8 = 0;
				if( *0x6d68a4 != 0) {
					_t2 =  *0x6d68a4; // 0x0
					FreeLibrary(_t2); // executed
					 *0x6d68a4 = 0;
					return 0;
				}
				return 0;
			}




                                                                                                                              0x006ace22
                                                                                                                              0x006ace2e
                                                                                                                              0x006ace30
                                                                                                                              0x006ace36
                                                                                                                              0x006ace3d
                                                                                                                              0x00000000
                                                                                                                              0x006ace3d
                                                                                                                              0x006ace42

                                                                                                                              APIs
                                                                                                                              • FreeLibrary.KERNEL32(00000000,006B8CD8,00000000,006B8CE7,?,?,?,?,?,006B97CB), ref: 006ACE36
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeLibrary
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3664257935-0
                                                                                                                              • Opcode ID: d1033aaa8653b6f7709aea60d3a64e5207737459bb20ef6f0850b05c11f2e6ae
                                                                                                                              • Instruction ID: 0a261b708251fa214c00368c1c1d02b101a55c617d2dc256ba4673a2d64f6cb6
                                                                                                                              • Opcode Fuzzy Hash: d1033aaa8653b6f7709aea60d3a64e5207737459bb20ef6f0850b05c11f2e6ae
                                                                                                                              • Instruction Fuzzy Hash: 0DC002B0D131009ECF40DF7CDE45B4237E6A704305F081427F905C61A4D6344440EB24
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0047845C Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0047845C(intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				void* _t14;
				void _t15;
				void* _t24;
				intOrPtr _t25;
				char* _t26;
				void* _t35;

				if( *0x6d4ff8 == 0) {
					_t14 = VirtualAlloc(0, 0x1000, 0x1000, 0x40); // executed
					_t35 = _t14;
					_t15 =  *0x6d4ff4; // 0x0
					 *_t35 = _t15;
					_t1 = _t35 + 4; // 0x4
					E0040714C(0x6c7a94, _t24, 2, _t1);
					_t2 = _t35 + 5; // 0x5
					 *((intOrPtr*)(_t35 + 6)) = E00478454(_t2, 0x478434);
					_t4 = _t35 + 0xa; // 0xa
					_t26 = _t4;
					do {
						 *_t26 = 0xe8;
						_t5 = _t35 + 4; // 0x4
						 *((intOrPtr*)(_t26 + 1)) = E00478454(_t26, _t5);
						 *((intOrPtr*)(_t26 + 5)) =  *0x6d4ff8;
						 *0x6d4ff8 = _t26;
						_t26 = _t26 + 0xd;
					} while (_t26 - _t35 < 0xffc);
					 *0x6d4ff4 = _t35;
				}
				_t25 =  *0x6d4ff8;
				 *0x6d4ff8 =  *((intOrPtr*)(_t25 + 5));
				 *((intOrPtr*)(_t25 + 5)) = _a4;
				 *((intOrPtr*)(_t25 + 9)) = _a8;
				return  *0x6d4ff8;
			}










                                                                                                                              0x0047846a
                                                                                                                              0x0047847a
                                                                                                                              0x0047847f
                                                                                                                              0x00478481
                                                                                                                              0x00478486
                                                                                                                              0x00478488
                                                                                                                              0x00478495
                                                                                                                              0x0047849f
                                                                                                                              0x004784a7
                                                                                                                              0x004784aa
                                                                                                                              0x004784aa
                                                                                                                              0x004784ad
                                                                                                                              0x004784ad
                                                                                                                              0x004784b0
                                                                                                                              0x004784ba
                                                                                                                              0x004784bf
                                                                                                                              0x004784c2
                                                                                                                              0x004784c4
                                                                                                                              0x004784cb
                                                                                                                              0x004784d2
                                                                                                                              0x004784d2
                                                                                                                              0x004784da
                                                                                                                              0x004784df
                                                                                                                              0x004784e4
                                                                                                                              0x004784ea
                                                                                                                              0x004784f1

                                                                                                                              APIs
                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,0068D5D0,?,?,0051557F,00517B00,?,0068D5D0,?,00000000,?,005ACC13), ref: 0047847A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4275171209-0
                                                                                                                              • Opcode ID: 6c24b6a0fe5a989e3bb969723c1e56f7bd6d6c9795a823755d6c712a70d0a833
                                                                                                                              • Instruction ID: 21ed9f25b44590dd6a88678dd2699128a8c8abd14296acda62ee9fdc78064473
                                                                                                                              • Opcode Fuzzy Hash: 6c24b6a0fe5a989e3bb969723c1e56f7bd6d6c9795a823755d6c712a70d0a833
                                                                                                                              • Instruction Fuzzy Hash: F6114C746813069BC710DF19C880B86B7E5EB98350F10C53AE96C9F385E7B4E904CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004056E8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004056E8(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E0040567C(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x6cfaf4 = 0;
					return 0;
				} else {
					_t10 =  *0x6cfae0; // 0x6cfadc
					_t14 = _t4;
					 *_t14 = 0x6cfadc;
					 *0x6cfae0 = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x6cfaf4 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x6cfaf0 = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                                                                              0x004056ea
                                                                                                                              0x004056ec
                                                                                                                              0x004056ff
                                                                                                                              0x00405706
                                                                                                                              0x00405758
                                                                                                                              0x00405761
                                                                                                                              0x00405708
                                                                                                                              0x00405708
                                                                                                                              0x0040570e
                                                                                                                              0x00405710
                                                                                                                              0x00405716
                                                                                                                              0x0040571b
                                                                                                                              0x0040571e
                                                                                                                              0x00405722
                                                                                                                              0x0040572d
                                                                                                                              0x0040573a
                                                                                                                              0x00405742
                                                                                                                              0x00405744
                                                                                                                              0x00405751
                                                                                                                              0x00405755
                                                                                                                              0x00405755

                                                                                                                              APIs
                                                                                                                              • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,00405CFF,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000), ref: 004056FF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4275171209-0
                                                                                                                              • Opcode ID: a522bf9bd685f9285ef17df139ca3c83d4d9edda6c804f015ead83d427766566
                                                                                                                              • Instruction ID: 671f966e8e8ef53a1d331dc007cdee3d18c8d913abcb1f2bfacacf6af6d793b4
                                                                                                                              • Opcode Fuzzy Hash: a522bf9bd685f9285ef17df139ca3c83d4d9edda6c804f015ead83d427766566
                                                                                                                              • Instruction Fuzzy Hash: 9CF0AFF2B003018FD7549FB89D40B12BBD6E708354F20413EE90DEB794D7B088008B88
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00625754 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 187pipeprocessfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E00625754(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v12;
				char _v16;
				void* _v20;
				void* _v24;
				long _v28;
				struct _STARTUPINFOW _v96;
				struct _PROCESS_INFORMATION _v112;
				char _v116;
				long _v120;
				char _v124;
				long _v128;
				char _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				void* _v168;
				char _v172;
				char _v176;
				char _v180;
				char _v184;
				char* _t62;
				WCHAR* _t91;
				WCHAR* _t97;
				intOrPtr _t98;
				void* _t127;
				intOrPtr _t139;
				struct _FILETIME* _t141;
				void* _t145;
				void* _t146;
				intOrPtr _t147;

				_t145 = _t146;
				_t147 = _t146 + 0xffffff4c;
				_v156 = 0;
				_v160 = 0;
				_v16 = 0;
				_t127 = __eax;
				_t141 =  &_v12;
				_push(_t145);
				_push(0x625a4f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				E00616130(L"Starting 64-bit helper process.", __eax, _t141, 0x6d636c);
				_t62 =  *0x6cda20; // 0x6d67dd
				if( *_t62 == 0) {
					E0060CD28(L"Cannot utilize 64-bit features on this version of Windows", _t127);
				}
				if( *0x6d6368 == 0) {
					E0060CD28(L"64-bit helper EXE wasn\'t extracted", _t127);
				}
				while(1) {
					 *0x6d636c =  *0x6d636c + 1;
					 *((intOrPtr*)(_t127 + 0x14)) = GetTickCount();
					if(QueryPerformanceCounter(_t141) == 0) {
						GetSystemTimeAsFileTime(_t141);
					}
					_v152 = GetCurrentProcessId();
					_v148 = 0;
					_v144 =  *0x6d636c;
					_v140 = 0;
					_v136 =  *((intOrPtr*)(_t127 + 0x14));
					_v132 = 0;
					_v128 = _t141->dwHighDateTime;
					_v124 = 0;
					_v120 = _t141->dwLowDateTime;
					_v116 = 0;
					E004244F8(L"\\\\.\\pipe\\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x", 4,  &_v152,  &_v16);
					_v20 = CreateNamedPipeW(E0040B278(_v16), 0x40080003, 6, 1, 0x2000, 0x2000, 0, 0);
					if(_v20 != 0xffffffff) {
						break;
					}
					if(GetLastError() != 0xe7) {
						E0060CE84(L"CreateNamedPipe");
					}
				}
				_push(_t145);
				_push(0x625a0b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v24 = CreateFileW(E0040B278(_v16), 0xc0000000, 0, 0x6cd098, 3, 0, 0);
				if(_v24 == 0xffffffff) {
					E0060CE84(L"CreateFile");
				}
				_push(_t145);
				_push(0x6259fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147;
				_v28 = 2;
				if(SetNamedPipeHandleState(_v24,  &_v28, 0, 0) == 0) {
					E0060CE84(L"SetNamedPipeHandleState");
				}
				E00407760( &_v96, 0x44);
				_v96.cb = 0x44;
				E005C745C( &_v156);
				_t91 = E0040B278(_v156);
				_v176 = 0x69;
				_v172 = 0;
				_v168 = _v24;
				_v164 = 0;
				E004244F8(L"helper %d 0x%x", 1,  &_v176,  &_v160);
				_t97 = E0040B278(_v160);
				_t98 =  *0x6d6368; // 0x0
				if(CreateProcessW(E0040B278(_t98), _t97, 0, 0, 0xffffffff, 0xc000000, 0, _t91,  &_v96,  &_v112) == 0) {
					E0060CE84(L"CreateProcess");
				}
				 *((char*)(_t127 + 4)) = 1;
				 *((char*)(_t127 + 5)) = 0;
				 *(_t127 + 8) = _v112.hProcess;
				 *((intOrPtr*)(_t127 + 0x10)) = _v112.dwProcessId;
				 *((intOrPtr*)(_t127 + 0xc)) = _v20;
				_v20 = 0;
				CloseHandle(_v112.hThread);
				_v184 =  *((intOrPtr*)(_t127 + 0x10));
				_v180 = 0;
				E006163B4(L"Helper process PID: %u", _t127, 0,  &_v184, _t141, 0x6d636c);
				_pop(_t139);
				 *[fs:eax] = _t139;
				_push(E00625A01);
				return CloseHandle(_v24);
			}






































                                                                                                                              0x00625755
                                                                                                                              0x00625757
                                                                                                                              0x00625762
                                                                                                                              0x00625768
                                                                                                                              0x0062576e
                                                                                                                              0x00625771
                                                                                                                              0x00625778
                                                                                                                              0x0062577d
                                                                                                                              0x0062577e
                                                                                                                              0x00625783
                                                                                                                              0x00625786
                                                                                                                              0x0062578e
                                                                                                                              0x00625793
                                                                                                                              0x0062579b
                                                                                                                              0x006257a2
                                                                                                                              0x006257a2
                                                                                                                              0x006257ae
                                                                                                                              0x006257b5
                                                                                                                              0x006257b5
                                                                                                                              0x006257ba
                                                                                                                              0x006257ba
                                                                                                                              0x006257c1
                                                                                                                              0x006257cc
                                                                                                                              0x006257cf
                                                                                                                              0x006257cf
                                                                                                                              0x006257dd
                                                                                                                              0x006257e3
                                                                                                                              0x006257ec
                                                                                                                              0x006257f2
                                                                                                                              0x006257fc
                                                                                                                              0x00625802
                                                                                                                              0x00625809
                                                                                                                              0x0062580c
                                                                                                                              0x00625812
                                                                                                                              0x00625815
                                                                                                                              0x00625829
                                                                                                                              0x00625853
                                                                                                                              0x0062585a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00625866
                                                                                                                              0x00625871
                                                                                                                              0x00625871
                                                                                                                              0x00625866
                                                                                                                              0x0062587d
                                                                                                                              0x0062587e
                                                                                                                              0x00625883
                                                                                                                              0x00625886
                                                                                                                              0x006258a9
                                                                                                                              0x006258b0
                                                                                                                              0x006258b7
                                                                                                                              0x006258b7
                                                                                                                              0x006258be
                                                                                                                              0x006258bf
                                                                                                                              0x006258c4
                                                                                                                              0x006258c7
                                                                                                                              0x006258ca
                                                                                                                              0x006258e4
                                                                                                                              0x006258eb
                                                                                                                              0x006258eb
                                                                                                                              0x006258fa
                                                                                                                              0x006258ff
                                                                                                                              0x00625914
                                                                                                                              0x0062591f
                                                                                                                              0x00625939
                                                                                                                              0x00625943
                                                                                                                              0x0062594d
                                                                                                                              0x00625953
                                                                                                                              0x0062596a
                                                                                                                              0x00625975
                                                                                                                              0x0062597b
                                                                                                                              0x0062598d
                                                                                                                              0x00625994
                                                                                                                              0x00625994
                                                                                                                              0x00625999
                                                                                                                              0x0062599d
                                                                                                                              0x006259a4
                                                                                                                              0x006259aa
                                                                                                                              0x006259b0
                                                                                                                              0x006259b5
                                                                                                                              0x006259bc
                                                                                                                              0x006259c4
                                                                                                                              0x006259ca
                                                                                                                              0x006259de
                                                                                                                              0x006259e5
                                                                                                                              0x006259e8
                                                                                                                              0x006259eb
                                                                                                                              0x006259f9

                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 006257BC
                                                                                                                              • QueryPerformanceCounter.KERNEL32(00000000,00000000,00625A4F,?,?,00000000,00000000,?,0062644E,?,00000000,00000000), ref: 006257C5
                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 006257CF
                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,00625A4F,?,?,00000000,00000000,?,0062644E,?,00000000,00000000), ref: 006257D8
                                                                                                                              • CreateNamedPipeW.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0062584E
                                                                                                                              • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 0062585C
                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000000,006CD098,00000003,00000000,00000000,00000000,00625A0B,?,00000000,40080003,00000006,00000001,00002000,00002000), ref: 006258A4
                                                                                                                              • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,006259FA,?,00000000,C0000000,00000000,006CD098,00000003,00000000,00000000,00000000,00625A0B), ref: 006258DD
                                                                                                                                • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                                                                              • CreateProcessW.KERNEL32 ref: 00625986
                                                                                                                              • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 006259BC
                                                                                                                              • CloseHandle.KERNEL32(000000FF,00625A01,?,00000000,00000000,000000FF,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 006259F4
                                                                                                                                • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                                                              • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                                                              • API String ID: 770386003-3271284199
                                                                                                                              • Opcode ID: 1d61a458bc1dfa2306680cf6597857de54595b0ddea4cb12d6eb8daebf4e56a5
                                                                                                                              • Instruction ID: 34d3d620ae4a6a58b4d890a55742d975a8112a0372845dc610fa96f79e58b5cb
                                                                                                                              • Opcode Fuzzy Hash: 1d61a458bc1dfa2306680cf6597857de54595b0ddea4cb12d6eb8daebf4e56a5
                                                                                                                              • Instruction Fuzzy Hash: 21717F70E407589EDB20EFB9DC46B9EBBB6EF09304F1041A9F509EB282D77499408F65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006A60E8 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 93COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			E006A60E8(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				DWORD* _v16;
				struct _SHELLEXECUTEINFOW _v76;
				long _t41;
				intOrPtr _t69;
				void* _t71;
				void* _t73;
				void* _t74;
				intOrPtr _t75;

				_t73 = _t74;
				_t75 = _t74 + 0xffffffb8;
				_v8 = 0;
				_v12 = 0;
				_v16 = __ecx;
				_t71 = __edx;
				_t60 = __eax;
				_push(_t73);
				_push(0x6a6237);
				 *[fs:eax] = _t75;
				E006A5F04(__eax,  &_v8,  *[fs:eax]);
				E006A6014( &_v12, _t60, _t71);
				E00407760( &_v76, 0x3c);
				_v76.cbSize = 0x3c;
				_v76.fMask = 0x800540;
				_v76.lpVerb = L"runas";
				_v76.lpFile = E0040B278(_v8);
				_v76.lpParameters = E0040B278(_t71);
				_v76.lpDirectory = E0040B278(_v12);
				_v76.nShow = 1;
				if(ShellExecuteExW( &_v76) == 0) {
					if(GetLastError() == 0x4c7) {
						E00428FDC();
					}
					E0060CE84(L"ShellExecuteEx");
				}
				if(_v76.hProcess == 0) {
					E0060CD28(L"ShellExecuteEx returned hProcess=0", _t60);
				}
				_push(_t73);
				_push(0x6a6215);
				_push( *[fs:edx]);
				 *[fs:edx] = _t75;
				do {
					E006A5C10();
					_t41 = MsgWaitForMultipleObjects(1,  &(_v76.hProcess), 0, 0xffffffff, 0x4ff);
				} while (_t41 == 1);
				if(_t41 == 0xffffffff) {
					E0060CE84(L"MsgWaitForMultipleObjects");
				}
				E006A5C10();
				if(GetExitCodeProcess(_v76.hProcess, _v16) == 0) {
					E0060CE84(L"GetExitCodeProcess");
				}
				_pop(_t69);
				 *[fs:eax] = _t69;
				_push(E006A621C);
				return CloseHandle(_v76.hProcess);
			}













                                                                                                                              0x006a60e9
                                                                                                                              0x006a60eb
                                                                                                                              0x006a60f2
                                                                                                                              0x006a60f5
                                                                                                                              0x006a60f8
                                                                                                                              0x006a60fb
                                                                                                                              0x006a60fd
                                                                                                                              0x006a6101
                                                                                                                              0x006a6102
                                                                                                                              0x006a610a
                                                                                                                              0x006a6112
                                                                                                                              0x006a611a
                                                                                                                              0x006a6129
                                                                                                                              0x006a612e
                                                                                                                              0x006a6135
                                                                                                                              0x006a6141
                                                                                                                              0x006a614c
                                                                                                                              0x006a6156
                                                                                                                              0x006a6161
                                                                                                                              0x006a6164
                                                                                                                              0x006a6176
                                                                                                                              0x006a6182
                                                                                                                              0x006a6184
                                                                                                                              0x006a6184
                                                                                                                              0x006a618e
                                                                                                                              0x006a618e
                                                                                                                              0x006a6197
                                                                                                                              0x006a619e
                                                                                                                              0x006a619e
                                                                                                                              0x006a61a5
                                                                                                                              0x006a61a6
                                                                                                                              0x006a61ab
                                                                                                                              0x006a61ae
                                                                                                                              0x006a61b1
                                                                                                                              0x006a61b1
                                                                                                                              0x006a61c5
                                                                                                                              0x006a61ca
                                                                                                                              0x006a61d2
                                                                                                                              0x006a61d9
                                                                                                                              0x006a61d9
                                                                                                                              0x006a61de
                                                                                                                              0x006a61f2
                                                                                                                              0x006a61f9
                                                                                                                              0x006a61f9
                                                                                                                              0x006a6200
                                                                                                                              0x006a6203
                                                                                                                              0x006a6206
                                                                                                                              0x006a6214

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 006A5F04: GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F30
                                                                                                                                • Part of subcall function 006A5F04: GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F49
                                                                                                                                • Part of subcall function 006A5F04: CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F73
                                                                                                                                • Part of subcall function 006A5F04: CloseHandle.KERNEL32(00000000), ref: 006A5F91
                                                                                                                                • Part of subcall function 006A6014: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,006A60A5,?,00000097,00000000,?,006A611F,00000000,006A6237,?,?,00000001), ref: 006A6043
                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 006A616F
                                                                                                                              • GetLastError.KERNEL32(0000003C,00000000,006A6237,?,?,00000001), ref: 006A6178
                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 006A61C5
                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 006A61EB
                                                                                                                              • CloseHandle.KERNEL32(00000000,006A621C,00000000,00000000,000000FF,000004FF,00000000,006A6215,?,0000003C,00000000,006A6237,?,?,00000001), ref: 006A620F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Handle$CloseFile$AttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcessShellWait
                                                                                                                              • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                                                              • API String ID: 254331816-221126205
                                                                                                                              • Opcode ID: c0915935757d82cb7a44c19cf085e655d5b0771d5b244b6ce8cdfc72828eabd3
                                                                                                                              • Instruction ID: 3b593d6e4f6188ec2893085c4d8bc70e2010c955c7988aee54b7ca20d83eebf0
                                                                                                                              • Opcode Fuzzy Hash: c0915935757d82cb7a44c19cf085e655d5b0771d5b244b6ce8cdfc72828eabd3
                                                                                                                              • Instruction Fuzzy Hash: 4931AF70A00208AFDB10FFE9C842A9DBABAEF06314F44053DF514E62D2D7789E448F29
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E0D4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E0040E0D4(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040E0B0(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040E0B0(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040DAF8( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040E0B0(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040DAF8(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040DAF8( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040DAF8(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040DAF8(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                                                                              0x0040e0e0
                                                                                                                              0x0040e0e3
                                                                                                                              0x0040e0e9
                                                                                                                              0x0040e0f6
                                                                                                                              0x0040e0fa
                                                                                                                              0x0040e139
                                                                                                                              0x0040e140
                                                                                                                              0x0040e180
                                                                                                                              0x00000000
                                                                                                                              0x0040e142
                                                                                                                              0x0040e14a
                                                                                                                              0x0040e15b
                                                                                                                              0x0040e161
                                                                                                                              0x0040e167
                                                                                                                              0x0040e16f
                                                                                                                              0x0040e175
                                                                                                                              0x0040e183
                                                                                                                              0x0040e185
                                                                                                                              0x0040e188
                                                                                                                              0x0040e18a
                                                                                                                              0x0040e18c
                                                                                                                              0x0040e18c
                                                                                                                              0x0040e18f
                                                                                                                              0x0040e197
                                                                                                                              0x0040e1a8
                                                                                                                              0x0040e26f
                                                                                                                              0x0040e1ba
                                                                                                                              0x0040e1be
                                                                                                                              0x0040e1c0
                                                                                                                              0x0040e1c2
                                                                                                                              0x0040e1c4
                                                                                                                              0x0040e1c4
                                                                                                                              0x0040e1cf
                                                                                                                              0x0040e1df
                                                                                                                              0x0040e1e3
                                                                                                                              0x0040e1e5
                                                                                                                              0x0040e1e7
                                                                                                                              0x0040e1e9
                                                                                                                              0x0040e1e9
                                                                                                                              0x0040e1ef
                                                                                                                              0x0040e207
                                                                                                                              0x0040e20e
                                                                                                                              0x0040e214
                                                                                                                              0x0040e230
                                                                                                                              0x0040e232
                                                                                                                              0x0040e259
                                                                                                                              0x0040e26b
                                                                                                                              0x0040e26d
                                                                                                                              0x00000000
                                                                                                                              0x0040e26d
                                                                                                                              0x0040e230
                                                                                                                              0x0040e20e
                                                                                                                              0x00000000
                                                                                                                              0x0040e1cf
                                                                                                                              0x0040e285
                                                                                                                              0x0040e285
                                                                                                                              0x0040e197
                                                                                                                              0x0040e175
                                                                                                                              0x0040e161
                                                                                                                              0x0040e14a
                                                                                                                              0x0040e0fc
                                                                                                                              0x0040e107
                                                                                                                              0x0040e10b
                                                                                                                              0x00000000
                                                                                                                              0x0040e10d
                                                                                                                              0x0040e10d
                                                                                                                              0x0040e118
                                                                                                                              0x0040e11c
                                                                                                                              0x0040e121
                                                                                                                              0x00000000
                                                                                                                              0x0040e123
                                                                                                                              0x0040e12f
                                                                                                                              0x0040e12f
                                                                                                                              0x0040e121
                                                                                                                              0x0040e10b
                                                                                                                              0x0040e28a
                                                                                                                              0x0040e293

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,0041CF90,?,?), ref: 0040E0F1
                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040E102
                                                                                                                              • FindFirstFileW.KERNEL32(?,?,kernel32.dll,0041CF90,?,?), ref: 0040E202
                                                                                                                              • FindClose.KERNEL32(?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E214
                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E220
                                                                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,0041CF90,?,?), ref: 0040E265
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                              • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                              • API String ID: 1930782624-3908791685
                                                                                                                              • Opcode ID: 1e5aa63ad13805ebe641060d55f71927a25656d4bbeb27d65059da7d04647448
                                                                                                                              • Instruction ID: 85f15f90104044dde56611b048d4fe37091be9da2e2d426f5e1dee482ffdf80d
                                                                                                                              • Opcode Fuzzy Hash: 1e5aa63ad13805ebe641060d55f71927a25656d4bbeb27d65059da7d04647448
                                                                                                                              • Instruction Fuzzy Hash: 09418471E005189BCB10DAA6CC85ADEB3B9EF44310F1449FAD504F72C1EB789E568F89
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060F6D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E0060F6D8() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E00429D18() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                                                                                              0x0060f6e3
                                                                                                                              0x0060f740
                                                                                                                              0x0060f744
                                                                                                                              0x0060f74c
                                                                                                                              0x00000000
                                                                                                                              0x0060f74e
                                                                                                                              0x0060f6f5
                                                                                                                              0x0060f707
                                                                                                                              0x0060f70c
                                                                                                                              0x0060f714
                                                                                                                              0x0060f72e
                                                                                                                              0x0060f73a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0060f73c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetCurrentProcess.KERNEL32(00000028), ref: 0060F6E8
                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0060F6EE
                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 0060F707
                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0060F72E
                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0060F733
                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 0060F744
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                              • String ID: SeShutdownPrivilege
                                                                                                                              • API String ID: 107509674-3733053543
                                                                                                                              • Opcode ID: db782202178d27a3b7ec1b4d3af323313e6a5951352ddb141a95d71b7c8baf5b
                                                                                                                              • Instruction ID: 06ed2f01938c74524bf5f5b14376f39d724559be6214a1270456cb597724f4e2
                                                                                                                              • Opcode Fuzzy Hash: db782202178d27a3b7ec1b4d3af323313e6a5951352ddb141a95d71b7c8baf5b
                                                                                                                              • Instruction Fuzzy Hash: 8EF090306E430276E624AF719C47FEB218D9B40B09F50092DF644D61C1DBA9E589826B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006A68B0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 74%
                                                                                                                              			E006A68B0(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, short* _a8, intOrPtr _a12, void* _a16, char _a20, intOrPtr _a24, intOrPtr* _a32, intOrPtr _a36, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
				char _v5;
				intOrPtr _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v60;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char _v120;
				intOrPtr* _t70;
				intOrPtr* _t74;
				signed int _t77;
				signed int _t78;
				intOrPtr* _t79;
				signed int _t82;
				signed int _t83;
				short* _t87;
				intOrPtr _t106;
				intOrPtr _t123;
				void* _t125;
				char _t126;
				intOrPtr* _t127;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr* _t148;
				void* _t150;
				void* _t151;
				intOrPtr _t152;
				intOrPtr _t164;

				_t150 = _t151;
				_t152 = _t151 + 0xffffff8c;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t147 = __ecx;
				_t123 = __edx;
				_t145 = __eax;
				_push(_t150);
				_push(0x6a6acd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t152;
				if( *0x6d648c == 0) {
					_v5 = 0;
					__eflags = 0;
					_pop(_t136);
					 *[fs:eax] = _t136;
					_push(E006A6AD4);
					return 0;
				} else {
					E00407760( &_v120, 0x60);
					_v120 = 0x60;
					if(_a20 != 0) {
						_v108 = _v108 | 0x00002000;
					}
					_v112 =  *0x6d2634;
					_t70 =  *0x6cdec4; // 0x6d579c
					if(IsIconic( *( *_t70 + 0x188)) == 0) {
						_t74 =  *0x6cdec4; // 0x6d579c
						_t77 = GetWindowLongW( *( *_t74 + 0x188), 0xfffffff0);
						__eflags = _t77 & 0x10000000;
						_t12 = (_t77 & 0x10000000) == 0;
						__eflags = _t12;
						_t78 = _t77 & 0xffffff00 | _t12;
					} else {
						_t78 = 1;
					}
					if(_t78 == 0) {
						_t79 =  *0x6cdec4; // 0x6d579c
						_t82 = GetWindowLongW( *( *_t79 + 0x188), 0xffffffec);
						__eflags = _t82 & 0x00000080;
						_t17 = (_t82 & 0x00000080) != 0;
						__eflags = _t17;
						_t83 = _t82 & 0xffffff00 | _t17;
					} else {
						_t83 = 1;
					}
					if(_t83 == 0) {
						_v116 = _t145;
					} else {
						_v116 = 0;
					}
					_v104 = _a44;
					_v100 = _a52;
					_v96 = _a48;
					_v92 = _t123;
					_v88 = _t147;
					_t87 = _a8;
					if(_t87 != 0 &&  *_t87 != 0) {
						_v60 = _a8;
					}
					if(_a24 != 0) {
						_v36 = 0x6a6888;
						_v32 = _a24;
					}
					_v12 = 0;
					_push(_t150);
					_push(0x6a6ab4);
					_push( *[fs:edx]);
					 *[fs:edx] = _t152;
					_t125 = _a36 + 1;
					if(_t125 != 0) {
						_t106 =  *0x54808c; // 0x5480e4
						_v12 = E00466A64(0, 1, _t145, _t106);
						_v108 = _v108 | 0x00000010;
						_t125 = _t125 - 1;
						if(_t125 >= 0) {
							_t126 = _t125 + 1;
							_t164 = _t126;
							_v24 = _t126;
							_t127 = _a40;
							_t148 = _a32;
							do {
								_t145 = E0054BA48(_v12);
								E0054B708(_t145,  *_t127, _t164);
								 *((intOrPtr*)(_t145 + 0x18)) =  *_t148;
								_t148 = _t148 + 4;
								_t127 = _t127 + 4;
								_t45 =  &_v24;
								 *_t45 = _v24 - 1;
							} while ( *_t45 != 0);
						}
						_v80 = E0054BA54(_v12);
						_v84 =  *((intOrPtr*)( *((intOrPtr*)(_v12 + 8)) + 8));
					}
					E005C9060();
					_v16 = GetActiveWindow();
					_v20 = E005ABB4C(0, _t125, _t145, _t147);
					 *[fs:eax] = _t152;
					_v5 =  *0x6d648c( &_v120, _a12, 0, _a4,  *[fs:eax], 0x6a6a97, _t150) == 0;
					_pop(_t140);
					 *[fs:eax] = _t140;
					_push(E006A6A9E);
					E005ABC0C(_v20);
					SetActiveWindow(_v16);
					return E005C9060();
				}
			}












































                                                                                                                              0x006a68b1
                                                                                                                              0x006a68b3
                                                                                                                              0x006a68b6
                                                                                                                              0x006a68b7
                                                                                                                              0x006a68b8
                                                                                                                              0x006a68b9
                                                                                                                              0x006a68bb
                                                                                                                              0x006a68bd
                                                                                                                              0x006a68c1
                                                                                                                              0x006a68c2
                                                                                                                              0x006a68c7
                                                                                                                              0x006a68ca
                                                                                                                              0x006a68d4
                                                                                                                              0x006a6abb
                                                                                                                              0x006a6abf
                                                                                                                              0x006a6ac1
                                                                                                                              0x006a6ac4
                                                                                                                              0x006a6ac7
                                                                                                                              0x006a6acc
                                                                                                                              0x006a68da
                                                                                                                              0x006a68e4
                                                                                                                              0x006a68e9
                                                                                                                              0x006a68f4
                                                                                                                              0x006a68f6
                                                                                                                              0x006a68f6
                                                                                                                              0x006a6902
                                                                                                                              0x006a6905
                                                                                                                              0x006a691a
                                                                                                                              0x006a6920
                                                                                                                              0x006a6930
                                                                                                                              0x006a6935
                                                                                                                              0x006a693a
                                                                                                                              0x006a693a
                                                                                                                              0x006a693a
                                                                                                                              0x006a691c
                                                                                                                              0x006a691c
                                                                                                                              0x006a691c
                                                                                                                              0x006a693f
                                                                                                                              0x006a6945
                                                                                                                              0x006a6955
                                                                                                                              0x006a695a
                                                                                                                              0x006a695c
                                                                                                                              0x006a695c
                                                                                                                              0x006a695c
                                                                                                                              0x006a6941
                                                                                                                              0x006a6941
                                                                                                                              0x006a6941
                                                                                                                              0x006a6961
                                                                                                                              0x006a696a
                                                                                                                              0x006a6963
                                                                                                                              0x006a6965
                                                                                                                              0x006a6965
                                                                                                                              0x006a6970
                                                                                                                              0x006a6976
                                                                                                                              0x006a697c
                                                                                                                              0x006a697f
                                                                                                                              0x006a6982
                                                                                                                              0x006a6985
                                                                                                                              0x006a698a
                                                                                                                              0x006a6995
                                                                                                                              0x006a6995
                                                                                                                              0x006a699c
                                                                                                                              0x006a699e
                                                                                                                              0x006a69a8
                                                                                                                              0x006a69a8
                                                                                                                              0x006a69ad
                                                                                                                              0x006a69b2
                                                                                                                              0x006a69b3
                                                                                                                              0x006a69b8
                                                                                                                              0x006a69bb
                                                                                                                              0x006a69c1
                                                                                                                              0x006a69c4
                                                                                                                              0x006a69c6
                                                                                                                              0x006a69da
                                                                                                                              0x006a69dd
                                                                                                                              0x006a69e1
                                                                                                                              0x006a69e4
                                                                                                                              0x006a69e6
                                                                                                                              0x006a69e6
                                                                                                                              0x006a69e7
                                                                                                                              0x006a69ea
                                                                                                                              0x006a69ed
                                                                                                                              0x006a69f0
                                                                                                                              0x006a69f8
                                                                                                                              0x006a69fe
                                                                                                                              0x006a6a05
                                                                                                                              0x006a6a08
                                                                                                                              0x006a6a0b
                                                                                                                              0x006a6a0e
                                                                                                                              0x006a6a0e
                                                                                                                              0x006a6a0e
                                                                                                                              0x006a69f0
                                                                                                                              0x006a6a1b
                                                                                                                              0x006a6a27
                                                                                                                              0x006a6a27
                                                                                                                              0x006a6a2f
                                                                                                                              0x006a6a39
                                                                                                                              0x006a6a43
                                                                                                                              0x006a6a51
                                                                                                                              0x006a6a6a
                                                                                                                              0x006a6a70
                                                                                                                              0x006a6a73
                                                                                                                              0x006a6a76
                                                                                                                              0x006a6a7e
                                                                                                                              0x006a6a87
                                                                                                                              0x006a6a96
                                                                                                                              0x006a6a96

                                                                                                                              APIs
                                                                                                                              • IsIconic.USER32 ref: 006A6913
                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 006A6930
                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 006A6955
                                                                                                                                • Part of subcall function 005ABC0C: IsWindow.USER32(8B565300), ref: 005ABC1A
                                                                                                                                • Part of subcall function 005ABC0C: EnableWindow.USER32(8B565300,000000FF), ref: 005ABC29
                                                                                                                              • GetActiveWindow.USER32 ref: 006A6A34
                                                                                                                              • SetActiveWindow.USER32(006C479A,006A6A9E,006A6AB4,?,?,000000EC,?,000000F0,?,00000000,006A6ACD,?,00000000,?,00000000), ref: 006A6A87
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$ActiveLong$EnableIconic
                                                                                                                              • String ID: `
                                                                                                                              • API String ID: 4222481217-2679148245
                                                                                                                              • Opcode ID: bbb381b8fbc4d8b387cdcd93e1fcf562f63046ab1121e3482b0235a5bbb07c6f
                                                                                                                              • Instruction ID: 936cf99dd23b6ce25ef8ab77046748165037aff960be166beb91cb3f54ae6a19
                                                                                                                              • Opcode Fuzzy Hash: bbb381b8fbc4d8b387cdcd93e1fcf562f63046ab1121e3482b0235a5bbb07c6f
                                                                                                                              • Instruction Fuzzy Hash: C3611875A002099FDB00EFA9C885A9EBBF6FB4A304F598469F914EB361D734AD41CF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B8DE4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E006B8DE4(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				struct _WIN32_FIND_DATAW _v604;
				char _v608;
				char _v612;
				void* _t59;
				intOrPtr _t70;
				intOrPtr _t73;
				signed int _t77;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t80 = _t81;
				_t82 = _t81 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v8 = 0;
				_t59 = __eax;
				_push(_t80);
				_push(0x6b8f21);
				_push( *[fs:eax]);
				 *[fs:eax] = _t82;
				E0040B4C8( &_v608, L"isRS-???.tmp", __eax);
				_v12 = FindFirstFileW(E0040B278(_v608),  &_v604);
				if(_v12 == 0xffffffff) {
					_pop(_t70);
					 *[fs:eax] = _t70;
					_push(E006B8F28);
					E0040A228( &_v612, 2);
					return E0040A1C8( &_v8);
				} else {
					_push(_t80);
					_push(0x6b8ef4);
					_push( *[fs:eax]);
					 *[fs:eax] = _t82;
					do {
						if(E004241A0( &(_v604.cFileName), 5, L"isRS-") == 0 && (_v604.dwFileAttributes & 0x00000010) == 0) {
							E0040B318( &_v612, 0x104,  &(_v604.cFileName));
							E0040B4C8( &_v8, _v612, _t59);
							_t77 = _v604.dwFileAttributes;
							if((_t77 & 0x00000001) != 0) {
								SetFileAttributesW(E0040B278(_v8), _t77 & 0xfffffffe);
							}
							E00423A20(_v8);
						}
					} while (FindNextFileW(_v12,  &_v604) != 0);
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E006B8EFB);
					return FindClose(_v12);
				}
			}















                                                                                                                              0x006b8de5
                                                                                                                              0x006b8de7
                                                                                                                              0x006b8df1
                                                                                                                              0x006b8df7
                                                                                                                              0x006b8dfd
                                                                                                                              0x006b8e00
                                                                                                                              0x006b8e04
                                                                                                                              0x006b8e05
                                                                                                                              0x006b8e0a
                                                                                                                              0x006b8e0d
                                                                                                                              0x006b8e24
                                                                                                                              0x006b8e3a
                                                                                                                              0x006b8e41
                                                                                                                              0x006b8efd
                                                                                                                              0x006b8f00
                                                                                                                              0x006b8f03
                                                                                                                              0x006b8f13
                                                                                                                              0x006b8f20
                                                                                                                              0x006b8e47
                                                                                                                              0x006b8e49
                                                                                                                              0x006b8e4a
                                                                                                                              0x006b8e4f
                                                                                                                              0x006b8e52
                                                                                                                              0x006b8e55
                                                                                                                              0x006b8e6c
                                                                                                                              0x006b8e88
                                                                                                                              0x006b8e98
                                                                                                                              0x006b8e9d
                                                                                                                              0x006b8ea9
                                                                                                                              0x006b8eb8
                                                                                                                              0x006b8eb8
                                                                                                                              0x006b8ec0
                                                                                                                              0x006b8ec0
                                                                                                                              0x006b8ed5
                                                                                                                              0x006b8edf
                                                                                                                              0x006b8ee2
                                                                                                                              0x006b8ee5
                                                                                                                              0x006b8ef3
                                                                                                                              0x006b8ef3

                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A,?,00000000,00000000,00000000), ref: 006B8E35
                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000010), ref: 006B8EB8
                                                                                                                              • FindNextFileW.KERNEL32(000000FF,?,00000000,006B8EF4,?,00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A), ref: 006B8ED0
                                                                                                                              • FindClose.KERNEL32(000000FF,006B8EFB,006B8EF4,?,00000000,?,00000000,006B8F21,?,006D579C,?,?,006B90D6,00000000,006B912A), ref: 006B8EEE
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFind$AttributesCloseFirstNext
                                                                                                                              • String ID: isRS-$isRS-???.tmp
                                                                                                                              • API String ID: 134685335-3422211394
                                                                                                                              • Opcode ID: 074e678bb07a20ccc344850560c035909ffc70e2115e37d29229396984f8b101
                                                                                                                              • Instruction ID: d39c6702953267373b2098697dd7c4daff6c19a754f4e73b98016d5d2bb0ed42
                                                                                                                              • Opcode Fuzzy Hash: 074e678bb07a20ccc344850560c035909ffc70e2115e37d29229396984f8b101
                                                                                                                              • Instruction Fuzzy Hash: E6317670A006189FDB10DF65DC45ADEB7BEEB84304F5145FAE804A3291EB389E81CB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C90B4 Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E005C90B4(WCHAR* __eax, void* __ebx, signed int __ecx, WCHAR* __edx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				intOrPtr* _t28;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr* _t37;
				signed int _t41;
				intOrPtr* _t43;
				WCHAR* _t62;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t76;
				WCHAR* _t78;
				void* _t80;
				void* _t81;
				intOrPtr _t82;

				_t76 = __edi;
				_t80 = _t81;
				_t82 = _t81 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_v8 = __ecx;
				_t78 = __edx;
				_t62 = __eax;
				if( *0x6d5814 != 0) {
					_v8 = _v8 | 0x00180000;
				}
				E005C9060();
				_push(_t80);
				_push(0x5c91da);
				_push( *[fs:edx]);
				 *[fs:edx] = _t82;
				_t28 =  *0x6cdec4; // 0x6d579c
				if(IsIconic( *( *_t28 + 0x188)) == 0) {
					_t32 =  *0x6cdec4; // 0x6d579c
					_t36 = GetWindowLongW( *( *_t32 + 0x188), 0xfffffff0) & 0xffffff00 | (_t35 & 0x10000000) == 0x00000000;
				} else {
					_t36 = 1;
				}
				if(_t36 == 0) {
					_t37 =  *0x6cdec4; // 0x6d579c
					_t41 = GetWindowLongW( *( *_t37 + 0x188), 0xffffffec) & 0xffffff00 | (_t40 & 0x00000080) != 0x00000000;
				} else {
					_t41 = 1;
				}
				if(_t41 == 0) {
					_t43 =  *0x6cdec4; // 0x6d579c
					_v12 = E005B8BCC( *_t43, _t62, _t78, _t62, _t76, _t78, _v8);
					_pop(_t73);
					 *[fs:eax] = _t73;
					_push(E005C91E1);
					return E005C9060();
				} else {
					_v16 = GetActiveWindow();
					_v20 = E005ABB4C(0, _t62, _t76, _t78);
					_push(_t80);
					_push(0x5c919d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t82;
					_v12 = MessageBoxW(0, _t62, _t78, _v8 | 0x00002000);
					_pop(_t75);
					 *[fs:eax] = _t75;
					_push(E005C91A4);
					E005ABC0C(_v20);
					return SetActiveWindow(_v16);
				}
			}





















                                                                                                                              0x005c90b4
                                                                                                                              0x005c90b5
                                                                                                                              0x005c90b7
                                                                                                                              0x005c90ba
                                                                                                                              0x005c90bb
                                                                                                                              0x005c90bc
                                                                                                                              0x005c90bf
                                                                                                                              0x005c90c1
                                                                                                                              0x005c90ca
                                                                                                                              0x005c90cc
                                                                                                                              0x005c90cc
                                                                                                                              0x005c90d8
                                                                                                                              0x005c90df
                                                                                                                              0x005c90e0
                                                                                                                              0x005c90e5
                                                                                                                              0x005c90e8
                                                                                                                              0x005c90eb
                                                                                                                              0x005c9100
                                                                                                                              0x005c9106
                                                                                                                              0x005c9120
                                                                                                                              0x005c9102
                                                                                                                              0x005c9102
                                                                                                                              0x005c9102
                                                                                                                              0x005c9125
                                                                                                                              0x005c912b
                                                                                                                              0x005c9142
                                                                                                                              0x005c9127
                                                                                                                              0x005c9127
                                                                                                                              0x005c9127
                                                                                                                              0x005c9147
                                                                                                                              0x005c91af
                                                                                                                              0x005c91bf
                                                                                                                              0x005c91c4
                                                                                                                              0x005c91c7
                                                                                                                              0x005c91ca
                                                                                                                              0x005c91d9
                                                                                                                              0x005c9149
                                                                                                                              0x005c914e
                                                                                                                              0x005c9158
                                                                                                                              0x005c915d
                                                                                                                              0x005c915e
                                                                                                                              0x005c9163
                                                                                                                              0x005c9166
                                                                                                                              0x005c917b
                                                                                                                              0x005c9180
                                                                                                                              0x005c9183
                                                                                                                              0x005c9186
                                                                                                                              0x005c918e
                                                                                                                              0x005c919c
                                                                                                                              0x005c919c

                                                                                                                              APIs
                                                                                                                              • IsIconic.USER32 ref: 005C90F9
                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 005C9116
                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 005C913B
                                                                                                                              • GetActiveWindow.USER32 ref: 005C9149
                                                                                                                              • MessageBoxW.USER32(00000000,00000000,?,000000E5), ref: 005C9176
                                                                                                                              • SetActiveWindow.USER32(00000000,005C91A4,000000E5,00000000,005C919D,?,?,000000EC,?,000000F0,?,00000000,005C91DA,?,?,00000000), ref: 005C9197
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$ActiveLong$IconicMessage
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1633107849-0
                                                                                                                              • Opcode ID: 988846ff42d1d4e1460c907c321065adb4c25b4a7eab252d115dd5134dc52b39
                                                                                                                              • Instruction ID: 0eaebbc0e28104152e09dfddf635ce6469108de93c670a6b66e2a7222b47ea08
                                                                                                                              • Opcode Fuzzy Hash: 988846ff42d1d4e1460c907c321065adb4c25b4a7eab252d115dd5134dc52b39
                                                                                                                              • Instruction Fuzzy Hash: 4F319375A04605AFDB00EFA9DD4AF9A7BF9FB89350B1544A9F400D73A1DB34AD00DB14
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B9138 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 260COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E006B9138(char __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v21;
				signed int _v22;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v60;
				void* _t62;
				signed int _t110;
				intOrPtr _t129;
				signed int _t130;
				char _t134;
				char _t139;
				char _t142;
				char* _t149;
				intOrPtr* _t158;
				void* _t159;
				intOrPtr _t181;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				intOrPtr _t196;
				intOrPtr _t199;
				intOrPtr* _t204;
				intOrPtr _t206;
				intOrPtr _t207;
				void* _t216;

				_t216 = __fp0;
				_t202 = __edi;
				_t157 = __ebx;
				_t206 = _t207;
				_t159 = 7;
				do {
					_push(0);
					_push(0);
					_t159 = _t159 - 1;
				} while (_t159 != 0);
				_push(__ebx);
				_push(__edi);
				_t204 =  *0x6cdec4; // 0x6d579c
				_push(_t206);
				_push(0x6b94fd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t207;
				E005C6FB0(1, __ebx,  &_v36, __edi, _t204);
				_t62 = E00422368(_v36, _t159, L"/REG");
				_t209 = _t62;
				if(_t62 != 0) {
					E005C6FB0(1, __ebx,  &_v40, __edi, _t204);
					__eflags = E00422368(_v40, _t159, L"/REGU");
					if(__eflags != 0) {
						__eflags = 0;
						_pop(_t181);
						 *[fs:eax] = _t181;
						_push(E006B9504);
						E0040A228( &_v60, 7);
						return E0040A228( &_v20, 4);
					} else {
						_v21 = 0;
						goto L6;
					}
				} else {
					_v21 = 1;
					L6:
					E005B8250( *_t204, L"Setup", _t209);
					ShowWindow( *( *_t204 + 0x188), 5);
					E006AF824();
					_v28 = E00413E90(0, 0, L"Inno-Setup-RegSvr-Mutex");
					ShowWindow( *( *_t204 + 0x188), 0);
					if(_v28 != 0) {
						do {
							E005B8704( *_t204);
						} while (MsgWaitForMultipleObjects(1,  &_v28, 0, 0xffffffff, 0x4ff) == 1);
					}
					ShowWindow( *( *_t204 + 0x188), 5);
					_push(_t206);
					_push(0x6b94ce);
					_push( *[fs:eax]);
					 *[fs:eax] = _t207;
					E005C6FB0(0, _t157,  &_v44, _t202, _t204);
					E005C4F90(_v44, _t157,  &_v8, L".msg", _t202, _t204);
					E005C6FB0(0, _t157,  &_v48, _t202, _t204);
					E005C4F90(_v48, _t157,  &_v12, L".lst", _t202, _t204);
					if(E005C685C(_v12) == 0) {
						E00423A20(_v12);
						E00423A20(_v8);
						_push(_t206);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						E006B9098(_t157,  &_v12, _t202, _t204, __eflags);
						_pop(_t189);
						 *[fs:eax] = _t189;
						_t190 = 0x6b949e;
						 *[fs:eax] = _t190;
						_push(E006B94D5);
						__eflags = _v28;
						if(_v28 != 0) {
							ReleaseMutex(_v28);
							return CloseHandle(_v28);
						}
						return 0;
					} else {
						E005CD6BC(_v8, _t157, 1, 0, _t202, _t204);
						_t110 =  *0x6cddd0; // 0x6d603c
						E005C9044(_t110 & 0xffffff00 | ( *(_t110 + 0x4c) & 0x00000001) != 0x00000000);
						_t192 =  *0x6cded8; // 0x6d5c28
						_t26 = _t192 + 0x2f8; // 0x0
						E005B8250( *_t204,  *_t26,  *(_t110 + 0x4c) & 0x00000001);
						_push(_t206);
						_push(0x6b946a);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						E006AC8CC(_t157,  *_t26, _t202, _t204);
						_v32 = E005CBFB8(1, 1, 0, 2);
						_push(_t206);
						_push(0x6b9450);
						_push( *[fs:eax]);
						 *[fs:eax] = _t207;
						while(E005CC258(_v32) == 0) {
							E005CC268(_v32, _t157,  &_v16, _t202, _t204, __eflags);
							_t157 = _v16;
							__eflags = _t157;
							if(_t157 != 0) {
								_t158 = _t157 - 4;
								__eflags = _t158;
								_t157 =  *_t158;
							}
							__eflags = _t157 - 4;
							if(__eflags > 0) {
								__eflags =  *_v16 - 0x5b;
								if(__eflags == 0) {
									__eflags =  *((short*)(_v16 + 6)) - 0x5d;
									if(__eflags == 0) {
										E0040B698(_v16, 0x7fffffff, 5,  &_v20);
										_t129 = _v16;
										__eflags =  *((short*)(_t129 + 4)) - 0x71;
										if( *((short*)(_t129 + 4)) == 0x71) {
											L19:
											_t130 = 1;
										} else {
											__eflags = _v21;
											if(_v21 == 0) {
												L18:
												_t130 = 0;
											} else {
												_t149 =  *0x6cdcc4; // 0x6d67df
												__eflags =  *_t149;
												if( *_t149 == 0) {
													goto L19;
												} else {
													goto L18;
												}
											}
										}
										_v22 = _t130;
										_push(_t206);
										_push(0x6b93c5);
										_push( *[fs:eax]);
										 *[fs:eax] = _t207;
										_t134 = ( *(_v16 + 2) & 0x0000ffff) - 0x53;
										__eflags = _t134;
										if(_t134 == 0) {
											_push(_v22 & 0x000000ff);
											E00624E78(0, _t157, _v20, 1, _t202, _t204, _t216);
										} else {
											_t139 = _t134 - 1;
											__eflags = _t139;
											if(_t139 == 0) {
												__eflags = 0;
												E006255F0(0, _t157, _v20, _t204, 0, _t216);
											} else {
												_t142 = _t139 - 0x1f;
												__eflags = _t142;
												if(_t142 == 0) {
													_push(_v22 & 0x000000ff);
													E00624E78(0, _t157, _v20, 0, _t202, _t204, _t216);
												} else {
													__eflags = _t142 - 1;
													if(__eflags == 0) {
														E0062460C(_v20, _t157, _t204);
													}
												}
											}
										}
										_pop(_t199);
										 *[fs:eax] = _t199;
									}
								}
							}
						}
						_pop(_t196);
						 *[fs:eax] = _t196;
						_push(E006B9457);
						return E00408444(_v32);
					}
				}
			}




































                                                                                                                              0x006b9138
                                                                                                                              0x006b9138
                                                                                                                              0x006b9138
                                                                                                                              0x006b9139
                                                                                                                              0x006b913b
                                                                                                                              0x006b9140
                                                                                                                              0x006b9140
                                                                                                                              0x006b9142
                                                                                                                              0x006b9144
                                                                                                                              0x006b9144
                                                                                                                              0x006b9147
                                                                                                                              0x006b9149
                                                                                                                              0x006b914a
                                                                                                                              0x006b9152
                                                                                                                              0x006b9153
                                                                                                                              0x006b9158
                                                                                                                              0x006b915b
                                                                                                                              0x006b9166
                                                                                                                              0x006b9173
                                                                                                                              0x006b9178
                                                                                                                              0x006b917a
                                                                                                                              0x006b918a
                                                                                                                              0x006b919c
                                                                                                                              0x006b919e
                                                                                                                              0x006b94d5
                                                                                                                              0x006b94d7
                                                                                                                              0x006b94da
                                                                                                                              0x006b94dd
                                                                                                                              0x006b94ea
                                                                                                                              0x006b94fc
                                                                                                                              0x006b91a4
                                                                                                                              0x006b91a4
                                                                                                                              0x00000000
                                                                                                                              0x006b91a4
                                                                                                                              0x006b917c
                                                                                                                              0x006b917c
                                                                                                                              0x006b91a8
                                                                                                                              0x006b91af
                                                                                                                              0x006b91bf
                                                                                                                              0x006b91c4
                                                                                                                              0x006b91d7
                                                                                                                              0x006b91e5
                                                                                                                              0x006b91ee
                                                                                                                              0x006b91f0
                                                                                                                              0x006b91f2
                                                                                                                              0x006b920b
                                                                                                                              0x006b91f0
                                                                                                                              0x006b921b
                                                                                                                              0x006b9222
                                                                                                                              0x006b9223
                                                                                                                              0x006b9228
                                                                                                                              0x006b922b
                                                                                                                              0x006b9233
                                                                                                                              0x006b9243
                                                                                                                              0x006b924d
                                                                                                                              0x006b925d
                                                                                                                              0x006b926c
                                                                                                                              0x006b9474
                                                                                                                              0x006b947c
                                                                                                                              0x006b9483
                                                                                                                              0x006b9489
                                                                                                                              0x006b948c
                                                                                                                              0x006b948f
                                                                                                                              0x006b9496
                                                                                                                              0x006b9499
                                                                                                                              0x006b94aa
                                                                                                                              0x006b94ad
                                                                                                                              0x006b94b0
                                                                                                                              0x006b94b5
                                                                                                                              0x006b94b9
                                                                                                                              0x006b94bf
                                                                                                                              0x00000000
                                                                                                                              0x006b94c8
                                                                                                                              0x006b94cd
                                                                                                                              0x006b9272
                                                                                                                              0x006b9279
                                                                                                                              0x006b927e
                                                                                                                              0x006b928a
                                                                                                                              0x006b928f
                                                                                                                              0x006b9295
                                                                                                                              0x006b929d
                                                                                                                              0x006b92a4
                                                                                                                              0x006b92a5
                                                                                                                              0x006b92aa
                                                                                                                              0x006b92ad
                                                                                                                              0x006b92b0
                                                                                                                              0x006b92ca
                                                                                                                              0x006b92cf
                                                                                                                              0x006b92d0
                                                                                                                              0x006b92d5
                                                                                                                              0x006b92d8
                                                                                                                              0x006b942a
                                                                                                                              0x006b92e6
                                                                                                                              0x006b92eb
                                                                                                                              0x006b92ee
                                                                                                                              0x006b92f0
                                                                                                                              0x006b92f2
                                                                                                                              0x006b92f2
                                                                                                                              0x006b92f5
                                                                                                                              0x006b92f5
                                                                                                                              0x006b92f7
                                                                                                                              0x006b92fa
                                                                                                                              0x006b9303
                                                                                                                              0x006b9307
                                                                                                                              0x006b9310
                                                                                                                              0x006b9315
                                                                                                                              0x006b932c
                                                                                                                              0x006b9331
                                                                                                                              0x006b9334
                                                                                                                              0x006b9339
                                                                                                                              0x006b934f
                                                                                                                              0x006b934f
                                                                                                                              0x006b933b
                                                                                                                              0x006b933b
                                                                                                                              0x006b933f
                                                                                                                              0x006b934b
                                                                                                                              0x006b934b
                                                                                                                              0x006b9341
                                                                                                                              0x006b9341
                                                                                                                              0x006b9346
                                                                                                                              0x006b9349
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x006b9349
                                                                                                                              0x006b933f
                                                                                                                              0x006b9351
                                                                                                                              0x006b9356
                                                                                                                              0x006b9357
                                                                                                                              0x006b935c
                                                                                                                              0x006b935f
                                                                                                                              0x006b9369
                                                                                                                              0x006b9369
                                                                                                                              0x006b936d
                                                                                                                              0x006b9398
                                                                                                                              0x006b93a0
                                                                                                                              0x006b936f
                                                                                                                              0x006b936f
                                                                                                                              0x006b936f
                                                                                                                              0x006b9372
                                                                                                                              0x006b93b4
                                                                                                                              0x006b93b6
                                                                                                                              0x006b9374
                                                                                                                              0x006b9374
                                                                                                                              0x006b9374
                                                                                                                              0x006b9378
                                                                                                                              0x006b9385
                                                                                                                              0x006b938d
                                                                                                                              0x006b937a
                                                                                                                              0x006b937a
                                                                                                                              0x006b937d
                                                                                                                              0x006b93aa
                                                                                                                              0x006b93aa
                                                                                                                              0x006b937d
                                                                                                                              0x006b9378
                                                                                                                              0x006b9372
                                                                                                                              0x006b93bd
                                                                                                                              0x006b93c0
                                                                                                                              0x006b93c0
                                                                                                                              0x006b9315
                                                                                                                              0x006b9307
                                                                                                                              0x006b92fa
                                                                                                                              0x006b943c
                                                                                                                              0x006b943f
                                                                                                                              0x006b9442
                                                                                                                              0x006b944f
                                                                                                                              0x006b944f
                                                                                                                              0x006b926c

                                                                                                                              APIs
                                                                                                                              • ShowWindow.USER32(?,00000005,00000000,006B94FD,?,?,00000000,?,00000000,00000000,?,006B99DE,00000000,006B99E8,?,00000000), ref: 006B91BF
                                                                                                                              • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000,?,00000000,00000000), ref: 006B91E5
                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 006B9206
                                                                                                                              • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,006B94FD,?,?,00000000,?,00000000), ref: 006B921B
                                                                                                                                • Part of subcall function 005C6FB0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005C7045,?,?,?,00000001,?,0061037E,00000000,006103E9), ref: 005C6FE5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ShowWindow$FileModuleMultipleNameObjectsWait
                                                                                                                              • String ID: (\m$.lst$.msg$/REG$/REGU$<`m$Inno-Setup-RegSvr-Mutex$Setup
                                                                                                                              • API String ID: 66301061-906243933
                                                                                                                              • Opcode ID: aaf2cd8dad47c6b0679c0fdaf0232fc14bf70b109b7a9cb8ffb8dcfb02f65fb3
                                                                                                                              • Instruction ID: 4d26cb6eac5053f9cdac576eea358071a92945d2d4b93ba07426bed60c59251a
                                                                                                                              • Opcode Fuzzy Hash: aaf2cd8dad47c6b0679c0fdaf0232fc14bf70b109b7a9cb8ffb8dcfb02f65fb3
                                                                                                                              • Instruction Fuzzy Hash: 9B91D5B0A042059FDB10EBA4D856FEEBBF6FB49304F514469F600A7381DA79AD81CB74
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00629850 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 214COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E00629850(char __eax, void* __ebx, signed char __edx, void* __edi, void* __esi, void* __fp0, char _a4, char _a8, intOrPtr _a12) {
				char _v5;
				char _v6;
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v60;
				void* __ecx;
				char _t65;
				void* _t69;
				void* _t112;
				signed char _t135;
				intOrPtr _t137;
				intOrPtr _t164;
				intOrPtr _t178;
				void* _t188;
				signed int _t189;
				char _t191;
				intOrPtr _t193;
				intOrPtr _t194;

				_t210 = __fp0;
				_t187 = __edi;
				_t193 = _t194;
				_t137 = 6;
				do {
					_push(0);
					_push(0);
					_t137 = _t137 - 1;
				} while (_t137 != 0);
				_push(_t137);
				_t1 =  &_v8;
				_t138 =  *_t1;
				 *_t1 = _t137;
				_push(__edi);
				_v5 =  *_t1;
				_t135 = __edx;
				_t191 = __eax;
				_push(_t193);
				_push(0x629b12);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				_v6 = 1;
				E005C53D0(__eax,  &_v12);
				if(E00422368(_v12,  *_t1, L".hlp") != 0) {
					E005C53D0(_t191,  &_v24);
					_t65 = E00422368(_v24, _t138, L".chm");
					__eflags = _t65;
					if(_t65 == 0) {
						E005C4F90(_t191, _t135,  &_v28, L".chw", __edi, _t191);
						__eflags = 0;
						E00629850(_v28, _t135, _t135, __edi, _t191, __fp0, 0, 0, _a12);
						_pop(_t138);
					}
				} else {
					E005C4F90(_t191, _t135,  &_v16, L".gid", __edi, _t191);
					E00629850(_v16, _t135, _t135, __edi, _t191, __fp0, 0, 0, _a12);
					E005C4F90(_t191, _t135,  &_v20, L".fts", __edi, _t191);
					E00629850(_v20, _t135, _t135, _t187, _t191, __fp0, 0, 0, _a12);
					_pop(_t138);
				}
				E005C53D0(_t191,  &_v32);
				_t69 = E00422368(_v32, _t138, L".lnk");
				_t197 = _t69;
				if(_t69 == 0) {
					E00624924(_t191, _t135);
				}
				if(E0060C5F4(_t135, _t191, _t197) == 0) {
					L25:
					_pop(_t164);
					 *[fs:eax] = _t164;
					_push(E00629B19);
					E0040A228( &_v60, 5);
					return E0040A228( &_v32, 6);
				} else {
					_v40 = _t191;
					_v36 = 0x11;
					_t141 = 0;
					E006163B4(L"Deleting file: %s", _t135, 0,  &_v40, _t187, _t191);
					_t199 = _a4;
					if(_a4 != 0) {
						_t189 = E0060C330(_t135, _t191, _t199);
						if(_t189 != 0xffffffff) {
							_t201 = _t189 & 0x00000001;
							if((_t189 & 0x00000001) != 0) {
								_t141 = 0xfffffffe & _t189;
								_t112 = E0060C6DC(_t135, 0xfffffffe & _t189, _t191, _t201);
								_t202 = _t112;
								if(_t112 == 0) {
									E00616130(L"Failed to strip read-only attribute.", _t135, _t189, _t191);
								} else {
									E00616130(L"Stripped read-only attribute.", _t135, _t189, _t191);
								}
							}
						}
					}
					if(E0060C158(_t135, _t191, _t202) != 0) {
						__eflags = _v5;
						if(_v5 != 0) {
							SHChangeNotify(4, 5, E0040B278(_t191), 0);
							E005C5378(_t191, _t141,  &_v60);
							E00610640( *((intOrPtr*)(_a12 - 0x3c)), _t141, _v60, _t210);
						}
						goto L25;
					} else {
						_t188 = GetLastError();
						if(_a8 == 0 ||  *((char*)(_a12 - 0x29)) == 0) {
							L22:
							_v40 = _t188;
							_v36 = 0;
							E006163B4(L"Failed to delete the file; it may be in use (%d).", _t135, 0,  &_v40, _t188, _t191);
							_v6 = 0;
							goto L25;
						} else {
							if(_t188 == 5) {
								L20:
								if((E0060C330(_t135, _t191, _t207) & 0x00000001) != 0) {
									goto L22;
								}
								_v40 = _t188;
								_v36 = 0;
								E006163B4(L"The file appears to be in use (%d). Will delete on restart.", _t135, 0,  &_v40, _t188, _t191);
								_push(_t193);
								 *[fs:eax] = _t194;
								E0060D8B0(_t135, _t135, _t191, _t188, _t191);
								 *((char*)( *((intOrPtr*)(_a12 - 0x30)) + 0x1c)) = 1;
								E005C52C8(_t191,  &_v48, _t193,  *[fs:eax]);
								E005C5378(_v48, 0,  &_v44);
								E00610640( *((intOrPtr*)(_a12 + (_t135 & 0x000000ff) * 4 - 0x38)), _a12, _v44, _t210);
								_t178 = 0x629a6d;
								 *[fs:eax] = _t178;
								goto L25;
							}
							_t207 = _t188 - 0x20;
							if(_t188 != 0x20) {
								goto L22;
							}
							goto L20;
						}
					}
				}
			}






























                                                                                                                              0x00629850
                                                                                                                              0x00629850
                                                                                                                              0x00629851
                                                                                                                              0x00629854
                                                                                                                              0x00629859
                                                                                                                              0x00629859
                                                                                                                              0x0062985b
                                                                                                                              0x0062985d
                                                                                                                              0x0062985d
                                                                                                                              0x00629860
                                                                                                                              0x00629861
                                                                                                                              0x00629861
                                                                                                                              0x00629861
                                                                                                                              0x00629866
                                                                                                                              0x00629867
                                                                                                                              0x0062986a
                                                                                                                              0x0062986c
                                                                                                                              0x00629870
                                                                                                                              0x00629871
                                                                                                                              0x00629876
                                                                                                                              0x00629879
                                                                                                                              0x0062987c
                                                                                                                              0x00629885
                                                                                                                              0x00629899
                                                                                                                              0x006298ea
                                                                                                                              0x006298f7
                                                                                                                              0x006298fc
                                                                                                                              0x006298fe
                                                                                                                              0x00629912
                                                                                                                              0x0062991a
                                                                                                                              0x0062991e
                                                                                                                              0x00629923
                                                                                                                              0x00629923
                                                                                                                              0x0062989b
                                                                                                                              0x006298ad
                                                                                                                              0x006298b9
                                                                                                                              0x006298d1
                                                                                                                              0x006298dd
                                                                                                                              0x006298e2
                                                                                                                              0x006298e2
                                                                                                                              0x00629929
                                                                                                                              0x00629936
                                                                                                                              0x0062993b
                                                                                                                              0x0062993d
                                                                                                                              0x00629941
                                                                                                                              0x00629941
                                                                                                                              0x00629951
                                                                                                                              0x00629aea
                                                                                                                              0x00629aec
                                                                                                                              0x00629aef
                                                                                                                              0x00629af2
                                                                                                                              0x00629aff
                                                                                                                              0x00629b11
                                                                                                                              0x00629957
                                                                                                                              0x00629957
                                                                                                                              0x0062995a
                                                                                                                              0x00629961
                                                                                                                              0x00629968
                                                                                                                              0x0062996d
                                                                                                                              0x00629971
                                                                                                                              0x0062997c
                                                                                                                              0x00629981
                                                                                                                              0x00629983
                                                                                                                              0x00629989
                                                                                                                              0x00629990
                                                                                                                              0x00629996
                                                                                                                              0x0062999b
                                                                                                                              0x0062999d
                                                                                                                              0x006299b0
                                                                                                                              0x0062999f
                                                                                                                              0x006299a4
                                                                                                                              0x006299a4
                                                                                                                              0x0062999d
                                                                                                                              0x00629989
                                                                                                                              0x00629981
                                                                                                                              0x006299c0
                                                                                                                              0x00629ab9
                                                                                                                              0x00629abd
                                                                                                                              0x00629acd
                                                                                                                              0x00629ad7
                                                                                                                              0x00629ae5
                                                                                                                              0x00629ae5
                                                                                                                              0x00000000
                                                                                                                              0x006299c6
                                                                                                                              0x006299cb
                                                                                                                              0x006299d1
                                                                                                                              0x00629a9d
                                                                                                                              0x00629a9d
                                                                                                                              0x00629aa0
                                                                                                                              0x00629aae
                                                                                                                              0x00629ab3
                                                                                                                              0x00000000
                                                                                                                              0x006299e4
                                                                                                                              0x006299e7
                                                                                                                              0x006299f2
                                                                                                                              0x006299fd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00629a03
                                                                                                                              0x00629a06
                                                                                                                              0x00629a14
                                                                                                                              0x00629a1b
                                                                                                                              0x00629a24
                                                                                                                              0x00629a2d
                                                                                                                              0x00629a38
                                                                                                                              0x00629a41
                                                                                                                              0x00629a4c
                                                                                                                              0x00629a5e
                                                                                                                              0x00629a65
                                                                                                                              0x00629a68
                                                                                                                              0x00000000
                                                                                                                              0x00629a68
                                                                                                                              0x006299e9
                                                                                                                              0x006299ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x006299ec
                                                                                                                              0x006299d1
                                                                                                                              0x006299c0

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(00000000,00629B12,?,?,?,?,00000005,00000000,00000000,?,?,0062AF86,00000000,00000000,?,00000000), ref: 006299C6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast
                                                                                                                              • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                                                              • API String ID: 1452528299-3112430753
                                                                                                                              • Opcode ID: b256b42ee6b99715c6d2163e9bfd54473866f1949de9607ad1128806460a42c4
                                                                                                                              • Instruction ID: 80e8b6ab9e5d3a552657306fa088f7fa642ecff14c11c84625059ee943e1d250
                                                                                                                              • Opcode Fuzzy Hash: b256b42ee6b99715c6d2163e9bfd54473866f1949de9607ad1128806460a42c4
                                                                                                                              • Instruction Fuzzy Hash: D371E330B00B245FDB04EF68E851BEE77A6AF89710F14842DF801A7381DAB89D45CB79
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060E4D8 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 253registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E0060E4D8(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr _v12;
				char _v13;
				void* _v20;
				char _v21;
				char _v28;
				int _v32;
				int _v36;
				char _v40;
				char _v44;
				char* _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char* _v72;
				char _v76;
				char _v80;
				void* _t77;
				char _t98;
				char _t103;
				char* _t110;
				char _t133;
				char _t139;
				char _t144;
				void* _t168;
				short* _t169;
				char _t170;
				char _t172;
				intOrPtr _t189;
				intOrPtr _t194;
				intOrPtr _t196;
				void* _t207;
				void* _t208;
				intOrPtr _t209;

				_t207 = _t208;
				_t209 = _t208 + 0xffffffb4;
				_push(__esi);
				_push(__edi);
				_v40 = 0;
				_v44 = 0;
				_v60 = 0;
				_v76 = 0;
				_v80 = 0;
				_v56 = 0;
				_v8 = 0;
				_v12 = __edx;
				_push(_t207);
				_push(0x60e7be);
				_push( *[fs:edx]);
				 *[fs:edx] = _t209;
				_v13 = 0;
				_t168 = E005C7A14(_t77, L"Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs", 0x80000002,  &_v20, 3, 0);
				if(_t168 == 2) {
					L30:
					_pop(_t189);
					 *[fs:eax] = _t189;
					_push(E0060E7C5);
					E0040A228( &_v80, 2);
					E0040A228( &_v60, 2);
					E0040A228( &_v44, 2);
					return E0040A1C8( &_v8);
				} else {
					if(_t168 != 0) {
						E0060CF98(0x80000002,  &_v56, _t207);
						_v52 = _v56;
						_v48 = L"Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs";
						E005CD4D8(0x52, 1,  &_v52,  &_v44);
						_push(_v44);
						_push(L"\r\n\r\n");
						_v72 = L"RegOpenKeyEx";
						E00423004(_t168,  &_v76);
						_v68 = _v76;
						E005C857C(_t168,  &_v80);
						_v64 = _v80;
						E005CD4D8(0x48, 2,  &_v72,  &_v60);
						_push(_v60);
						E0040B550( &_v40, _t168, 3, __edi, __esi);
						E00429008(_v40, 1);
						E004098C4();
					}
					_push(_t207);
					_push(0x60e77a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t209;
					_t169 = E0040B278(_v12);
					if(RegQueryValueExW(_v20, _t169, 0,  &_v32, 0,  &_v36) == 0) {
						_v21 = 0;
						_v28 = 0;
						_push(_t207);
						_push(0x60e6b8);
						_push( *[fs:eax]);
						 *[fs:eax] = _t209;
						_t98 = _v32 - 1;
						__eflags = _t98;
						if(_t98 == 0) {
							__eflags = E005C793C();
							if(__eflags != 0) {
								_v28 = E0042339C(_v8, __eflags);
								_v21 = 1;
							}
						} else {
							_t133 = _t98 - 2;
							__eflags = _t133;
							if(_t133 == 0) {
								__eflags = _v36 - 1;
								if(_v36 >= 1) {
									__eflags = _v36 - 4;
									if(_v36 <= 4) {
										_t139 = RegQueryValueExW(_v20, E0040B278(_v12), 0, 0,  &_v28,  &_v36);
										__eflags = _t139;
										if(_t139 == 0) {
											_v21 = 1;
										}
									}
								}
							} else {
								__eflags = _t133 == 1;
								if(_t133 == 1) {
									_v36 = 4;
									_t144 = RegQueryValueExW(_v20, _t169, 0, 0,  &_v28,  &_v36);
									__eflags = _t144;
									if(_t144 == 0) {
										_v21 = 1;
									}
								}
							}
						}
						_pop(_t194);
						 *[fs:eax] = _t194;
						__eflags = _v21;
						if(_v21 != 0) {
							_v28 = _v28 - 1;
							__eflags = _v28;
							if(_v28 > 0) {
								_t103 = _v32 - 1;
								__eflags = _t103;
								if(_t103 == 0) {
									E0042302C( &_v8, _v28, 0);
									_t170 = _v8;
									__eflags = _t170;
									if(_t170 != 0) {
										_t172 = _t170 - 4;
										__eflags = _t172;
										_t170 =  *_t172;
									}
									_t110 = E0040B278(_v8);
									RegSetValueExW(_v20, E0040B278(_v12), 0, 1, _t110, _t170 + 1 + _t170 + 1);
								} else {
									__eflags = _t103 + 0xfffffffe - 2;
									if(_t103 + 0xfffffffe - 2 < 0) {
										RegSetValueExW(_v20, E0040B278(_v12), 0, _v32,  &_v28, 4);
									}
								}
							} else {
								_v13 = 1;
								RegDeleteValueW(_v20, E0040B278(_v12));
							}
							__eflags = 0;
							_pop(_t196);
							 *[fs:eax] = _t196;
							_push(E0060E781);
							return RegCloseKey(_v20);
						} else {
							E004099B8();
							goto L30;
						}
					} else {
						E004099B8();
						goto L30;
					}
				}
			}







































                                                                                                                              0x0060e4d9
                                                                                                                              0x0060e4db
                                                                                                                              0x0060e4df
                                                                                                                              0x0060e4e0
                                                                                                                              0x0060e4e3
                                                                                                                              0x0060e4e6
                                                                                                                              0x0060e4e9
                                                                                                                              0x0060e4ec
                                                                                                                              0x0060e4ef
                                                                                                                              0x0060e4f2
                                                                                                                              0x0060e4f5
                                                                                                                              0x0060e4f8
                                                                                                                              0x0060e4fd
                                                                                                                              0x0060e4fe
                                                                                                                              0x0060e503
                                                                                                                              0x0060e506
                                                                                                                              0x0060e509
                                                                                                                              0x0060e524
                                                                                                                              0x0060e529
                                                                                                                              0x0060e781
                                                                                                                              0x0060e783
                                                                                                                              0x0060e786
                                                                                                                              0x0060e789
                                                                                                                              0x0060e796
                                                                                                                              0x0060e7a3
                                                                                                                              0x0060e7b0
                                                                                                                              0x0060e7bd
                                                                                                                              0x0060e52f
                                                                                                                              0x0060e531
                                                                                                                              0x0060e543
                                                                                                                              0x0060e54b
                                                                                                                              0x0060e553
                                                                                                                              0x0060e562
                                                                                                                              0x0060e567
                                                                                                                              0x0060e56a
                                                                                                                              0x0060e578
                                                                                                                              0x0060e580
                                                                                                                              0x0060e588
                                                                                                                              0x0060e590
                                                                                                                              0x0060e598
                                                                                                                              0x0060e5a7
                                                                                                                              0x0060e5ac
                                                                                                                              0x0060e5b7
                                                                                                                              0x0060e5c6
                                                                                                                              0x0060e5cb
                                                                                                                              0x0060e5cb
                                                                                                                              0x0060e5d2
                                                                                                                              0x0060e5d3
                                                                                                                              0x0060e5d8
                                                                                                                              0x0060e5db
                                                                                                                              0x0060e5f2
                                                                                                                              0x0060e600
                                                                                                                              0x0060e60c
                                                                                                                              0x0060e612
                                                                                                                              0x0060e617
                                                                                                                              0x0060e618
                                                                                                                              0x0060e61d
                                                                                                                              0x0060e620
                                                                                                                              0x0060e626
                                                                                                                              0x0060e626
                                                                                                                              0x0060e627
                                                                                                                              0x0060e640
                                                                                                                              0x0060e642
                                                                                                                              0x0060e64c
                                                                                                                              0x0060e64f
                                                                                                                              0x0060e64f
                                                                                                                              0x0060e629
                                                                                                                              0x0060e629
                                                                                                                              0x0060e629
                                                                                                                              0x0060e62c
                                                                                                                              0x0060e655
                                                                                                                              0x0060e659
                                                                                                                              0x0060e65b
                                                                                                                              0x0060e65f
                                                                                                                              0x0060e67a
                                                                                                                              0x0060e67f
                                                                                                                              0x0060e681
                                                                                                                              0x0060e683
                                                                                                                              0x0060e683
                                                                                                                              0x0060e681
                                                                                                                              0x0060e65f
                                                                                                                              0x0060e62e
                                                                                                                              0x0060e62e
                                                                                                                              0x0060e62f
                                                                                                                              0x0060e689
                                                                                                                              0x0060e6a1
                                                                                                                              0x0060e6a6
                                                                                                                              0x0060e6a8
                                                                                                                              0x0060e6aa
                                                                                                                              0x0060e6aa
                                                                                                                              0x0060e6a8
                                                                                                                              0x0060e62f
                                                                                                                              0x0060e62c
                                                                                                                              0x0060e6b0
                                                                                                                              0x0060e6b3
                                                                                                                              0x0060e6c2
                                                                                                                              0x0060e6c6
                                                                                                                              0x0060e6d2
                                                                                                                              0x0060e6d5
                                                                                                                              0x0060e6d9
                                                                                                                              0x0060e6f6
                                                                                                                              0x0060e6f6
                                                                                                                              0x0060e6f7
                                                                                                                              0x0060e70d
                                                                                                                              0x0060e712
                                                                                                                              0x0060e715
                                                                                                                              0x0060e717
                                                                                                                              0x0060e719
                                                                                                                              0x0060e719
                                                                                                                              0x0060e71c
                                                                                                                              0x0060e71c
                                                                                                                              0x0060e727
                                                                                                                              0x0060e73e
                                                                                                                              0x0060e6f9
                                                                                                                              0x0060e6fc
                                                                                                                              0x0060e6ff
                                                                                                                              0x0060e75e
                                                                                                                              0x0060e75e
                                                                                                                              0x0060e6ff
                                                                                                                              0x0060e6db
                                                                                                                              0x0060e6db
                                                                                                                              0x0060e6ec
                                                                                                                              0x0060e6ec
                                                                                                                              0x0060e763
                                                                                                                              0x0060e765
                                                                                                                              0x0060e768
                                                                                                                              0x0060e76b
                                                                                                                              0x0060e779
                                                                                                                              0x0060e6c8
                                                                                                                              0x0060e6c8
                                                                                                                              0x00000000
                                                                                                                              0x0060e6c8
                                                                                                                              0x0060e602
                                                                                                                              0x0060e602
                                                                                                                              0x00000000
                                                                                                                              0x0060e602
                                                                                                                              0x0060e600

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005C7A14: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,?,00000000,0060E77A,?,?,00000003,00000000,00000000,0060E7BE), ref: 0060E5F9
                                                                                                                                • Part of subcall function 005C857C: FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,005CBEAE,00000000,005CBEFF,?,005CC0E0), ref: 005C859B
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000004,00000000,0060E6B8,?,?,00000000,00000000,?,00000000,?,00000000), ref: 0060E67A
                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000004,00000000,0060E6B8,?,?,00000000,00000000,?,00000000,?,00000000), ref: 0060E6A1
                                                                                                                              Strings
                                                                                                                              • , xrefs: 0060E56A
                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 0060E515
                                                                                                                              • RegOpenKeyEx, xrefs: 0060E573
                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 0060E54E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: QueryValue$FormatMessageOpen
                                                                                                                              • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                              • API String ID: 2812809588-1577016196
                                                                                                                              • Opcode ID: 400154bc1b91ae93c6bf31847440b808814c51a6d73c6f212ecccd0f2ec26cc4
                                                                                                                              • Instruction ID: f3c5cbb3acae1969306396449b745ae43344fa58bfe099d55e14c7ecbf00227c
                                                                                                                              • Opcode Fuzzy Hash: 400154bc1b91ae93c6bf31847440b808814c51a6d73c6f212ecccd0f2ec26cc4
                                                                                                                              • Instruction Fuzzy Hash: C7919270E84219AFDB04DFA5D885BEFBBBAEB48304F14482AF500E72C1D7769945CB64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0062709C Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 162registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E0062709C(signed int __eax, void* __ebx, signed int __edx, void* __edi, void* __esi) {
				signed int _v5;
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* __ecx;
				void* _t79;
				signed int _t83;
				signed char _t125;
				intOrPtr _t127;
				intOrPtr _t156;
				signed int _t170;
				intOrPtr _t178;
				intOrPtr _t180;
				intOrPtr _t181;

				_t180 = _t181;
				_t127 = 4;
				do {
					_push(0);
					_push(0);
					_t127 = _t127 - 1;
				} while (_t127 != 0);
				_t1 =  &_v8;
				_t128 =  *_t1;
				 *_t1 = _t127;
				_t178 =  *_t1;
				_v5 = __edx;
				_t125 = __eax;
				_push(_t180);
				_push(0x6272a5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t181;
				if( *((intOrPtr*)(0x6d6380 + ((__eax & 0x000000ff) + (__eax & 0x000000ff)) * 8 + (_v5 & 0x000000ff) * 4)) != 0) {
					L18:
					E0040A5A8(_t178,  *((intOrPtr*)(0x6d6380 + ((_t125 & 0x000000ff) + (_t125 & 0x000000ff)) * 8 + (_v5 & 0x000000ff) * 4)));
					_pop(_t156);
					 *[fs:eax] = _t156;
					_push(E006272AC);
					return E0040A228( &_v32, 5);
				}
				E00626F48(__eax, _t128,  &_v16, _t180);
				if((_v5 & 0x000000ff) + 0xfe - 2 >= 0 || E005C7A14(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v4.0", 0x80000002,  &_v12, 1, 0) != 0) {
					_t79 = (_v5 & 0x000000ff) - 1;
					if(_t79 == 0 || _t79 == 2) {
						if(E005C7A14(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v2.0", 0x80000002,  &_v12, 1, 0) != 0) {
							goto L10;
						} else {
							_t174 = _t125 & 0x0000007f;
							E005C4EA4( *((intOrPtr*)(0x6d6374 + (_t125 & 0x0000007f) * 4)),  &_v24);
							E0040B4C8(0x6d6380 + (_t174 + _t174) * 8 + (_v5 & 0x000000ff) * 4, L"v2.0.50727", _v24);
							RegCloseKey(_v12);
							goto L14;
						}
					} else {
						L10:
						_t83 = _v5 & 0x000000ff;
						if(_t83 == 0 || _t83 == 3) {
							if(E005C7A14(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v1.1", 0x80000002,  &_v12, 1, 0) == 0) {
								_t172 = _t125 & 0x0000007f;
								E005C4EA4( *((intOrPtr*)(0x6d6374 + (_t125 & 0x0000007f) * 4)),  &_v28);
								E0040B4C8(0x6d6380 + (_t172 + _t172) * 8 + (_v5 & 0x000000ff) * 4, L"v1.1.4322", _v28);
								RegCloseKey(_v12);
							}
						}
						goto L14;
					}
				} else {
					_t176 = _t125 & 0x0000007f;
					E005C4EA4( *((intOrPtr*)(0x6d6374 + (_t125 & 0x0000007f) * 4)),  &_v20);
					E0040B4C8(0x6d6380 + (_t176 + _t176) * 8 + (_v5 & 0x000000ff) * 4, L"v4.0.30319", _v20);
					RegCloseKey(_v12);
					L14:
					_t170 = _v5 & 0x000000ff;
					if( *((intOrPtr*)(0x6d6380 + ((_t125 & 0x000000ff) + (_t125 & 0x000000ff)) * 8 + _t170 * 4)) == 0) {
						if(_v5 == 3) {
							E0060CD28(L".NET Framework not found", _t125);
						} else {
							_v40 =  *((intOrPtr*)(0x6cd0a4 + _t170 * 4));
							_v36 = 0x11;
							E004244F8(L".NET Framework version %s not found", 0,  &_v40,  &_v32);
							E0060CD28(_v32, _t125);
						}
					}
					goto L18;
				}
			}























                                                                                                                              0x0062709d
                                                                                                                              0x006270a0
                                                                                                                              0x006270a5
                                                                                                                              0x006270a5
                                                                                                                              0x006270a7
                                                                                                                              0x006270a9
                                                                                                                              0x006270a9
                                                                                                                              0x006270ac
                                                                                                                              0x006270ac
                                                                                                                              0x006270ac
                                                                                                                              0x006270b2
                                                                                                                              0x006270b4
                                                                                                                              0x006270b7
                                                                                                                              0x006270bb
                                                                                                                              0x006270bc
                                                                                                                              0x006270c1
                                                                                                                              0x006270c4
                                                                                                                              0x006270db
                                                                                                                              0x00627270
                                                                                                                              0x00627285
                                                                                                                              0x0062728c
                                                                                                                              0x0062728f
                                                                                                                              0x00627292
                                                                                                                              0x006272a4
                                                                                                                              0x006272a4
                                                                                                                              0x006270e6
                                                                                                                              0x006270f3
                                                                                                                              0x00627157
                                                                                                                              0x00627159
                                                                                                                              0x0062717a
                                                                                                                              0x00000000
                                                                                                                              0x0062717c
                                                                                                                              0x00627181
                                                                                                                              0x0062718b
                                                                                                                              0x006271aa
                                                                                                                              0x006271b3
                                                                                                                              0x00000000
                                                                                                                              0x006271b3
                                                                                                                              0x006271ba
                                                                                                                              0x006271ba
                                                                                                                              0x006271ba
                                                                                                                              0x006271c0
                                                                                                                              0x006271e1
                                                                                                                              0x006271e8
                                                                                                                              0x006271f2
                                                                                                                              0x00627211
                                                                                                                              0x0062721a
                                                                                                                              0x0062721a
                                                                                                                              0x006271e1
                                                                                                                              0x00000000
                                                                                                                              0x006271c0
                                                                                                                              0x00627112
                                                                                                                              0x00627117
                                                                                                                              0x00627121
                                                                                                                              0x00627140
                                                                                                                              0x00627149
                                                                                                                              0x0062721f
                                                                                                                              0x0062721f
                                                                                                                              0x00627233
                                                                                                                              0x00627239
                                                                                                                              0x0062726b
                                                                                                                              0x0062723b
                                                                                                                              0x00627246
                                                                                                                              0x00627249
                                                                                                                              0x00627257
                                                                                                                              0x0062725f
                                                                                                                              0x0062725f
                                                                                                                              0x00627239
                                                                                                                              0x00000000
                                                                                                                              0x00627233

                                                                                                                              APIs
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,006272A5,?,00626DA0,?,00000000,00000000,00000000,?,?,00627510,00000000), ref: 00627149
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,006272A5,?,00626DA0,?,00000000,00000000,00000000,?,?,00627510,00000000), ref: 006271B3
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,00000001,00000000,00000000,006272A5,?,00626DA0,?,00000000,00000000,00000000,?), ref: 0062721A
                                                                                                                              Strings
                                                                                                                              • v2.0.50727, xrefs: 006271A5
                                                                                                                              • v1.1.4322, xrefs: 0062720C
                                                                                                                              • .NET Framework version %s not found, xrefs: 00627252
                                                                                                                              • v4.0.30319, xrefs: 0062713B
                                                                                                                              • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 006270FF
                                                                                                                              • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 00627169
                                                                                                                              • .NET Framework not found, xrefs: 00627266
                                                                                                                              • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 006271D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Close
                                                                                                                              • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                                                              • API String ID: 3535843008-446240816
                                                                                                                              • Opcode ID: a7850861653d19c901f95a4b335c3fba360f119cbff547b324ee5f1fb8e5ff61
                                                                                                                              • Instruction ID: 6a27bfdae97b75501bbdc0cce0dcd9b9ee0f65bcede85a7be403583e7914197f
                                                                                                                              • Opcode Fuzzy Hash: a7850861653d19c901f95a4b335c3fba360f119cbff547b324ee5f1fb8e5ff61
                                                                                                                              • Instruction Fuzzy Hash: 8551E131A091699FCF04DBA8E861FFD7BB7EF45300F1504AAF500A7392D639AB058B21
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00625D14 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00625D14(intOrPtr __eax, void* __edx) {
				long _v12;
				long _v16;
				void* __ebx;
				void* __esi;
				void* _t44;
				void* _t50;
				intOrPtr _t51;
				DWORD* _t52;

				_t19 = __eax;
				_t52 =  &_v12;
				_t44 = __edx;
				_t51 = __eax;
				if( *((char*)(__eax + 4)) == 0) {
					L11:
					return _t19;
				}
				 *((char*)(__eax + 5)) = 1;
				_v16 =  *((intOrPtr*)(__eax + 0x10));
				_v12 = 0;
				E006163B4(L"Stopping 64-bit helper process. (PID: %u)", __edx, 0,  &_v16, _t50, __eax);
				CloseHandle( *(_t51 + 0xc));
				 *(_t51 + 0xc) = 0;
				while(WaitForSingleObject( *(_t51 + 8), 0x2710) == 0x102) {
					E00616130(L"Helper isn\'t responding; killing it.", _t44, _t50, _t51);
					TerminateProcess( *(_t51 + 8), 1);
				}
				if(GetExitCodeProcess( *(_t51 + 8), _t52) == 0) {
					E00616130(L"Helper process exited, but failed to get exit code.", _t44, _t50, _t51);
				} else {
					if( *_t52 != 0) {
						_v16 =  *_t52;
						_v12 = 0;
						E006163B4(L"Helper process exited with failure code: 0x%x", _t44, 0,  &_v16, _t50, _t51);
					} else {
						E00616130(L"Helper process exited.", _t44, _t50, _t51);
					}
				}
				CloseHandle( *(_t51 + 8));
				 *(_t51 + 8) = 0;
				_t19 = 0;
				 *((intOrPtr*)(_t51 + 0x10)) = 0;
				 *((char*)(_t51 + 4)) = 0;
				if(_t44 == 0) {
					goto L11;
				} else {
					Sleep(0xfa);
					return 0;
				}
			}











                                                                                                                              0x00625d14
                                                                                                                              0x00625d16
                                                                                                                              0x00625d19
                                                                                                                              0x00625d1b
                                                                                                                              0x00625d21
                                                                                                                              0x00625df3
                                                                                                                              0x00625df3
                                                                                                                              0x00625df3
                                                                                                                              0x00625d27
                                                                                                                              0x00625d2e
                                                                                                                              0x00625d32
                                                                                                                              0x00625d42
                                                                                                                              0x00625d4b
                                                                                                                              0x00625d52
                                                                                                                              0x00625d6c
                                                                                                                              0x00625d5c
                                                                                                                              0x00625d67
                                                                                                                              0x00625d67
                                                                                                                              0x00625d8d
                                                                                                                              0x00625dc4
                                                                                                                              0x00625d8f
                                                                                                                              0x00625d93
                                                                                                                              0x00625da4
                                                                                                                              0x00625da8
                                                                                                                              0x00625db8
                                                                                                                              0x00625d95
                                                                                                                              0x00625d9a
                                                                                                                              0x00625d9a
                                                                                                                              0x00625d93
                                                                                                                              0x00625dcd
                                                                                                                              0x00625dd4
                                                                                                                              0x00625dd7
                                                                                                                              0x00625dd9
                                                                                                                              0x00625ddc
                                                                                                                              0x00625de2
                                                                                                                              0x00000000
                                                                                                                              0x00625de4
                                                                                                                              0x00625de9
                                                                                                                              0x00000000
                                                                                                                              0x00625de9

                                                                                                                              APIs
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00625D4B
                                                                                                                              • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00625D67
                                                                                                                              • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00625D75
                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 00625D86
                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00625DCD
                                                                                                                              • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00625DE9
                                                                                                                              Strings
                                                                                                                              • Stopping 64-bit helper process. (PID: %u), xrefs: 00625D3D
                                                                                                                              • Helper process exited., xrefs: 00625D95
                                                                                                                              • Helper process exited with failure code: 0x%x, xrefs: 00625DB3
                                                                                                                              • Helper process exited, but failed to get exit code., xrefs: 00625DBF
                                                                                                                              • Helper isn't responding; killing it., xrefs: 00625D57
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                                                              • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                                                              • API String ID: 3355656108-1243109208
                                                                                                                              • Opcode ID: 7acad798583b60a8a5de315f26419be5538eeaf99ef1d0e90669ec0ce4c0edf5
                                                                                                                              • Instruction ID: d564c8b30f574b505304bc0216fad519ef2dd9895e072bde183416e8b9fa8f35
                                                                                                                              • Opcode Fuzzy Hash: 7acad798583b60a8a5de315f26419be5538eeaf99ef1d0e90669ec0ce4c0edf5
                                                                                                                              • Instruction Fuzzy Hash: 9C21AF70604F50AAD330EB78E44578BBBE69F08310F048C2DB59BC7682D734E8808B5A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B740C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 145fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E006B740C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				struct HWND__* _v12;
				void* _v16;
				char _v20;
				char _v24;
				char _v28;
				struct HWND__* _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				WCHAR* _t41;
				intOrPtr _t42;
				int _t44;
				intOrPtr* _t54;
				void* _t68;
				intOrPtr _t80;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t108;
				void* _t109;
				intOrPtr _t110;
				void* _t118;

				_t118 = __fp0;
				_t106 = __esi;
				_t105 = __edi;
				_t88 = __ecx;
				_t87 = __ebx;
				_t108 = _t109;
				_t110 = _t109 + 0xffffffd4;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v24 = 0;
				_v48 = 0;
				_v44 = 0;
				_v20 = 0;
				_v8 = 0;
				_push(_t108);
				_push(0x6b75fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t110;
				E005C75E4( &_v20, __ebx, __ecx, __eflags);
				if(E0060D3B4(_v20, __ebx,  &_v8, __edi, __esi) == 0) {
					_push(_t108);
					_push( *[fs:eax]);
					 *[fs:eax] = _t110;
					E0060D8B0(0, _t87, _v8, __edi, __esi);
					_pop(_t104);
					_t88 = 0x6b746f;
					 *[fs:eax] = _t104;
				}
				_t41 = E0040B278(_v8);
				_t42 =  *0x6d68d0; // 0x0
				_t44 = CopyFileW(E0040B278(_t42), _t41, 0);
				_t113 = _t44;
				if(_t44 == 0) {
					_t80 =  *0x6cded8; // 0x6d5c28
					_t11 = _t80 + 0x208; // 0x0
					E006B68EC( *_t11, _t87, _t88, _t106, _t113);
				}
				SetFileAttributesW(E0040B278(_v8), 0x80);
				_v12 = E00414DA0(0, L"STATIC", 0,  *0x6d2634, 0, 0, 0, 0, 0, 0, 0);
				 *0x6d68fc = SetWindowLongW(_v12, 0xfffffffc, E006B6AB0);
				_push(_t108);
				_push(0x6b75c3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t110;
				_t54 =  *0x6cdec4; // 0x6d579c
				SetWindowPos( *( *_t54 + 0x188), 0, 0, 0, 0, 0, 0x97);
				E005C6FB0(0, _t87,  &_v44, _t105, _t106);
				_v40 = _v44;
				_v36 = 0x11;
				_v32 = _v12;
				_v28 = 0;
				E004244F8(L"/SECONDPHASE=\"%s\" /FIRSTPHASEWND=$%x ", 1,  &_v40,  &_v24);
				_push( &_v24);
				E005C6E90( &_v48, _t87, _t106, 0);
				_pop(_t68);
				E0040B470(_t68, _v48);
				_v16 = E006B6998(_v8, _t87, _v24, _t105, _t106, _t118);
				do {
				} while (E006B6A74() == 0 && MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0x4ff) == 1);
				CloseHandle(_v16);
				_pop(_t102);
				 *[fs:eax] = _t102;
				_push(E006B75CA);
				return DestroyWindow(_v12);
			}


























                                                                                                                              0x006b740c
                                                                                                                              0x006b740c
                                                                                                                              0x006b740c
                                                                                                                              0x006b740c
                                                                                                                              0x006b740c
                                                                                                                              0x006b740d
                                                                                                                              0x006b740f
                                                                                                                              0x006b7412
                                                                                                                              0x006b7413
                                                                                                                              0x006b7414
                                                                                                                              0x006b7417
                                                                                                                              0x006b741a
                                                                                                                              0x006b741d
                                                                                                                              0x006b7420
                                                                                                                              0x006b7423
                                                                                                                              0x006b7428
                                                                                                                              0x006b7429
                                                                                                                              0x006b742e
                                                                                                                              0x006b7431
                                                                                                                              0x006b7437
                                                                                                                              0x006b7449
                                                                                                                              0x006b744d
                                                                                                                              0x006b7453
                                                                                                                              0x006b7456
                                                                                                                              0x006b7460
                                                                                                                              0x006b7467
                                                                                                                              0x006b7469
                                                                                                                              0x006b746a
                                                                                                                              0x006b746a
                                                                                                                              0x006b747e
                                                                                                                              0x006b7484
                                                                                                                              0x006b748f
                                                                                                                              0x006b7494
                                                                                                                              0x006b7496
                                                                                                                              0x006b7498
                                                                                                                              0x006b749d
                                                                                                                              0x006b74a3
                                                                                                                              0x006b74a3
                                                                                                                              0x006b74b6
                                                                                                                              0x006b74e2
                                                                                                                              0x006b74f5
                                                                                                                              0x006b74fc
                                                                                                                              0x006b74fd
                                                                                                                              0x006b7502
                                                                                                                              0x006b7505
                                                                                                                              0x006b7517
                                                                                                                              0x006b7525
                                                                                                                              0x006b7533
                                                                                                                              0x006b753b
                                                                                                                              0x006b753e
                                                                                                                              0x006b7545
                                                                                                                              0x006b7548
                                                                                                                              0x006b7559
                                                                                                                              0x006b7561
                                                                                                                              0x006b7565
                                                                                                                              0x006b756d
                                                                                                                              0x006b756e
                                                                                                                              0x006b757e
                                                                                                                              0x006b7581
                                                                                                                              0x006b7586
                                                                                                                              0x006b75a7
                                                                                                                              0x006b75ae
                                                                                                                              0x006b75b1
                                                                                                                              0x006b75b4
                                                                                                                              0x006b75c2

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0060D3B4: CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4A1
                                                                                                                                • Part of subcall function 0060D3B4: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4B1
                                                                                                                              • CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,006B75FA), ref: 006B748F
                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000080,00000000,00000000,00000000,00000000,006B75FA), ref: 006B74B6
                                                                                                                              • SetWindowLongW.USER32(?,000000FC,006B6AB0), ref: 006B74F0
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000,?,00000000), ref: 006B7525
                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 006B7599
                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000), ref: 006B75A7
                                                                                                                                • Part of subcall function 0060D8B0: WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0060D996
                                                                                                                              • DestroyWindow.USER32(?,006B75CA,00000000,00000000,00000000,00000000,00000000,00000097,00000000,006B75C3,?,?,000000FC,006B6AB0,00000000,?), ref: 006B75BD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWindow$CloseHandle$AttributesCopyCreateDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                                                              • String ID: (\m$/SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                                                              • API String ID: 1779715363-1630723103
                                                                                                                              • Opcode ID: a124a6e2038a5ce6db437cf3e0e2a150797f8569e6cca4871a086453ed1e9e3f
                                                                                                                              • Instruction ID: ef81c38150d0c0f6437f901880bd06975f11695bff6d213fe2789ed19ae6d402
                                                                                                                              • Opcode Fuzzy Hash: a124a6e2038a5ce6db437cf3e0e2a150797f8569e6cca4871a086453ed1e9e3f
                                                                                                                              • Instruction Fuzzy Hash: EE4181B1A04208AFDB00EFB5DC56EDE7BF9EB89314F11456AF500F7291DB789A408B64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005B8BCC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 27%
                                                                                                                              			E005B8BCC(intOrPtr __eax, void* __ebx, WCHAR* __ecx, WCHAR* __edx, void* __edi, void* __esi, int _a4) {
				intOrPtr _v8;
				WCHAR* _v12;
				int _v16;
				struct HWND__* _v20;
				struct HMONITOR__* _v24;
				struct HWND__* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				struct tagMONITORINFO _v76;
				struct tagRECT _v92;
				struct HMONITOR__* _t49;
				struct HWND__* _t51;
				long _t68;
				intOrPtr _t79;
				struct HWND__* _t85;
				signed int _t91;
				signed int _t92;
				signed int _t95;
				signed int _t96;
				intOrPtr _t99;
				intOrPtr _t100;
				signed int _t102;
				signed int _t103;
				intOrPtr _t105;
				signed int _t107;
				signed int _t108;
				WCHAR* _t111;
				int _t113;
				void* _t115;
				void* _t116;
				intOrPtr _t117;

				_t115 = _t116;
				_t117 = _t116 + 0xffffffa8;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __ecx;
				_t111 = __edx;
				_v8 = __eax;
				_t113 = _a4;
				_v20 = E005BA14C(_v8, __ecx);
				if(_v20 != 0) {
					_t85 = _v20;
				} else {
					_t85 =  *(_v8 + 0x188);
				}
				_push(2);
				_t49 = _v20;
				_push(_t49);
				L004FBD1C();
				_v24 = _t49;
				_push(2);
				_t51 =  *(_v8 + 0x188);
				_push(_t51);
				L004FBD1C();
				_v28 = _t51;
				if(_v24 != _v28) {
					_v76.cbSize = 0x28;
					GetMonitorInfoW(_v24,  &_v76);
					GetWindowRect( *(_v8 + 0x188),  &_v92);
					_push(0x1d);
					_push(0);
					_push(0);
					_t105 = _v68;
					_t95 = _v60 - _t105;
					_t96 = _t95 >> 1;
					if(_t95 < 0) {
						asm("adc ecx, 0x0");
					}
					_push(_t96 + _t105);
					_t79 = _v76.rcMonitor;
					_t107 = _v64 - _t79;
					_t108 = _t107 >> 1;
					if(_t107 < 0) {
						asm("adc edx, 0x0");
					}
					SetWindowPos( *(_v8 + 0x188), 0, _t108 + _t79, ??, ??, ??, ??);
				}
				_v36 = E005ABB4C(_v20, _t85, _t111, _t113);
				_v32 = E005AB9A0();
				if(E005B7300(_v8) != 0) {
					_t113 = _t113 | 0x00100000;
				}
				_push(_t115);
				_push(0x5b8d37);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t117;
				_v16 = MessageBoxW(_t85, _t111, _v12, _t113);
				_pop(_t99);
				 *[fs:eax] = _t99;
				_push(E005B8D3E);
				if(_v24 != _v28) {
					_push(0x1d);
					_push(0);
					_push(0);
					_t100 = _v92.top;
					_t91 = _v92.bottom - _t100;
					_t92 = _t91 >> 1;
					if(_t91 < 0) {
						asm("adc ecx, 0x0");
					}
					_push(_t92 + _t100);
					_t68 = _v92.left;
					_t102 = _v92.right - _t68;
					_t103 = _t102 >> 1;
					if(_t102 < 0) {
						asm("adc edx, 0x0");
					}
					SetWindowPos( *(_v8 + 0x188), 0, _t103 + _t68, ??, ??, ??, ??);
				}
				E005ABC0C(_v36);
				SetActiveWindow(_v20);
				return E005AB9A8(_v32);
			}





































                                                                                                                              0x005b8bcd
                                                                                                                              0x005b8bcf
                                                                                                                              0x005b8bd2
                                                                                                                              0x005b8bd3
                                                                                                                              0x005b8bd4
                                                                                                                              0x005b8bd5
                                                                                                                              0x005b8bd8
                                                                                                                              0x005b8bda
                                                                                                                              0x005b8bdd
                                                                                                                              0x005b8be8
                                                                                                                              0x005b8bef
                                                                                                                              0x005b8bfc
                                                                                                                              0x005b8bf1
                                                                                                                              0x005b8bf4
                                                                                                                              0x005b8bf4
                                                                                                                              0x005b8bff
                                                                                                                              0x005b8c01
                                                                                                                              0x005b8c04
                                                                                                                              0x005b8c05
                                                                                                                              0x005b8c0a
                                                                                                                              0x005b8c0d
                                                                                                                              0x005b8c12
                                                                                                                              0x005b8c18
                                                                                                                              0x005b8c19
                                                                                                                              0x005b8c1e
                                                                                                                              0x005b8c27
                                                                                                                              0x005b8c29
                                                                                                                              0x005b8c38
                                                                                                                              0x005b8c4b
                                                                                                                              0x005b8c50
                                                                                                                              0x005b8c52
                                                                                                                              0x005b8c54
                                                                                                                              0x005b8c59
                                                                                                                              0x005b8c5c
                                                                                                                              0x005b8c5e
                                                                                                                              0x005b8c60
                                                                                                                              0x005b8c62
                                                                                                                              0x005b8c62
                                                                                                                              0x005b8c67
                                                                                                                              0x005b8c6b
                                                                                                                              0x005b8c6e
                                                                                                                              0x005b8c70
                                                                                                                              0x005b8c72
                                                                                                                              0x005b8c74
                                                                                                                              0x005b8c74
                                                                                                                              0x005b8c86
                                                                                                                              0x005b8c86
                                                                                                                              0x005b8c93
                                                                                                                              0x005b8c9b
                                                                                                                              0x005b8ca8
                                                                                                                              0x005b8caa
                                                                                                                              0x005b8caa
                                                                                                                              0x005b8cb2
                                                                                                                              0x005b8cb3
                                                                                                                              0x005b8cb8
                                                                                                                              0x005b8cbb
                                                                                                                              0x005b8cca
                                                                                                                              0x005b8ccf
                                                                                                                              0x005b8cd2
                                                                                                                              0x005b8cd5
                                                                                                                              0x005b8ce0
                                                                                                                              0x005b8ce2
                                                                                                                              0x005b8ce4
                                                                                                                              0x005b8ce6
                                                                                                                              0x005b8ceb
                                                                                                                              0x005b8cee
                                                                                                                              0x005b8cf0
                                                                                                                              0x005b8cf2
                                                                                                                              0x005b8cf4
                                                                                                                              0x005b8cf4
                                                                                                                              0x005b8cf9
                                                                                                                              0x005b8cfd
                                                                                                                              0x005b8d00
                                                                                                                              0x005b8d02
                                                                                                                              0x005b8d04
                                                                                                                              0x005b8d06
                                                                                                                              0x005b8d06
                                                                                                                              0x005b8d18
                                                                                                                              0x005b8d18
                                                                                                                              0x005b8d20
                                                                                                                              0x005b8d29
                                                                                                                              0x005b8d36

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005BA14C: GetActiveWindow.USER32 ref: 005BA173
                                                                                                                                • Part of subcall function 005BA14C: GetLastActivePopup.USER32(?), ref: 005BA188
                                                                                                                              • MonitorFromWindow.USER32(00000000,00000002), ref: 005B8C05
                                                                                                                              • MonitorFromWindow.USER32(?,00000002), ref: 005B8C19
                                                                                                                              • GetMonitorInfoW.USER32 ref: 005B8C38
                                                                                                                              • GetWindowRect.USER32 ref: 005B8C4B
                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,?,00000000,00000028,?,00000002,?,?,00000000), ref: 005B8C86
                                                                                                                              • MessageBoxW.USER32(00000000,00000000,?,?), ref: 005B8CC5
                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,005B8D3E,?,00000002,?,?,00000000), ref: 005B8D18
                                                                                                                                • Part of subcall function 005ABC0C: IsWindow.USER32(8B565300), ref: 005ABC1A
                                                                                                                                • Part of subcall function 005ABC0C: EnableWindow.USER32(8B565300,000000FF), ref: 005ABC29
                                                                                                                              • SetActiveWindow.USER32(00000000,005B8D3E,?,00000002,?,?,00000000), ref: 005B8D29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$ActiveMonitor$From$EnableInfoLastMessagePopupRect
                                                                                                                              • String ID: (
                                                                                                                              • API String ID: 2800294577-3887548279
                                                                                                                              • Opcode ID: 86dd6490514cae0d98ba0896374cafc49cecd69d5575a329348a76010f7dff85
                                                                                                                              • Instruction ID: a4912e974531437df4fc188b12ab37a43c5b4a9ac1c45bb7f2f89fde7e9ad722
                                                                                                                              • Opcode Fuzzy Hash: 86dd6490514cae0d98ba0896374cafc49cecd69d5575a329348a76010f7dff85
                                                                                                                              • Instruction Fuzzy Hash: 8441FDB5E00109AFDB04DBA8C895FFEBBB9FB88300F554469F500AB395DB74AD408B54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00625FC4 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124pipeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 55%
                                                                                                                              			E00625FC4(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __fp0, char _a4) {
				intOrPtr _v8;
				long _v12;
				void* _v16;
				struct _OVERLAPPED _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				long _t83;
				intOrPtr _t94;
				void* _t99;
				void* _t100;
				intOrPtr _t101;

				_t99 = _t100;
				_t101 = _t100 + 0xffffffd8;
				_v40 = 0;
				_v44 = 0;
				_v8 = __eax;
				_push(_t99);
				_push(0x626202);
				_push( *[fs:eax]);
				 *[fs:eax] = _t101;
				 *(_v8 + 0x14) =  *(_v8 + 0x14) + 1;
				 *(_v8 + 0x20) =  *(_v8 + 0x14);
				 *((intOrPtr*)(_v8 + 0x24)) = __edx;
				 *((intOrPtr*)(_v8 + 0x28)) = __ecx;
				_t83 = 0xc + __ecx;
				_push(_t99);
				_push(0x6261a7);
				_push( *[fs:edx]);
				 *[fs:edx] = _t101;
				_v16 = CreateEventW(0, 0xffffffff, 0, 0);
				if(_v16 == 0) {
					E0060CE84(L"CreateEvent");
				}
				_push(_t99);
				_push(0x62613c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t101;
				E00407760( &_v36, 0x14);
				_v36.hEvent = _v16;
				if(TransactNamedPipe( *(_v8 + 0xc), _v8 + 0x20, _t83, _v8 + 0x4034, 0x14,  &_v12,  &_v36) != 0) {
					_pop(_t94);
					 *[fs:eax] = _t94;
					_push(E00626143);
					return CloseHandle(_v16);
				} else {
					if(GetLastError() != 0x3e5) {
						E0060CE84(L"TransactNamedPipe");
					}
					_push(_t99);
					_push(0x62610e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t101;
					if(_a4 != 0 &&  *((short*)(_v8 + 0x1a)) != 0) {
						do {
							 *((intOrPtr*)(_v8 + 0x18))();
						} while (MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0x4ff) == 1);
					}
					_pop( *[fs:0x0]);
					_push(E00626115);
					GetOverlappedResult( *(_v8 + 0xc),  &_v36,  &_v12, 0xffffffff);
					return GetLastError();
				}
			}














                                                                                                                              0x00625fc5
                                                                                                                              0x00625fc7
                                                                                                                              0x00625fcf
                                                                                                                              0x00625fd2
                                                                                                                              0x00625fd5
                                                                                                                              0x00625fda
                                                                                                                              0x00625fdb
                                                                                                                              0x00625fe0
                                                                                                                              0x00625fe3
                                                                                                                              0x00625fe9
                                                                                                                              0x00625ff5
                                                                                                                              0x00625ffb
                                                                                                                              0x00626001
                                                                                                                              0x00626009
                                                                                                                              0x0062600d
                                                                                                                              0x0062600e
                                                                                                                              0x00626013
                                                                                                                              0x00626016
                                                                                                                              0x00626026
                                                                                                                              0x0062602d
                                                                                                                              0x00626034
                                                                                                                              0x00626034
                                                                                                                              0x0062603b
                                                                                                                              0x0062603c
                                                                                                                              0x00626041
                                                                                                                              0x00626044
                                                                                                                              0x00626051
                                                                                                                              0x00626059
                                                                                                                              0x00626085
                                                                                                                              0x00626127
                                                                                                                              0x0062612a
                                                                                                                              0x0062612d
                                                                                                                              0x0062613b
                                                                                                                              0x0062608b
                                                                                                                              0x00626095
                                                                                                                              0x0062609c
                                                                                                                              0x0062609c
                                                                                                                              0x006260a3
                                                                                                                              0x006260a4
                                                                                                                              0x006260a9
                                                                                                                              0x006260ac
                                                                                                                              0x006260b3
                                                                                                                              0x006260bf
                                                                                                                              0x006260c5
                                                                                                                              0x006260dc
                                                                                                                              0x006260bf
                                                                                                                              0x006260e1
                                                                                                                              0x006260eb
                                                                                                                              0x00626101
                                                                                                                              0x0062610d
                                                                                                                              0x0062610d

                                                                                                                              APIs
                                                                                                                              • CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000,00000000,006261A7,?,00000000,00626202,?,?,00000000,00000000), ref: 00626021
                                                                                                                              • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0062613C,?,00000000,000000FF,00000000,00000000,00000000,006261A7), ref: 0062607E
                                                                                                                              • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,00000000,?,00000000,0062613C,?,00000000,000000FF,00000000,00000000,00000000,006261A7), ref: 0062608B
                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 006260D7
                                                                                                                              • GetOverlappedResult.KERNEL32(?,?,00000000,000000FF,00626115,00000000,00000000), ref: 00626101
                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,000000FF,00626115,00000000,00000000), ref: 00626108
                                                                                                                                • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                                                              • String ID: CreateEvent$TransactNamedPipe
                                                                                                                              • API String ID: 2182916169-3012584893
                                                                                                                              • Opcode ID: acb36331ee21d08b7d289947a02b8ab598f29c5b04c1412d9fc7a2506ad31a00
                                                                                                                              • Instruction ID: 6106728f610c95dcbec9252819f2c5c1e9fccb50d9899b4423df3e52f48f78ac
                                                                                                                              • Opcode Fuzzy Hash: acb36331ee21d08b7d289947a02b8ab598f29c5b04c1412d9fc7a2506ad31a00
                                                                                                                              • Instruction Fuzzy Hash: 6441AC70A00618EFDB05DF99DD85EDEBBBAEB08310F1041A9F904E7392D674AE50CB24
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040DF90 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E0040DF90(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40e094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x6d1c14);
				if(_t28 !=  *0x6d1c2c) {
					LeaveCriticalSection(0x6d1c14);
					E0040A1C8(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x6d1c10 == 0) {
							_t18 = E0040DC78(_t28, _t28, _t44, __edi, _t44);
							L00405254();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E0040B470(_t44, E0040E0AC);
								}
								L00405254();
								E0040DC78(_t18, _t28,  &_v8, _t42, _t44);
								E0040B470(_t44, _v8);
							}
						} else {
							E0040DE74(_t28, _t44);
						}
					}
					EnterCriticalSection(0x6d1c14);
					 *0x6d1c2c = _t28;
					E0040DAF8(0x6d1c2e, E0040B278( *_t44), 0xaa);
					LeaveCriticalSection(0x6d1c14);
				} else {
					E0040B318(_t44, 0x55, 0x6d1c2e);
					LeaveCriticalSection(0x6d1c14);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040E09B);
				return E0040A1C8( &_v8);
			}









                                                                                                                              0x0040df90
                                                                                                                              0x0040df93
                                                                                                                              0x0040df95
                                                                                                                              0x0040df96
                                                                                                                              0x0040df97
                                                                                                                              0x0040df99
                                                                                                                              0x0040df9d
                                                                                                                              0x0040df9e
                                                                                                                              0x0040dfa3
                                                                                                                              0x0040dfa6
                                                                                                                              0x0040dfae
                                                                                                                              0x0040dfba
                                                                                                                              0x0040dfe1
                                                                                                                              0x0040dfe8
                                                                                                                              0x0040dffa
                                                                                                                              0x0040e003
                                                                                                                              0x0040e014
                                                                                                                              0x0040e019
                                                                                                                              0x0040e021
                                                                                                                              0x0040e026
                                                                                                                              0x0040e02f
                                                                                                                              0x0040e02f
                                                                                                                              0x0040e034
                                                                                                                              0x0040e03c
                                                                                                                              0x0040e046
                                                                                                                              0x0040e046
                                                                                                                              0x0040e005
                                                                                                                              0x0040e009
                                                                                                                              0x0040e009
                                                                                                                              0x0040e003
                                                                                                                              0x0040e050
                                                                                                                              0x0040e055
                                                                                                                              0x0040e06f
                                                                                                                              0x0040e079
                                                                                                                              0x0040dfbc
                                                                                                                              0x0040dfc8
                                                                                                                              0x0040dfd2
                                                                                                                              0x0040dfd2
                                                                                                                              0x0040e080
                                                                                                                              0x0040e083
                                                                                                                              0x0040e086
                                                                                                                              0x0040e093

                                                                                                                              APIs
                                                                                                                              • EnterCriticalSection.KERNEL32(006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000,00000000), ref: 0040DFAE
                                                                                                                              • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000), ref: 0040DFD2
                                                                                                                              • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3,?,?,00000000,00000000), ref: 0040DFE1
                                                                                                                              • IsValidLocale.KERNEL32(00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040DFF3
                                                                                                                              • EnterCriticalSection.KERNEL32(006D1C14,00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040E050
                                                                                                                              • LeaveCriticalSection.KERNEL32(006D1C14,006D1C14,00000000,00000002,006D1C14,006D1C14,00000000,0040E094,?,?,?,00000000,?,0040E974,00000000,0040E9D3), ref: 0040E079
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                                                                              • String ID: en-US,en,
                                                                                                                              • API String ID: 975949045-3579323720
                                                                                                                              • Opcode ID: 171b762d311100d548245b05869de6cc58e31fb58a3f3531ab4430e822a5ac23
                                                                                                                              • Instruction ID: 7d1429daecdd90a797f7fba0e37e49eac4d41b909b59f49409e6443efac98480
                                                                                                                              • Opcode Fuzzy Hash: 171b762d311100d548245b05869de6cc58e31fb58a3f3531ab4430e822a5ac23
                                                                                                                              • Instruction Fuzzy Hash: F7218A60B90614A6DB10B7B78C0265A3245DB46708F51487BB540BF3C7CAFD8D558AAF
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00624704 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 25%
                                                                                                                              			E00624704(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t28;
				intOrPtr* _t30;
				intOrPtr _t33;
				intOrPtr* _t37;
				intOrPtr* _t49;
				intOrPtr _t61;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t70;
				intOrPtr _t71;

				_t70 = _t71;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t68 = __eax;
				_push(_t70);
				_push(0x62481e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t71;
				_t66 = E00414020(__ebx, _t68, GetModuleHandleW(L"OLEAUT32.DLL"), L"UnRegisterTypeLib");
				_t49 = _t66;
				if(_t66 == 0) {
					E0060CE84(L"GetProcAddress");
				}
				E005C52C8(_t68,  &_v20, _t70);
				E0040B368( &_v8, _v20);
				_push(E0040EC28( &_v12));
				_t28 = E0040AEF4(_v8);
				_push(_t28);
				L0043C244();
				if(_t28 != 0) {
					E0060CE98(L"LoadTypeLib", _t49, _t28, _t68);
				}
				_push( &_v16);
				_t30 = _v12;
				_push(_t30);
				if( *((intOrPtr*)( *_t30 + 0x1c))() != 0) {
					E0060CE98(L"ITypeLib::GetLibAttr", _t49, _t32, _t68);
				}
				_push(_t70);
				_push(0x6247f1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t71;
				_t33 = _v16;
				_push( *((intOrPtr*)(_t33 + 0x14)));
				_push( *((intOrPtr*)(_t33 + 0x10)));
				_push( *(_t33 + 0x1a) & 0x0000ffff);
				_push( *(_t33 + 0x18) & 0x0000ffff);
				_push(_t33);
				if( *_t49() != 0) {
					E0060CE98(L"UnRegisterTypeLib", _t49, _t34, _t68);
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_t37 = _v12;
				return  *((intOrPtr*)( *_t37 + 0x30))(_t37, _v16, E006247F8);
			}

















                                                                                                                              0x00624705
                                                                                                                              0x00624709
                                                                                                                              0x0062470a
                                                                                                                              0x0062470b
                                                                                                                              0x0062470c
                                                                                                                              0x0062470d
                                                                                                                              0x0062470e
                                                                                                                              0x00624710
                                                                                                                              0x00624714
                                                                                                                              0x00624715
                                                                                                                              0x0062471a
                                                                                                                              0x0062471d
                                                                                                                              0x00624735
                                                                                                                              0x00624737
                                                                                                                              0x0062473b
                                                                                                                              0x00624742
                                                                                                                              0x00624742
                                                                                                                              0x0062474c
                                                                                                                              0x00624757
                                                                                                                              0x00624764
                                                                                                                              0x00624768
                                                                                                                              0x0062476d
                                                                                                                              0x0062476e
                                                                                                                              0x00624775
                                                                                                                              0x0062477e
                                                                                                                              0x0062477e
                                                                                                                              0x00624786
                                                                                                                              0x00624787
                                                                                                                              0x0062478a
                                                                                                                              0x00624792
                                                                                                                              0x0062479b
                                                                                                                              0x0062479b
                                                                                                                              0x006247a2
                                                                                                                              0x006247a3
                                                                                                                              0x006247a8
                                                                                                                              0x006247ab
                                                                                                                              0x006247ae
                                                                                                                              0x006247b4
                                                                                                                              0x006247b8
                                                                                                                              0x006247bd
                                                                                                                              0x006247c2
                                                                                                                              0x006247c3
                                                                                                                              0x006247c8
                                                                                                                              0x006247d1
                                                                                                                              0x006247d1
                                                                                                                              0x006247d8
                                                                                                                              0x006247db
                                                                                                                              0x006247e7
                                                                                                                              0x006247f0

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,0062481E,?,?,?,00000000,00000000,00000000,00000000,00000000,?,0062A1C5,00000000,0062A1D9), ref: 0062472A
                                                                                                                                • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                                                                              • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0062476E
                                                                                                                                • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                                                              • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                                                              • API String ID: 1914119943-2711329623
                                                                                                                              • Opcode ID: 29fbcfd6b80a7de2799523e9fe544ae76bfae42de221f5da712ad009beef08f8
                                                                                                                              • Instruction ID: 47cd072b4b06506b06a7a0fd2e311c11a36de303591e536be68bff5c72022a6e
                                                                                                                              • Opcode Fuzzy Hash: 29fbcfd6b80a7de2799523e9fe544ae76bfae42de221f5da712ad009beef08f8
                                                                                                                              • Instruction Fuzzy Hash: 19219171610A146FDB14EFA9EC42D6B77EEEF897407124469F410D3291EF78EC008B64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C7FF4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E005C7FF4(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x5c80ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E00414020(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E00429D18() != 2) {
						if(E005C7A14(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E005C793C();
							RegCloseKey(_v12);
						}
					} else {
						if(E005C7A14(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E005C793C();
							RegCloseKey(_v12);
						}
					}
					E0040B4C8( &_v20, _v8, 0x5c8204);
					E00407870(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E005C80F5);
				E0040A1C8( &_v20);
				return E0040A1C8( &_v8);
			}










                                                                                                                              0x005c7ffa
                                                                                                                              0x005c7ffd
                                                                                                                              0x005c8000
                                                                                                                              0x005c8005
                                                                                                                              0x005c8006
                                                                                                                              0x005c800b
                                                                                                                              0x005c800e
                                                                                                                              0x005c8021
                                                                                                                              0x005c8028
                                                                                                                              0x005c803b
                                                                                                                              0x005c8090
                                                                                                                              0x005c809d
                                                                                                                              0x005c80a6
                                                                                                                              0x005c80a6
                                                                                                                              0x005c803d
                                                                                                                              0x005c8058
                                                                                                                              0x005c8065
                                                                                                                              0x005c806e
                                                                                                                              0x005c806e
                                                                                                                              0x005c8058
                                                                                                                              0x005c80b6
                                                                                                                              0x005c80c1
                                                                                                                              0x005c80cc
                                                                                                                              0x005c80cc
                                                                                                                              0x005c802a
                                                                                                                              0x005c802a
                                                                                                                              0x005c802c
                                                                                                                              0x005c80d2
                                                                                                                              0x005c80d5
                                                                                                                              0x005c80d8
                                                                                                                              0x005c80e0
                                                                                                                              0x005c80ed

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C801B
                                                                                                                                • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                                                                              • RegCloseKey.ADVAPI32(00000001,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C806E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressCloseHandleModuleProc
                                                                                                                              • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                              • API String ID: 4190037839-2401316094
                                                                                                                              • Opcode ID: 9ecea8ea030eead22ebc029c49188dd1b7d15adc30014d18dbe4d38bf6596737
                                                                                                                              • Instruction ID: b59d3067a1cffae51886ca0dc1f1740e66d40653876fb7099798d5cffc045aa9
                                                                                                                              • Opcode Fuzzy Hash: 9ecea8ea030eead22ebc029c49188dd1b7d15adc30014d18dbe4d38bf6596737
                                                                                                                              • Instruction Fuzzy Hash: 51214F34A04209AFDB10EAE5CC5AFFE7BE9FB48704F60486DA500F3681EE74AA45C755
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00624BA8 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E00624BA8(char __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v13;
				char _v84;
				void* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				void* _t58;
				void* _t91;
				char _t92;
				intOrPtr _t110;
				void* _t120;
				void* _t123;

				_t118 = __edi;
				_v116 = 0;
				_v120 = 0;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_v8 = 0;
				_v12 = 0;
				_t120 = __ecx;
				_t91 = __edx;
				_v13 = __eax;
				_push(_t123);
				_push(0x624d3e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t123 + 0xffffff84;
				E005C745C( &_v8);
				_push(0x624d58);
				E005C4EA4(_v8,  &_v104);
				_push(_v104);
				_push(L"regsvr32.exe\"");
				E0040B550( &_v12, _t91, 3, __edi, _t120);
				if(_v13 != 0) {
					E0040B470( &_v12, 0x624d90);
				}
				_push(_v12);
				_push(L" /s \"");
				_push(_t120);
				_push(0x624d58);
				E0040B550( &_v12, _t91, 4, _t118, _t120);
				_t126 = _t91;
				if(_t91 == 0) {
					E0040B4C8( &_v112, _v12, L"Spawning 32-bit RegSvr32: ");
					E00616130(_v112, _t91, _t118, _t120);
				} else {
					E0040B4C8( &_v108, _v12, L"Spawning 64-bit RegSvr32: ");
					E00616130(_v108, _t91, _t118, _t120);
				}
				E00407760( &_v84, 0x44);
				_v84 = 0x44;
				_t58 = E0040B278(_v8);
				if(E0060C038(_t91, E0040B278(_v12), 0, _t126,  &_v100,  &_v84, _t58, 0, 0x4000000, 0, 0, 0) == 0) {
					E0060CE84(L"CreateProcess");
				}
				CloseHandle(_v96);
				_t92 = E00624AA4( &_v100);
				if(_t92 != 0) {
					_v128 = _t92;
					_v124 = 0;
					E004244F8(L"0x%x", 0,  &_v128,  &_v120);
					E005CD508(0x53,  &_v116, _v120);
					E00429008(_v116, 1);
					E004098C4();
				}
				_pop(_t110);
				 *[fs:eax] = _t110;
				_push(E00624D45);
				E0040A228( &_v120, 5);
				return E0040A228( &_v12, 2);
			}






















                                                                                                                              0x00624ba8
                                                                                                                              0x00624bb2
                                                                                                                              0x00624bb5
                                                                                                                              0x00624bb8
                                                                                                                              0x00624bbb
                                                                                                                              0x00624bbe
                                                                                                                              0x00624bc1
                                                                                                                              0x00624bc4
                                                                                                                              0x00624bc7
                                                                                                                              0x00624bc9
                                                                                                                              0x00624bcb
                                                                                                                              0x00624bd0
                                                                                                                              0x00624bd1
                                                                                                                              0x00624bd6
                                                                                                                              0x00624bd9
                                                                                                                              0x00624bdf
                                                                                                                              0x00624be4
                                                                                                                              0x00624bef
                                                                                                                              0x00624bf4
                                                                                                                              0x00624bf7
                                                                                                                              0x00624c04
                                                                                                                              0x00624c0d
                                                                                                                              0x00624c17
                                                                                                                              0x00624c17
                                                                                                                              0x00624c1c
                                                                                                                              0x00624c1f
                                                                                                                              0x00624c24
                                                                                                                              0x00624c25
                                                                                                                              0x00624c32
                                                                                                                              0x00624c37
                                                                                                                              0x00624c39
                                                                                                                              0x00624c60
                                                                                                                              0x00624c68
                                                                                                                              0x00624c3b
                                                                                                                              0x00624c46
                                                                                                                              0x00624c4e
                                                                                                                              0x00624c4e
                                                                                                                              0x00624c77
                                                                                                                              0x00624c7c
                                                                                                                              0x00624c93
                                                                                                                              0x00624cb6
                                                                                                                              0x00624cbd
                                                                                                                              0x00624cbd
                                                                                                                              0x00624cc6
                                                                                                                              0x00624cd3
                                                                                                                              0x00624cd7
                                                                                                                              0x00624cdd
                                                                                                                              0x00624ce0
                                                                                                                              0x00624cee
                                                                                                                              0x00624cfd
                                                                                                                              0x00624d0c
                                                                                                                              0x00624d11
                                                                                                                              0x00624d11
                                                                                                                              0x00624d18
                                                                                                                              0x00624d1b
                                                                                                                              0x00624d1e
                                                                                                                              0x00624d2b
                                                                                                                              0x00624d3d

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                                                                              • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00624D58,?, /s ",006D579C,regsvr32.exe",?,00624D58), ref: 00624CC6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseDirectoryHandleSystem
                                                                                                                              • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                                                              • API String ID: 2051275411-1862435767
                                                                                                                              • Opcode ID: 1118549c57392ac90ccf853ba687f406601a024f1c1781b3f47750715fc413fe
                                                                                                                              • Instruction ID: 4609d961d1e6a6c9b50d20a9c17260b7e2f4bf46ee5c2bafd069b1c5a14d41a0
                                                                                                                              • Opcode Fuzzy Hash: 1118549c57392ac90ccf853ba687f406601a024f1c1781b3f47750715fc413fe
                                                                                                                              • Instruction Fuzzy Hash: 0B413F30A0061CABDB10EFE5D892ACDBBBAFF48304F51457EA504B7282DB746A05CF59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004062CC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E004062CC(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x6cf05c == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L0040529C();
				} else {
					_t7 = E0040A6C4(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x6c507c; // 0x40543c
					_t12 = E0040A6C4(_t11);
					_t13 =  *0x6c507c; // 0x40543c
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E0040A6C4(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                                                                              0x004062cc
                                                                                                                              0x004062cf
                                                                                                                              0x004062d1
                                                                                                                              0x004062da
                                                                                                                              0x0040633d
                                                                                                                              0x00406342
                                                                                                                              0x00406343
                                                                                                                              0x00406344
                                                                                                                              0x00406346
                                                                                                                              0x004062dc
                                                                                                                              0x004062e5
                                                                                                                              0x004062f4
                                                                                                                              0x00406300
                                                                                                                              0x00406305
                                                                                                                              0x0040630b
                                                                                                                              0x00406319
                                                                                                                              0x00406327
                                                                                                                              0x00406336
                                                                                                                              0x00406336
                                                                                                                              0x0040634e

                                                                                                                              APIs
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 004062EE
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000), ref: 004062F4
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00406313
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 00406319
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000,?), ref: 00406330
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,0040543C,00000000,?,00000000,00000000,000000F4,?,00000000), ref: 00406336
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleWrite
                                                                                                                              • String ID: <T@
                                                                                                                              • API String ID: 3320372497-2050694182
                                                                                                                              • Opcode ID: 3a7656cd0c19575780d7894bf4f285e5ac945aaff44c80ad8d028cd78a591cb3
                                                                                                                              • Instruction ID: ee5667e1a227ecbea5375e2fa2ea65b47cf69c4a4a195d8f09788a9c4629ec5a
                                                                                                                              • Opcode Fuzzy Hash: 3a7656cd0c19575780d7894bf4f285e5ac945aaff44c80ad8d028cd78a591cb3
                                                                                                                              • Instruction Fuzzy Hash: 5701A9A16046147DE610F3BA9C4AF6B279CCB0976CF10463B7514F61D2C97C9C548B7E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405D88 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E00405D88(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x6cf05d; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00405764();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								if(VirtualFree(_t103, 0, 0x8000) == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x6d1b7c = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x6cf98d;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x6cf05d; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x6cfaec], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x6cf98d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E004055DC(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E004055DC(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x6cfaf4 - 0x13ffe0;
							if( *0x6cfaf4 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E0040567C(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x6cfaf4 = 0x13ffe0;
								 *0x6cfaf0 = _t82;
								 *0x6cfaec = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x6cfaec = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E0040561C(_t106, _t88, _t81);
							 *0x6cfaec = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}




























                                                                                                                              0x00405d88
                                                                                                                              0x00405d88
                                                                                                                              0x00405d91
                                                                                                                              0x00405d97
                                                                                                                              0x00405e80
                                                                                                                              0x00405e83
                                                                                                                              0x00405f70
                                                                                                                              0x00405f71
                                                                                                                              0x00405f74
                                                                                                                              0x00405814
                                                                                                                              0x00405816
                                                                                                                              0x00405818
                                                                                                                              0x0040581d
                                                                                                                              0x00405820
                                                                                                                              0x00405825
                                                                                                                              0x00405829
                                                                                                                              0x0040582f
                                                                                                                              0x00405833
                                                                                                                              0x00405839
                                                                                                                              0x00405855
                                                                                                                              0x00405859
                                                                                                                              0x0040585c
                                                                                                                              0x0040585c
                                                                                                                              0x0040585e
                                                                                                                              0x00405866
                                                                                                                              0x00405873
                                                                                                                              0x00405878
                                                                                                                              0x0040587a
                                                                                                                              0x0040587c
                                                                                                                              0x0040587f
                                                                                                                              0x0040587f
                                                                                                                              0x00405881
                                                                                                                              0x00405885
                                                                                                                              0x00405887
                                                                                                                              0x00405889
                                                                                                                              0x0040588b
                                                                                                                              0x00000000
                                                                                                                              0x0040588b
                                                                                                                              0x00000000
                                                                                                                              0x00405887
                                                                                                                              0x0040583b
                                                                                                                              0x0040584a
                                                                                                                              0x00405850
                                                                                                                              0x0040584c
                                                                                                                              0x0040584c
                                                                                                                              0x0040584c
                                                                                                                              0x0040584a
                                                                                                                              0x0040588f
                                                                                                                              0x00405891
                                                                                                                              0x0040589a
                                                                                                                              0x004058a3
                                                                                                                              0x004058a3
                                                                                                                              0x004058a6
                                                                                                                              0x004058b6
                                                                                                                              0x00405f7a
                                                                                                                              0x00405f7f
                                                                                                                              0x00405f7f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405d9d
                                                                                                                              0x00405d9d
                                                                                                                              0x00405d9f
                                                                                                                              0x00405da1
                                                                                                                              0x00405e04
                                                                                                                              0x00405e04
                                                                                                                              0x00405e09
                                                                                                                              0x00405e0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405e0f
                                                                                                                              0x00405e11
                                                                                                                              0x00405e18
                                                                                                                              0x00000000
                                                                                                                              0x00405e1a
                                                                                                                              0x00405e1e
                                                                                                                              0x00405e23
                                                                                                                              0x00405e24
                                                                                                                              0x00405e25
                                                                                                                              0x00405e2a
                                                                                                                              0x00405e2e
                                                                                                                              0x00405e38
                                                                                                                              0x00405e3d
                                                                                                                              0x00405e3e
                                                                                                                              0x00000000
                                                                                                                              0x00405e3e
                                                                                                                              0x00405e2e
                                                                                                                              0x00000000
                                                                                                                              0x00405e18
                                                                                                                              0x00405e04
                                                                                                                              0x00405da3
                                                                                                                              0x00405da3
                                                                                                                              0x00405da3
                                                                                                                              0x00405da3
                                                                                                                              0x00405da7
                                                                                                                              0x00405daa
                                                                                                                              0x00405dd8
                                                                                                                              0x00405dda
                                                                                                                              0x00405def
                                                                                                                              0x00405def
                                                                                                                              0x00405ddc
                                                                                                                              0x00405ddc
                                                                                                                              0x00405ddf
                                                                                                                              0x00405de2
                                                                                                                              0x00405de5
                                                                                                                              0x00405de8
                                                                                                                              0x00405dea
                                                                                                                              0x00405ded
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405ded
                                                                                                                              0x00405df2
                                                                                                                              0x00405df4
                                                                                                                              0x00405df6
                                                                                                                              0x00405df9
                                                                                                                              0x00405e89
                                                                                                                              0x00405e8c
                                                                                                                              0x00405e8e
                                                                                                                              0x00405e90
                                                                                                                              0x00405e91
                                                                                                                              0x00405e93
                                                                                                                              0x00405e44
                                                                                                                              0x00405e44
                                                                                                                              0x00405e49
                                                                                                                              0x00405e51
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405e53
                                                                                                                              0x00405e55
                                                                                                                              0x00405e5c
                                                                                                                              0x00000000
                                                                                                                              0x00405e5e
                                                                                                                              0x00405e60
                                                                                                                              0x00405e65
                                                                                                                              0x00405e6a
                                                                                                                              0x00405e72
                                                                                                                              0x00405e76
                                                                                                                              0x00000000
                                                                                                                              0x00405e76
                                                                                                                              0x00405e72
                                                                                                                              0x00000000
                                                                                                                              0x00405e5c
                                                                                                                              0x00405e44
                                                                                                                              0x00405e95
                                                                                                                              0x00405e95
                                                                                                                              0x00405e9d
                                                                                                                              0x00405ea1
                                                                                                                              0x00405ed8
                                                                                                                              0x00405edb
                                                                                                                              0x00405ede
                                                                                                                              0x00405ee0
                                                                                                                              0x00405ee6
                                                                                                                              0x00405ee8
                                                                                                                              0x00405ee8
                                                                                                                              0x00405ea3
                                                                                                                              0x00405ea3
                                                                                                                              0x00405ea3
                                                                                                                              0x00405ea6
                                                                                                                              0x00405ea6
                                                                                                                              0x00405eaa
                                                                                                                              0x00405eae
                                                                                                                              0x00405ef0
                                                                                                                              0x00405ef3
                                                                                                                              0x00405ef5
                                                                                                                              0x00405ef7
                                                                                                                              0x00405efd
                                                                                                                              0x00405f01
                                                                                                                              0x00405f01
                                                                                                                              0x00405efd
                                                                                                                              0x00405eb0
                                                                                                                              0x00405eb6
                                                                                                                              0x00405f08
                                                                                                                              0x00405f12
                                                                                                                              0x00405f40
                                                                                                                              0x00405f46
                                                                                                                              0x00405f4b
                                                                                                                              0x00405f52
                                                                                                                              0x00405f5c
                                                                                                                              0x00405f62
                                                                                                                              0x00405f69
                                                                                                                              0x00405f6d
                                                                                                                              0x00405f14
                                                                                                                              0x00405f14
                                                                                                                              0x00405f17
                                                                                                                              0x00405f19
                                                                                                                              0x00405f1c
                                                                                                                              0x00405f1f
                                                                                                                              0x00405f21
                                                                                                                              0x00405f30
                                                                                                                              0x00405f35
                                                                                                                              0x00405f38
                                                                                                                              0x00405f3c
                                                                                                                              0x00405f3c
                                                                                                                              0x00405eb8
                                                                                                                              0x00405ebb
                                                                                                                              0x00405ebe
                                                                                                                              0x00405ec6
                                                                                                                              0x00405ecb
                                                                                                                              0x00405ed2
                                                                                                                              0x00405ed6
                                                                                                                              0x00405ed6
                                                                                                                              0x00405dac
                                                                                                                              0x00405dac
                                                                                                                              0x00405dae
                                                                                                                              0x00405db4
                                                                                                                              0x00405db7
                                                                                                                              0x00405dc0
                                                                                                                              0x00405dc3
                                                                                                                              0x00405dc6
                                                                                                                              0x00405dc9
                                                                                                                              0x00405dcc
                                                                                                                              0x00405dcf
                                                                                                                              0x00405dd2
                                                                                                                              0x00405dd2
                                                                                                                              0x00405dd4
                                                                                                                              0x00405dd5
                                                                                                                              0x00405db9
                                                                                                                              0x00405db9
                                                                                                                              0x00405db9
                                                                                                                              0x00405dbb
                                                                                                                              0x00405dbd
                                                                                                                              0x00405dbe
                                                                                                                              0x00405dbe
                                                                                                                              0x00405db7
                                                                                                                              0x00405daa

                                                                                                                              APIs
                                                                                                                              • Sleep.KERNEL32(00000000,?,?,00000000,0040F300,0040F366,?,00000000,?,?,0040F689,00000000,?,00000000,0040FB8A,00000000), ref: 00405E1E
                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040F300,0040F366,?,00000000,?,?,0040F689,00000000,?,00000000,0040FB8A), ref: 00405E38
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3472027048-0
                                                                                                                              • Opcode ID: d1f42db9d12138cdecdca87d68e48a81541cc59cd0f269c0ee0c41ffaf02f020
                                                                                                                              • Instruction ID: 71ad01a6e0dc675f4130d8d0918bf11407b14d9ec69c5e02b41b8aae26145368
                                                                                                                              • Opcode Fuzzy Hash: d1f42db9d12138cdecdca87d68e48a81541cc59cd0f269c0ee0c41ffaf02f020
                                                                                                                              • Instruction Fuzzy Hash: 2871C031604A008FD715DB69C989B27BBD5EF85314F18C17FE888AB3D2D6B88941CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00628E3C Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00628E3C(void* __eax, void* __ebx, intOrPtr __ecx, char __edx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				char _v9;
				char _v16;
				char _v20;
				char _v24;
				void* _t44;
				intOrPtr _t50;
				void* _t51;
				void* _t65;
				void* _t71;
				void* _t76;
				intOrPtr _t88;
				signed int _t103;
				void* _t104;
				char _t106;
				void* _t109;
				void* _t122;

				_t122 = __fp0;
				_push(__ebx);
				_push(__esi);
				_v24 = 0;
				_v8 = __ecx;
				_t106 = __edx;
				_t76 = __eax;
				_push(_t109);
				_push(0x628fc2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t109 + 0xffffffec;
				_t103 = E0060C330(__eax, __edx, __eflags);
				if(_t103 == 0xffffffff || (_t103 & 0x00000010) == 0) {
					_v9 = 1;
					goto L18;
				} else {
					_v20 = _t106;
					_v16 = 0x11;
					E006163B4(L"Deleting directory: %s", _t76, 0,  &_v20, _t103, _t106);
					if((_t103 & 0x00000001) == 0) {
						L9:
						_t44 = E0060C664(_t76, _t106, _t117);
						asm("sbb eax, eax");
						_v9 = _t44 + 1;
						if(_v9 != 0) {
							L18:
							_pop(_t88);
							 *[fs:eax] = _t88;
							_push(E00628FC9);
							return E0040A1C8( &_v24);
						}
						_t104 = GetLastError();
						if(_v8 == 0) {
							__eflags = _a4;
							if(_a4 == 0) {
								L16:
								_v20 = _t104;
								_v16 = 0;
								E006163B4(L"Failed to delete directory (%d).", _t76, 0,  &_v20, _t104, _t106);
								goto L18;
							}
							_t50 = E00628C68(_a4, _t76, _t106, _t106);
							__eflags = _t50;
							if(_t50 == 0) {
								goto L16;
							}
							_t51 = E00429D18();
							__eflags = _t51 - 2;
							if(_t51 != 2) {
								goto L16;
							}
							_v20 = _t104;
							_v16 = 0;
							E006163B4(L"Failed to delete directory (%d). Will delete on restart (if empty).", _t76, 0,  &_v20, _t104, _t106);
							E00628D50(_t76, _t76, _t106, _t104, _t106);
							goto L18;
						}
						_v20 = _t104;
						_v16 = 0;
						E006163B4(L"Failed to delete directory (%d). Will retry later.", _t76, 0,  &_v20, _t104, _t106);
						E0040B29C();
						E0040B470( &_v24, _t106);
						E00610640(_v8, 0, _v24, _t122);
						goto L18;
					}
					_t115 = _t103 & 0x00000400;
					if((_t103 & 0x00000400) != 0) {
						L5:
						_t65 = E0060C6DC(_t76, 0xfffffffe & _t103, _t106, _t116);
						_t117 = _t65;
						if(_t65 == 0) {
							E00616130(L"Failed to strip read-only attribute.", _t76, _t103, _t106);
						} else {
							E00616130(L"Stripped read-only attribute.", _t76, _t103, _t106);
						}
						goto L9;
					}
					_t71 = E0060DFAC(_t76, _t76, _t106, _t106, _t115);
					_t116 = _t71;
					if(_t71 == 0) {
						E00616130(L"Not stripping read-only attribute because the directory does not appear to be empty.", _t76, _t103, _t106);
						goto L9;
					}
					goto L5;
				}
			}




















                                                                                                                              0x00628e3c
                                                                                                                              0x00628e42
                                                                                                                              0x00628e43
                                                                                                                              0x00628e47
                                                                                                                              0x00628e4a
                                                                                                                              0x00628e4d
                                                                                                                              0x00628e4f
                                                                                                                              0x00628e53
                                                                                                                              0x00628e54
                                                                                                                              0x00628e59
                                                                                                                              0x00628e5c
                                                                                                                              0x00628e68
                                                                                                                              0x00628e6d
                                                                                                                              0x00628fa8
                                                                                                                              0x00000000
                                                                                                                              0x00628e7f
                                                                                                                              0x00628e7f
                                                                                                                              0x00628e82
                                                                                                                              0x00628e90
                                                                                                                              0x00628e9b
                                                                                                                              0x00628ee8
                                                                                                                              0x00628eec
                                                                                                                              0x00628ef4
                                                                                                                              0x00628ef7
                                                                                                                              0x00628efe
                                                                                                                              0x00628fac
                                                                                                                              0x00628fae
                                                                                                                              0x00628fb1
                                                                                                                              0x00628fb4
                                                                                                                              0x00628fc1
                                                                                                                              0x00628fc1
                                                                                                                              0x00628f09
                                                                                                                              0x00628f0f
                                                                                                                              0x00628f51
                                                                                                                              0x00628f55
                                                                                                                              0x00628f90
                                                                                                                              0x00628f90
                                                                                                                              0x00628f93
                                                                                                                              0x00628fa1
                                                                                                                              0x00000000
                                                                                                                              0x00628fa1
                                                                                                                              0x00628f5c
                                                                                                                              0x00628f61
                                                                                                                              0x00628f63
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00628f65
                                                                                                                              0x00628f6a
                                                                                                                              0x00628f6d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00628f6f
                                                                                                                              0x00628f72
                                                                                                                              0x00628f80
                                                                                                                              0x00628f89
                                                                                                                              0x00000000
                                                                                                                              0x00628f89
                                                                                                                              0x00628f11
                                                                                                                              0x00628f14
                                                                                                                              0x00628f22
                                                                                                                              0x00628f35
                                                                                                                              0x00628f3f
                                                                                                                              0x00628f4a
                                                                                                                              0x00000000
                                                                                                                              0x00628f4a
                                                                                                                              0x00628e9d
                                                                                                                              0x00628ea3
                                                                                                                              0x00628eb2
                                                                                                                              0x00628ebd
                                                                                                                              0x00628ec2
                                                                                                                              0x00628ec4
                                                                                                                              0x00628ed7
                                                                                                                              0x00628ec6
                                                                                                                              0x00628ecb
                                                                                                                              0x00628ecb
                                                                                                                              0x00000000
                                                                                                                              0x00628ec4
                                                                                                                              0x00628ea9
                                                                                                                              0x00628eae
                                                                                                                              0x00628eb0
                                                                                                                              0x00628ee3
                                                                                                                              0x00000000
                                                                                                                              0x00628ee3
                                                                                                                              0x00000000
                                                                                                                              0x00628eb0

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(00000000,00628FC2,?,00000000,?), ref: 00628F04
                                                                                                                                • Part of subcall function 0060DFAC: FindClose.KERNEL32(000000FF,0060E0A1), ref: 0060E090
                                                                                                                              Strings
                                                                                                                              • Failed to delete directory (%d)., xrefs: 00628F9C
                                                                                                                              • Deleting directory: %s, xrefs: 00628E8B
                                                                                                                              • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00628F7B
                                                                                                                              • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 00628EDE
                                                                                                                              • Failed to strip read-only attribute., xrefs: 00628ED2
                                                                                                                              • Stripped read-only attribute., xrefs: 00628EC6
                                                                                                                              • Failed to delete directory (%d). Will retry later., xrefs: 00628F1D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseErrorFindLast
                                                                                                                              • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                                                              • API String ID: 754982922-1448842058
                                                                                                                              • Opcode ID: 26a744d6ed1e8c7e26888ce2ff3c1dd1eb78078e03b1af9277fe7f611934b48f
                                                                                                                              • Instruction ID: bb024c1df45f9af0c8d848e5c22ededdbf4d41f71593f538bf5593c1374477db
                                                                                                                              • Opcode Fuzzy Hash: 26a744d6ed1e8c7e26888ce2ff3c1dd1eb78078e03b1af9277fe7f611934b48f
                                                                                                                              • Instruction Fuzzy Hash: B5410330A11A285ECB00EB68DD053EE77E7AF84310F11842EB411D3382CFB48E45CBA6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005B8390 Relevance: 12.1, APIs: 8, Instructions: 99windowthreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E005B8390(void* __eax, struct HWND__** __edx) {
				long _v20;
				intOrPtr _t17;
				intOrPtr _t30;
				void* _t46;
				void* _t50;
				struct HWND__** _t51;
				struct HWND__* _t52;
				struct HWND__* _t53;
				void* _t54;
				DWORD* _t55;

				_t55 = _t54 + 0xfffffff8;
				_t51 = __edx;
				_t50 = __eax;
				_t46 = 0;
				_t17 =  *((intOrPtr*)(__edx + 4));
				if(_t17 < 0x100 || _t17 > 0x109) {
					L19:
					return _t46;
				} else {
					_t52 = GetCapture();
					if(_t52 != 0) {
						GetWindowThreadProcessId(_t52, _t55);
						GetWindowThreadProcessId( *(_t50 + 0x188),  &_v20);
						if( *_t55 == _v20 && SendMessageW(_t52, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
							_t46 = 1;
						}
						goto L19;
					}
					_t53 =  *_t51;
					_t30 =  *((intOrPtr*)(_t50 + 0x58));
					if(_t30 == 0 || _t53 !=  *((intOrPtr*)(_t30 + 0x3c4))) {
						L7:
						if(E0050E9B4(_t53) == 0 && _t53 != 0) {
							_t53 = GetParent(_t53);
							goto L7;
						}
						if(_t53 == 0) {
							_t53 =  *_t51;
						}
						goto L11;
					} else {
						_t53 = E0051B414(_t30);
						L11:
						if(IsWindowUnicode(_t53) == 0) {
							if(SendMessageA(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						} else {
							if(SendMessageW(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						}
						goto L19;
					}
				}
			}













                                                                                                                              0x005b8394
                                                                                                                              0x005b8397
                                                                                                                              0x005b8399
                                                                                                                              0x005b839b
                                                                                                                              0x005b839d
                                                                                                                              0x005b83a5
                                                                                                                              0x005b847e
                                                                                                                              0x005b8486
                                                                                                                              0x005b83b6
                                                                                                                              0x005b83bb
                                                                                                                              0x005b83bf
                                                                                                                              0x005b8442
                                                                                                                              0x005b8453
                                                                                                                              0x005b845f
                                                                                                                              0x005b847c
                                                                                                                              0x005b847c
                                                                                                                              0x00000000
                                                                                                                              0x005b845f
                                                                                                                              0x005b83c1
                                                                                                                              0x005b83c3
                                                                                                                              0x005b83c8
                                                                                                                              0x005b83e3
                                                                                                                              0x005b83ec
                                                                                                                              0x005b83e1
                                                                                                                              0x00000000
                                                                                                                              0x005b83e1
                                                                                                                              0x005b83f4
                                                                                                                              0x005b83f6
                                                                                                                              0x005b83f6
                                                                                                                              0x00000000
                                                                                                                              0x005b83d2
                                                                                                                              0x005b83d7
                                                                                                                              0x005b83f8
                                                                                                                              0x005b8400
                                                                                                                              0x005b843a
                                                                                                                              0x005b843c
                                                                                                                              0x005b843c
                                                                                                                              0x005b8402
                                                                                                                              0x005b841b
                                                                                                                              0x005b841d
                                                                                                                              0x005b841d
                                                                                                                              0x005b841b
                                                                                                                              0x00000000
                                                                                                                              0x005b8400
                                                                                                                              0x005b83c8

                                                                                                                              APIs
                                                                                                                              • GetCapture.USER32 ref: 005B83B6
                                                                                                                              • IsWindowUnicode.USER32(00000000), ref: 005B83F9
                                                                                                                              • SendMessageW.USER32(00000000,-0000BBEE,00000000,?), ref: 005B8414
                                                                                                                              • SendMessageA.USER32(00000000,-0000BBEE,00000000,?), ref: 005B8433
                                                                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 005B8442
                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 005B8453
                                                                                                                              • SendMessageW.USER32(00000000,-0000BBEE,00000000,?), ref: 005B8473
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSendWindow$ProcessThread$CaptureUnicode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1994056952-0
                                                                                                                              • Opcode ID: 60d5d18c6536e8f3e7333ea3e87ccb02092badd8fb76314d68d3832b537e943d
                                                                                                                              • Instruction ID: fa2d834c3aada0f77e9407d785ac3e39b975c7e98aa55159218471e4f58a832a
                                                                                                                              • Opcode Fuzzy Hash: 60d5d18c6536e8f3e7333ea3e87ccb02092badd8fb76314d68d3832b537e943d
                                                                                                                              • Instruction Fuzzy Hash: 3C21BFB520460A6F9A60EA99CD40EE777DCFF44744B105829B999C3642DE14F840C765
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405F80 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E00405F80(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00405A04(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E004055C0(_t202, _t218, _t150);
										E00405D88(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00405A04(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00405590(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E00405D88(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00405A04(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00405590(_t217, _t207, _t109);
									E00405D88(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x6cf05d;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E004055DC(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E0040561C(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x6cfaec = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x6cfaec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x6cf98d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x6cfaec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x6cfaec = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x6cf05d;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x6cfaec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x6cf98d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x6cfaec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E004055DC(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E0040561C(_t217 + _t238, _t174, _t161);
									}
									 *0x6cfaec = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00405A04(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E004055C0(_t217, _t213, _t140);
											E00405D88(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00405A04((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E00405D88(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00405A04(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E00405D88(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                                                                              0x00405f80
                                                                                                                              0x00405f80
                                                                                                                              0x00405f80
                                                                                                                              0x00405f88
                                                                                                                              0x00405f8a
                                                                                                                              0x00406018
                                                                                                                              0x0040601b
                                                                                                                              0x00406288
                                                                                                                              0x00406289
                                                                                                                              0x0040628a
                                                                                                                              0x0040628d
                                                                                                                              0x004058b8
                                                                                                                              0x004058b9
                                                                                                                              0x004058ba
                                                                                                                              0x004058bb
                                                                                                                              0x004058bc
                                                                                                                              0x004058bf
                                                                                                                              0x004058c1
                                                                                                                              0x004058c8
                                                                                                                              0x004058d1
                                                                                                                              0x004058d6
                                                                                                                              0x004059bd
                                                                                                                              0x004059bf
                                                                                                                              0x004059d2
                                                                                                                              0x004059d4
                                                                                                                              0x004059d6
                                                                                                                              0x004059d8
                                                                                                                              0x004059de
                                                                                                                              0x004059e2
                                                                                                                              0x004059e2
                                                                                                                              0x004059e5
                                                                                                                              0x004059e5
                                                                                                                              0x004059ee
                                                                                                                              0x004059f5
                                                                                                                              0x004059f5
                                                                                                                              0x004059c1
                                                                                                                              0x004059c1
                                                                                                                              0x004059c6
                                                                                                                              0x004059c6
                                                                                                                              0x004058dc
                                                                                                                              0x004058e5
                                                                                                                              0x004058eb
                                                                                                                              0x004058e7
                                                                                                                              0x004058e7
                                                                                                                              0x004058e7
                                                                                                                              0x004058f7
                                                                                                                              0x00405906
                                                                                                                              0x00405913
                                                                                                                              0x00405983
                                                                                                                              0x0040598a
                                                                                                                              0x0040598c
                                                                                                                              0x0040598e
                                                                                                                              0x00405990
                                                                                                                              0x00405996
                                                                                                                              0x0040599a
                                                                                                                              0x0040599a
                                                                                                                              0x0040599d
                                                                                                                              0x0040599d
                                                                                                                              0x004059ad
                                                                                                                              0x004059b4
                                                                                                                              0x004059b4
                                                                                                                              0x00405915
                                                                                                                              0x00405915
                                                                                                                              0x00405921
                                                                                                                              0x00405927
                                                                                                                              0x00000000
                                                                                                                              0x00405929
                                                                                                                              0x0040593a
                                                                                                                              0x0040593e
                                                                                                                              0x00405940
                                                                                                                              0x00405940
                                                                                                                              0x00405956
                                                                                                                              0x00000000
                                                                                                                              0x0040596e
                                                                                                                              0x00405970
                                                                                                                              0x00405973
                                                                                                                              0x0040597c
                                                                                                                              0x0040597f
                                                                                                                              0x0040597f
                                                                                                                              0x00405956
                                                                                                                              0x00405927
                                                                                                                              0x00405913
                                                                                                                              0x00405a03
                                                                                                                              0x00406293
                                                                                                                              0x00406293
                                                                                                                              0x00406295
                                                                                                                              0x00406295
                                                                                                                              0x00406021
                                                                                                                              0x00406023
                                                                                                                              0x00406026
                                                                                                                              0x00406027
                                                                                                                              0x0040602a
                                                                                                                              0x0040602d
                                                                                                                              0x00406030
                                                                                                                              0x00406032
                                                                                                                              0x00406033
                                                                                                                              0x00406148
                                                                                                                              0x0040614b
                                                                                                                              0x0040614d
                                                                                                                              0x00406240
                                                                                                                              0x0040624b
                                                                                                                              0x00406252
                                                                                                                              0x00406254
                                                                                                                              0x00406257
                                                                                                                              0x0040625c
                                                                                                                              0x0040625d
                                                                                                                              0x0040625f
                                                                                                                              0x00000000
                                                                                                                              0x00406261
                                                                                                                              0x00406261
                                                                                                                              0x00406267
                                                                                                                              0x00406269
                                                                                                                              0x00406269
                                                                                                                              0x0040626c
                                                                                                                              0x00406274
                                                                                                                              0x0040627b
                                                                                                                              0x00406286
                                                                                                                              0x00406286
                                                                                                                              0x00406153
                                                                                                                              0x00406153
                                                                                                                              0x00406156
                                                                                                                              0x00406159
                                                                                                                              0x0040615b
                                                                                                                              0x00000000
                                                                                                                              0x00406161
                                                                                                                              0x00406161
                                                                                                                              0x00406168
                                                                                                                              0x004061c5
                                                                                                                              0x004061c5
                                                                                                                              0x004061ca
                                                                                                                              0x004061d0
                                                                                                                              0x004061d5
                                                                                                                              0x004061d6
                                                                                                                              0x004061d6
                                                                                                                              0x004061e2
                                                                                                                              0x004061f3
                                                                                                                              0x004061f9
                                                                                                                              0x004061f9
                                                                                                                              0x004061fb
                                                                                                                              0x00406208
                                                                                                                              0x0040620f
                                                                                                                              0x00406213
                                                                                                                              0x00406215
                                                                                                                              0x0040621b
                                                                                                                              0x0040621d
                                                                                                                              0x0040621f
                                                                                                                              0x0040621f
                                                                                                                              0x004061fd
                                                                                                                              0x004061fd
                                                                                                                              0x00406201
                                                                                                                              0x00406201
                                                                                                                              0x00406224
                                                                                                                              0x00406224
                                                                                                                              0x00406226
                                                                                                                              0x00406229
                                                                                                                              0x00406230
                                                                                                                              0x00406232
                                                                                                                              0x00406236
                                                                                                                              0x0040616a
                                                                                                                              0x0040616a
                                                                                                                              0x0040616f
                                                                                                                              0x00406177
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406179
                                                                                                                              0x0040617b
                                                                                                                              0x00406182
                                                                                                                              0x00000000
                                                                                                                              0x00406184
                                                                                                                              0x00406188
                                                                                                                              0x0040618d
                                                                                                                              0x0040618e
                                                                                                                              0x00406194
                                                                                                                              0x0040619c
                                                                                                                              0x004061a2
                                                                                                                              0x004061a7
                                                                                                                              0x004061a8
                                                                                                                              0x00000000
                                                                                                                              0x004061a8
                                                                                                                              0x0040619c
                                                                                                                              0x00000000
                                                                                                                              0x00406182
                                                                                                                              0x004061b1
                                                                                                                              0x004061b4
                                                                                                                              0x004061b7
                                                                                                                              0x004061b9
                                                                                                                              0x00406239
                                                                                                                              0x00406239
                                                                                                                              0x00000000
                                                                                                                              0x004061bb
                                                                                                                              0x004061bb
                                                                                                                              0x004061be
                                                                                                                              0x004061c1
                                                                                                                              0x004061c3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004061c3
                                                                                                                              0x004061b9
                                                                                                                              0x00406168
                                                                                                                              0x0040615b
                                                                                                                              0x00406039
                                                                                                                              0x0040603c
                                                                                                                              0x0040603e
                                                                                                                              0x00406048
                                                                                                                              0x0040604e
                                                                                                                              0x00406065
                                                                                                                              0x00406065
                                                                                                                              0x00406071
                                                                                                                              0x00406077
                                                                                                                              0x00406079
                                                                                                                              0x00406080
                                                                                                                              0x00406082
                                                                                                                              0x00406087
                                                                                                                              0x0040608f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406091
                                                                                                                              0x00406093
                                                                                                                              0x0040609a
                                                                                                                              0x00000000
                                                                                                                              0x0040609c
                                                                                                                              0x0040609f
                                                                                                                              0x004060a4
                                                                                                                              0x004060aa
                                                                                                                              0x004060b2
                                                                                                                              0x004060b7
                                                                                                                              0x004060bc
                                                                                                                              0x00000000
                                                                                                                              0x004060bc
                                                                                                                              0x004060b2
                                                                                                                              0x00000000
                                                                                                                              0x0040609a
                                                                                                                              0x004060c5
                                                                                                                              0x004060c5
                                                                                                                              0x004060c5
                                                                                                                              0x004060ca
                                                                                                                              0x004060cd
                                                                                                                              0x004060cf
                                                                                                                              0x004060d2
                                                                                                                              0x004060d5
                                                                                                                              0x004060e0
                                                                                                                              0x004060e2
                                                                                                                              0x004060e5
                                                                                                                              0x004060e7
                                                                                                                              0x004060e9
                                                                                                                              0x004060ef
                                                                                                                              0x004060f1
                                                                                                                              0x004060f1
                                                                                                                              0x004060d7
                                                                                                                              0x004060da
                                                                                                                              0x004060da
                                                                                                                              0x004060f6
                                                                                                                              0x004060fc
                                                                                                                              0x00406100
                                                                                                                              0x00406106
                                                                                                                              0x0040610d
                                                                                                                              0x0040610d
                                                                                                                              0x00406112
                                                                                                                              0x0040611f
                                                                                                                              0x00406050
                                                                                                                              0x00406050
                                                                                                                              0x00406056
                                                                                                                              0x00406120
                                                                                                                              0x00406124
                                                                                                                              0x00406129
                                                                                                                              0x0040612b
                                                                                                                              0x0040612d
                                                                                                                              0x00406135
                                                                                                                              0x0040613c
                                                                                                                              0x00406141
                                                                                                                              0x00406141
                                                                                                                              0x00406147
                                                                                                                              0x0040605c
                                                                                                                              0x0040605c
                                                                                                                              0x00406061
                                                                                                                              0x00406063
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00406063
                                                                                                                              0x00406056
                                                                                                                              0x00406040
                                                                                                                              0x00406040
                                                                                                                              0x00406044
                                                                                                                              0x00406044
                                                                                                                              0x0040603e
                                                                                                                              0x00406033
                                                                                                                              0x00405f90
                                                                                                                              0x00405f90
                                                                                                                              0x00405f92
                                                                                                                              0x00405f96
                                                                                                                              0x00405f99
                                                                                                                              0x00405f9b
                                                                                                                              0x00405fd4
                                                                                                                              0x00405fd8
                                                                                                                              0x00405fd9
                                                                                                                              0x00405fdb
                                                                                                                              0x00405fdd
                                                                                                                              0x00405fdf
                                                                                                                              0x00405fe2
                                                                                                                              0x00405fe4
                                                                                                                              0x00405fe6
                                                                                                                              0x00405feb
                                                                                                                              0x00405fed
                                                                                                                              0x00405fef
                                                                                                                              0x00405ff5
                                                                                                                              0x00405ff7
                                                                                                                              0x00405ff7
                                                                                                                              0x00405ffe
                                                                                                                              0x00405ffe
                                                                                                                              0x00406001
                                                                                                                              0x00406003
                                                                                                                              0x0040600c
                                                                                                                              0x00406011
                                                                                                                              0x00406011
                                                                                                                              0x00406013
                                                                                                                              0x00406014
                                                                                                                              0x00406015
                                                                                                                              0x00406016
                                                                                                                              0x00405f9d
                                                                                                                              0x00405f9d
                                                                                                                              0x00405fa4
                                                                                                                              0x00405fa6
                                                                                                                              0x00405fac
                                                                                                                              0x00405fae
                                                                                                                              0x00405fb0
                                                                                                                              0x00405fb5
                                                                                                                              0x00405fb7
                                                                                                                              0x00405fb9
                                                                                                                              0x00405fbb
                                                                                                                              0x00405fbd
                                                                                                                              0x00405fc8
                                                                                                                              0x00405fcd
                                                                                                                              0x00405fcd
                                                                                                                              0x00405fcf
                                                                                                                              0x00405fd0
                                                                                                                              0x00405fd1
                                                                                                                              0x00405fa8
                                                                                                                              0x00405fa8
                                                                                                                              0x00405fa9
                                                                                                                              0x00405faa
                                                                                                                              0x00405faa
                                                                                                                              0x00405fa6
                                                                                                                              0x00405f9b

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 833c993916d0d18284627c8ebcb851e0d3f6b00a19ef6d1fc725f28c20042ba8
                                                                                                                              • Instruction ID: 5d66737b0d4da92f98c0db807105cf356bd4b4b1c4874a50b8b8aa415a59ee3b
                                                                                                                              • Opcode Fuzzy Hash: 833c993916d0d18284627c8ebcb851e0d3f6b00a19ef6d1fc725f28c20042ba8
                                                                                                                              • Instruction Fuzzy Hash: D1C134A2710A004BD714AB7D9C8476FB286DBC5324F19823FE645EB3D6DA7CCC558B88
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006158C4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 239windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 62%
                                                                                                                              			E006158C4(void* __ebx, int* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				int* _v16;
				char _v144;
				intOrPtr _v148;
				void* _v152;
				intOrPtr _v156;
				char _v168;
				char _v172;
				void* _t51;
				intOrPtr* _t57;
				intOrPtr* _t62;
				intOrPtr* _t65;
				intOrPtr* _t71;
				intOrPtr _t77;
				void* _t104;
				void* _t107;
				int* _t108;
				struct HWND__* _t118;
				int _t122;
				intOrPtr _t152;
				intOrPtr _t156;
				intOrPtr _t157;
				intOrPtr _t162;
				struct HWND__* _t163;
				intOrPtr _t164;
				intOrPtr _t165;
				intOrPtr _t166;
				intOrPtr _t169;
				intOrPtr _t172;
				intOrPtr _t176;
				void* _t181;
				void* _t182;
				intOrPtr _t183;
				void* _t189;

				_t189 = __fp0;
				_t179 = __esi;
				_t178 = __edi;
				_t181 = _t182;
				_t183 = _t182 + 0xffffff58;
				_push(__esi);
				_push(__edi);
				_v172 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = __edx;
				_push(_t181);
				_push(0x615c7e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				_push(_t181);
				_push(0x615c40);
				_push( *[fs:edx]);
				 *[fs:edx] = _t183;
				_t122 =  *_v16;
				_t51 = _t122 - 0x4a;
				if(_t51 == 0) {
					_t53 = _v16[2];
					_t152 =  *(_v16[2]) - 0x800;
					__eflags = _t152;
					if(__eflags == 0) {
						_push(_t181);
						_push(0x615a6b);
						_push( *[fs:edx]);
						 *[fs:edx] = _t183;
						E0040A350( &_v8,  *(_t53 + 4) >> 1,  *((intOrPtr*)(_t53 + 8)), __eflags);
						_push(_t181);
						_push(0x615a29);
						_push( *[fs:eax]);
						 *[fs:eax] = _t183;
						_t57 =  *0x6cd8cc; // 0x6d681c
						 *_t57 =  *_t57 + 1;
						_push(_t181);
						_push(0x615a0e);
						_push( *[fs:eax]);
						 *[fs:eax] = _t183;
						L006ABD3C(_v8,  *(_t53 + 4) >> 1,  &_v12);
						_pop(_t156);
						 *[fs:eax] = _t156;
						_push(E00615A15);
						_t62 =  *0x6cd8cc; // 0x6d681c
						 *_t62 =  *_t62 - 1;
						__eflags =  *_t62;
						return _t62;
					} else {
						_t157 = _t152 - 1;
						__eflags = _t157;
						if(_t157 == 0) {
							_push(_t181);
							_push(0x615b61);
							_push( *[fs:edx]);
							 *[fs:edx] = _t183;
							E0040714C( *((intOrPtr*)(_t53 + 8)), _t122, 0x98,  &_v168);
							_push(_t181);
							_push(0x615b1f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t183;
							_t65 =  *0x6cdb4c; // 0x6d682c
							__eflags =  *_t65;
							if( *_t65 == 0) {
								E00429008(L"Cannot evaluate variable because [Code] isn\'t running yet", 1);
								E004098C4();
							}
							E0040A998( &_v172, 0x80,  &_v144, 0);
							_t71 =  *0x6cdb4c; // 0x6d682c
							E006A3E88( *_t71, _t122, _v156, _t178, _t179, _t189,  &_v12, _v172, _v148);
							_v16[3] = 1;
							_pop(_t162);
							 *[fs:eax] = _t162;
							_t163 =  *0x6d62f8; // 0x0
							_t77 =  *0x6d62f4; // 0x0
							E005D6064(_t77, _t122, _t163, _t178, _t179, _v12);
							_pop(_t164);
							 *[fs:eax] = _t164;
						} else {
							_t169 = _t157 - 1;
							__eflags = _t169;
							if(_t169 == 0) {
								_push(_t181);
								_push(0x615bb7);
								_push( *[fs:edx]);
								 *[fs:edx] = _t183;
								E0040A1EC(0x6d62e8);
								E0040A3A4(0x6d62e8,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
								_v16[3] = 1;
								_pop(_t172);
								 *[fs:eax] = _t172;
							} else {
								__eflags = _t169 == 1;
								if(_t169 == 1) {
									_push(_t181);
									_push(0x615c0a);
									_push( *[fs:edx]);
									 *[fs:edx] = _t183;
									E0040A1EC(0x6d62ec);
									E0040A3A4(0x6d62ec,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
									_v16[3] = 1;
									_pop(_t176);
									 *[fs:eax] = _t176;
								}
							}
						}
						goto L21;
					}
				} else {
					_t104 = _t51 - 0xbb6;
					if(_t104 == 0) {
						 *0x6d62e4 = 0;
						 *0x6d62f4 = 0;
						 *0x6d62fc = 1;
						 *0x6d62fd = 0;
						PostMessageW(0, 0, 0, 0);
					} else {
						_t107 = _t104 - 1;
						if(_t107 == 0) {
							 *0x6d62fc = 1;
							_t108 = _v16;
							__eflags =  *((intOrPtr*)(_t108 + 4)) - 1;
							 *0x6d62fd =  *((intOrPtr*)(_t108 + 4)) == 1;
							PostMessageW(0, 0, 0, 0);
						} else {
							if(_t107 == 2) {
								SetForegroundWindow(_v16[1]);
							} else {
								_t118 =  *0x6d62f8; // 0x0
								_v16[3] = DefWindowProcW(_t118, _t122, _v16[1], _v16[2]);
							}
						}
					}
					L21:
					_pop(_t165);
					 *[fs:eax] = _t165;
					_pop(_t166);
					 *[fs:eax] = _t166;
					_push(E00615C85);
					E0040A1EC( &_v172);
					return E0040A228( &_v12, 2);
				}
			}






































                                                                                                                              0x006158c4
                                                                                                                              0x006158c4
                                                                                                                              0x006158c4
                                                                                                                              0x006158c5
                                                                                                                              0x006158c7
                                                                                                                              0x006158ce
                                                                                                                              0x006158cf
                                                                                                                              0x006158d2
                                                                                                                              0x006158d8
                                                                                                                              0x006158db
                                                                                                                              0x006158de
                                                                                                                              0x006158e3
                                                                                                                              0x006158e4
                                                                                                                              0x006158e9
                                                                                                                              0x006158ec
                                                                                                                              0x006158f1
                                                                                                                              0x006158f2
                                                                                                                              0x006158f7
                                                                                                                              0x006158fa
                                                                                                                              0x00615900
                                                                                                                              0x00615904
                                                                                                                              0x00615907
                                                                                                                              0x00615986
                                                                                                                              0x0061598b
                                                                                                                              0x0061598b
                                                                                                                              0x00615991
                                                                                                                              0x006159af
                                                                                                                              0x006159b0
                                                                                                                              0x006159b5
                                                                                                                              0x006159b8
                                                                                                                              0x006159c6
                                                                                                                              0x006159cd
                                                                                                                              0x006159ce
                                                                                                                              0x006159d3
                                                                                                                              0x006159d6
                                                                                                                              0x006159d9
                                                                                                                              0x006159de
                                                                                                                              0x006159e2
                                                                                                                              0x006159e3
                                                                                                                              0x006159e8
                                                                                                                              0x006159eb
                                                                                                                              0x006159f4
                                                                                                                              0x006159fb
                                                                                                                              0x006159fe
                                                                                                                              0x00615a01
                                                                                                                              0x00615a06
                                                                                                                              0x00615a0b
                                                                                                                              0x00615a0b
                                                                                                                              0x00615a0d
                                                                                                                              0x00615993
                                                                                                                              0x00615993
                                                                                                                              0x00615993
                                                                                                                              0x00615994
                                                                                                                              0x00615a7c
                                                                                                                              0x00615a7d
                                                                                                                              0x00615a82
                                                                                                                              0x00615a85
                                                                                                                              0x00615a96
                                                                                                                              0x00615a9d
                                                                                                                              0x00615a9e
                                                                                                                              0x00615aa3
                                                                                                                              0x00615aa6
                                                                                                                              0x00615aa9
                                                                                                                              0x00615aae
                                                                                                                              0x00615ab1
                                                                                                                              0x00615abf
                                                                                                                              0x00615ac4
                                                                                                                              0x00615ac4
                                                                                                                              0x00615ae3
                                                                                                                              0x00615af3
                                                                                                                              0x00615b06
                                                                                                                              0x00615b0e
                                                                                                                              0x00615b17
                                                                                                                              0x00615b1a
                                                                                                                              0x00615b44
                                                                                                                              0x00615b4a
                                                                                                                              0x00615b4f
                                                                                                                              0x00615b56
                                                                                                                              0x00615b59
                                                                                                                              0x0061599a
                                                                                                                              0x0061599a
                                                                                                                              0x0061599a
                                                                                                                              0x0061599b
                                                                                                                              0x00615b72
                                                                                                                              0x00615b73
                                                                                                                              0x00615b78
                                                                                                                              0x00615b7b
                                                                                                                              0x00615b83
                                                                                                                              0x00615b9e
                                                                                                                              0x00615ba6
                                                                                                                              0x00615baf
                                                                                                                              0x00615bb2
                                                                                                                              0x006159a1
                                                                                                                              0x006159a1
                                                                                                                              0x006159a2
                                                                                                                              0x00615bc5
                                                                                                                              0x00615bc6
                                                                                                                              0x00615bcb
                                                                                                                              0x00615bce
                                                                                                                              0x00615bd6
                                                                                                                              0x00615bf1
                                                                                                                              0x00615bf9
                                                                                                                              0x00615c02
                                                                                                                              0x00615c05
                                                                                                                              0x00615c05
                                                                                                                              0x006159a2
                                                                                                                              0x0061599b
                                                                                                                              0x00000000
                                                                                                                              0x00615994
                                                                                                                              0x00615909
                                                                                                                              0x00615909
                                                                                                                              0x0061590e
                                                                                                                              0x0061591d
                                                                                                                              0x00615926
                                                                                                                              0x0061592b
                                                                                                                              0x00615932
                                                                                                                              0x00615941
                                                                                                                              0x00615910
                                                                                                                              0x00615910
                                                                                                                              0x00615911
                                                                                                                              0x0061594b
                                                                                                                              0x00615952
                                                                                                                              0x00615955
                                                                                                                              0x00615959
                                                                                                                              0x00615968
                                                                                                                              0x00615913
                                                                                                                              0x00615916
                                                                                                                              0x00615979
                                                                                                                              0x00615918
                                                                                                                              0x00615c25
                                                                                                                              0x00615c33
                                                                                                                              0x00615c33
                                                                                                                              0x00615916
                                                                                                                              0x00615911
                                                                                                                              0x00615c36
                                                                                                                              0x00615c38
                                                                                                                              0x00615c3b
                                                                                                                              0x00615c5a
                                                                                                                              0x00615c5d
                                                                                                                              0x00615c60
                                                                                                                              0x00615c6b
                                                                                                                              0x00615c7d
                                                                                                                              0x00615c7d

                                                                                                                              APIs
                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00615941
                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00615968
                                                                                                                              • SetForegroundWindow.USER32(?,00000000,00615C40,?,00000000,00615C7E), ref: 00615979
                                                                                                                              • DefWindowProcW.USER32(00000000,?,?,?,00000000,00615C40,?,00000000,00615C7E), ref: 00615C2B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostWindow$ForegroundProc
                                                                                                                              • String ID: ,hm$Cannot evaluate variable because [Code] isn't running yet
                                                                                                                              • API String ID: 602442252-4088602279
                                                                                                                              • Opcode ID: eafa938bd0d35b67fa3aa80a9c226fdf4f168fe7d6e4a4976139d4381ac2f75f
                                                                                                                              • Instruction ID: a4d9e41ba68ff62660f6698438dd6fdd69331843db6522f8d42236939986de27
                                                                                                                              • Opcode Fuzzy Hash: eafa938bd0d35b67fa3aa80a9c226fdf4f168fe7d6e4a4976139d4381ac2f75f
                                                                                                                              • Instruction Fuzzy Hash: F691BC34A04704EFD711DF69D8A1F99FBB6EB89700F19C4AAF8059B7A1C634AD80CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060D8B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 216COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 78%
                                                                                                                              			E0060D8B0(char __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v41;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				void* __ecx;
				char _t90;
				char _t167;
				char _t168;
				intOrPtr _t171;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t207;
				intOrPtr _t217;
				intOrPtr _t218;

				_t215 = __esi;
				_t214 = __edi;
				_t217 = _t218;
				_t171 = 8;
				goto L1;
				L4:
				if(E005C77E8() != 0) {
					__eflags = _t167;
					if(__eflags == 0) {
						E0060D650(_v8, _t167,  &_v68, _t214, _t215, __eflags);
						E0040A5F0( &_v8, _v68);
						__eflags = _v12;
						if(__eflags != 0) {
							E0060D650(_v12, _t167,  &_v72, _t214, _t215, __eflags);
							E0040A5F0( &_v12, _v72);
						}
					}
					_t90 = E0060C558(_t167, _v12, _v8, 5);
					__eflags = _t90;
					if(_t90 == 0) {
						E0060CE84(L"MoveFileEx");
					}
					__eflags = 0;
					_pop(_t186);
					 *[fs:eax] = _t186;
					_push(E0060DBD9);
					E0040A228( &_v72, 7);
					return E0040A228( &_v32, 7);
				} else {
					E005C7430( &_v16);
					E005C4EA4(_v16,  &_v56);
					E0040B4C8( &_v20, L"WININIT.INI", _v56);
					E0060D294(0, _t167, L".tmp", _v16, _t214, _t215,  &_v24);
					_push(_t217);
					_push(0x60db3e);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					_v36 = 0;
					_v40 = 0;
					_push(_t217);
					_push(0x60dae2);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					WritePrivateProfileStringW(0, 0, 0, E0040B278(_v20));
					_v36 = E005CBFB8(1, 1, 0, 3);
					_t179 = _v24;
					_v40 = E005CBFB8(1, 0, 1, 0);
					_v41 = 0;
					_t168 = 0;
					while(E005CC258(_v36) == 0) {
						E005CC268(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E004225EC(_v28, 1,  &_v32, _t215);
						__eflags = _v32;
						if(__eflags == 0) {
							L11:
							E005CC5A0(_v40, 1, _v28, _t215, __eflags);
							_t168 = 0;
							__eflags = 0;
							continue;
						} else {
							__eflags =  *_v32 - 0x5b;
							if(__eflags != 0) {
								goto L11;
							} else {
								__eflags = E00422368(_v32, _t179, L"[rename]");
								if(__eflags != 0) {
									__eflags = _v41;
									if(__eflags == 0) {
										goto L11;
									}
								} else {
									_v41 = 1;
									goto L11;
								}
							}
						}
						break;
					}
					_t223 = _v41;
					if(_v41 == 0) {
						E005CC5A0(_v40, _t168, L"[rename]", _t215, _t223);
					}
					_t224 = _v12;
					if(_v12 == 0) {
						E0040A5F0( &_v32, 0x60dc48);
					} else {
						E005C73D8(_v12, _t179,  &_v32, _t224);
					}
					_push(_v32);
					_push(0x60dc5c);
					E005C73D8(_v8, _t179,  &_v64, _t224);
					_push(_v64);
					E0040B550( &_v60, _t168, 3, _t214, _t215);
					E005CC5A0(_v40, _t168, _v60, _t215, _t224);
					_t225 = _t168;
					if(_t168 != 0) {
						E005CC5A0(_v40, _t168, _v28, _t215, _t225);
					}
					while(E005CC258(_v36) == 0) {
						E005CC268(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E005CC5A0(_v40, _t168, _v28, _t215, __eflags);
					}
					_pop(_t207);
					 *[fs:eax] = _t207;
					_push(E0060DAE9);
					E00408444(_v40);
					return E00408444(_v36);
				}
				L1:
				_push(0);
				_push(0);
				_t171 = _t171 - 1;
				if(_t171 != 0) {
					goto L1;
				} else {
					_t1 =  &_v8;
					 *_t1 = _t171;
					_push(__esi);
					_push(__edi);
					_v12 =  *_t1;
					_v8 = __edx;
					_t167 = __eax;
					E0040A2AC(_v8);
					E0040A2AC(_v12);
					_push(_t217);
					_push(0x60dbd2);
					 *[fs:eax] = _t218;
					E005C52C8(_v8,  &_v48, _t217,  *[fs:eax]);
					E0040A5F0( &_v8, _v48);
					if(_v12 != 0) {
						E005C52C8(_v12,  &_v52, _t217);
						E0040A5F0( &_v12, _v52);
					}
				}
				goto L4;
			}






























                                                                                                                              0x0060d8b0
                                                                                                                              0x0060d8b0
                                                                                                                              0x0060d8b1
                                                                                                                              0x0060d8b4
                                                                                                                              0x0060d8b4
                                                                                                                              0x0060d91e
                                                                                                                              0x0060d925
                                                                                                                              0x0060db57
                                                                                                                              0x0060db59
                                                                                                                              0x0060db61
                                                                                                                              0x0060db6c
                                                                                                                              0x0060db71
                                                                                                                              0x0060db75
                                                                                                                              0x0060db7d
                                                                                                                              0x0060db88
                                                                                                                              0x0060db88
                                                                                                                              0x0060db75
                                                                                                                              0x0060db97
                                                                                                                              0x0060db9c
                                                                                                                              0x0060db9e
                                                                                                                              0x0060dba5
                                                                                                                              0x0060dba5
                                                                                                                              0x0060dbaa
                                                                                                                              0x0060dbac
                                                                                                                              0x0060dbaf
                                                                                                                              0x0060dbb2
                                                                                                                              0x0060dbbf
                                                                                                                              0x0060dbd1
                                                                                                                              0x0060d92b
                                                                                                                              0x0060d92e
                                                                                                                              0x0060d939
                                                                                                                              0x0060d949
                                                                                                                              0x0060d95c
                                                                                                                              0x0060d963
                                                                                                                              0x0060d964
                                                                                                                              0x0060d969
                                                                                                                              0x0060d96c
                                                                                                                              0x0060d971
                                                                                                                              0x0060d976
                                                                                                                              0x0060d97b
                                                                                                                              0x0060d97c
                                                                                                                              0x0060d981
                                                                                                                              0x0060d984
                                                                                                                              0x0060d996
                                                                                                                              0x0060d9b0
                                                                                                                              0x0060d9b9
                                                                                                                              0x0060d9c8
                                                                                                                              0x0060d9cb
                                                                                                                              0x0060d9cf
                                                                                                                              0x0060da24
                                                                                                                              0x0060d9d9
                                                                                                                              0x0060d9e6
                                                                                                                              0x0060d9eb
                                                                                                                              0x0060d9ef
                                                                                                                              0x0060da17
                                                                                                                              0x0060da1d
                                                                                                                              0x0060da22
                                                                                                                              0x0060da22
                                                                                                                              0x00000000
                                                                                                                              0x0060d9f1
                                                                                                                              0x0060d9f4
                                                                                                                              0x0060d9f8
                                                                                                                              0x00000000
                                                                                                                              0x0060d9fa
                                                                                                                              0x0060da07
                                                                                                                              0x0060da09
                                                                                                                              0x0060da11
                                                                                                                              0x0060da15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0060da0b
                                                                                                                              0x0060da0b
                                                                                                                              0x00000000
                                                                                                                              0x0060da0b
                                                                                                                              0x0060da09
                                                                                                                              0x0060d9f8
                                                                                                                              0x00000000
                                                                                                                              0x0060d9ef
                                                                                                                              0x0060da30
                                                                                                                              0x0060da34
                                                                                                                              0x0060da3e
                                                                                                                              0x0060da3e
                                                                                                                              0x0060da43
                                                                                                                              0x0060da47
                                                                                                                              0x0060da5e
                                                                                                                              0x0060da49
                                                                                                                              0x0060da4f
                                                                                                                              0x0060da4f
                                                                                                                              0x0060da63
                                                                                                                              0x0060da66
                                                                                                                              0x0060da71
                                                                                                                              0x0060da76
                                                                                                                              0x0060da81
                                                                                                                              0x0060da8c
                                                                                                                              0x0060da91
                                                                                                                              0x0060da93
                                                                                                                              0x0060da9b
                                                                                                                              0x0060da9b
                                                                                                                              0x0060dab8
                                                                                                                              0x0060daa8
                                                                                                                              0x0060dab3
                                                                                                                              0x0060dab3
                                                                                                                              0x0060dac6
                                                                                                                              0x0060dac9
                                                                                                                              0x0060dacc
                                                                                                                              0x0060dad4
                                                                                                                              0x0060dae1
                                                                                                                              0x0060dae1
                                                                                                                              0x0060d8b9
                                                                                                                              0x0060d8b9
                                                                                                                              0x0060d8bb
                                                                                                                              0x0060d8bd
                                                                                                                              0x0060d8be
                                                                                                                              0x00000000
                                                                                                                              0x0060d8c0
                                                                                                                              0x0060d8c0
                                                                                                                              0x0060d8c0
                                                                                                                              0x0060d8c4
                                                                                                                              0x0060d8c5
                                                                                                                              0x0060d8c6
                                                                                                                              0x0060d8c9
                                                                                                                              0x0060d8cc
                                                                                                                              0x0060d8d1
                                                                                                                              0x0060d8d9
                                                                                                                              0x0060d8e0
                                                                                                                              0x0060d8e1
                                                                                                                              0x0060d8e9
                                                                                                                              0x0060d8f2
                                                                                                                              0x0060d8fd
                                                                                                                              0x0060d906
                                                                                                                              0x0060d90e
                                                                                                                              0x0060d919
                                                                                                                              0x0060d919
                                                                                                                              0x0060d906
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0060D996
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                              • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                                                              • API String ID: 390214022-3304407042
                                                                                                                              • Opcode ID: 54c0690d377c0aa40a76e9721f4f194f07d693fb8b429abe9072076b17d8aa10
                                                                                                                              • Instruction ID: 9ccae61fee5444c96898e798bd08ad00ad1f0a42c005b5ee0ec7678d9f590d11
                                                                                                                              • Opcode Fuzzy Hash: 54c0690d377c0aa40a76e9721f4f194f07d693fb8b429abe9072076b17d8aa10
                                                                                                                              • Instruction Fuzzy Hash: 3E810974A44209AFDB04EBE5C882BDEBBB6EF88304F504669E400B73D1E775AE45CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00408E18 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E00408E18(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E004092D8(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040901C(_t71);
								_t57 =  *0x6cf8fc; // 0x6c76d4
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00408AF8( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                                                                              0x00408e1f
                                                                                                                              0x00408e21
                                                                                                                              0x00408e23
                                                                                                                              0x00408e26
                                                                                                                              0x00408e26
                                                                                                                              0x00408e2d
                                                                                                                              0x00408e34
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408e42
                                                                                                                              0x00408e49
                                                                                                                              0x00408ee1
                                                                                                                              0x00408ee1
                                                                                                                              0x00408ee1
                                                                                                                              0x00408ee5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408ef0
                                                                                                                              0x00408ef6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408ef8
                                                                                                                              0x00408ef8
                                                                                                                              0x00408efd
                                                                                                                              0x00408f03
                                                                                                                              0x00408f0a
                                                                                                                              0x00408f14
                                                                                                                              0x00408f19
                                                                                                                              0x00408f20
                                                                                                                              0x00408f27
                                                                                                                              0x00408f35
                                                                                                                              0x00408f43
                                                                                                                              0x00408f37
                                                                                                                              0x00408f3f
                                                                                                                              0x00408f3f
                                                                                                                              0x00408f35
                                                                                                                              0x00408f49
                                                                                                                              0x00408f6b
                                                                                                                              0x00408f74
                                                                                                                              0x00408f78
                                                                                                                              0x00408f7c
                                                                                                                              0x00000000
                                                                                                                              0x00408f4b
                                                                                                                              0x00408f4b
                                                                                                                              0x00408f50
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408f5c
                                                                                                                              0x00408f62
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408f64
                                                                                                                              0x00000000
                                                                                                                              0x00408f64
                                                                                                                              0x00408f4b
                                                                                                                              0x00408f81
                                                                                                                              0x00408f81
                                                                                                                              0x00408f90
                                                                                                                              0x00408f97
                                                                                                                              0x00408f9a
                                                                                                                              0x00408f9a
                                                                                                                              0x00000000
                                                                                                                              0x00408f90
                                                                                                                              0x00000000
                                                                                                                              0x00408ee1
                                                                                                                              0x00408e54
                                                                                                                              0x00408e5a
                                                                                                                              0x00408e60
                                                                                                                              0x00408ebc
                                                                                                                              0x00408ebf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408ec6
                                                                                                                              0x00408ece
                                                                                                                              0x00408ed4
                                                                                                                              0x00408edf
                                                                                                                              0x00000000
                                                                                                                              0x00408edf
                                                                                                                              0x00408ed6
                                                                                                                              0x00000000
                                                                                                                              0x00408ed6
                                                                                                                              0x00000000
                                                                                                                              0x00408e62
                                                                                                                              0x00408e65
                                                                                                                              0x00000000
                                                                                                                              0x00408e74
                                                                                                                              0x00408e74
                                                                                                                              0x00408e74
                                                                                                                              0x00000000
                                                                                                                              0x00408e7d
                                                                                                                              0x00408e80
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408e85
                                                                                                                              0x00408eae
                                                                                                                              0x00408eb2
                                                                                                                              0x00408eb7
                                                                                                                              0x00408eba
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408eba
                                                                                                                              0x00408e8e
                                                                                                                              0x00408e94
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408e9b
                                                                                                                              0x00408e9e
                                                                                                                              0x00408ea5
                                                                                                                              0x00000000
                                                                                                                              0x00408ea5
                                                                                                                              0x00408fa1
                                                                                                                              0x00408fac

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 004092D8: GetCurrentThreadId.KERNEL32 ref: 004092DB
                                                                                                                              • GetTickCount.KERNEL32 ref: 00408E4F
                                                                                                                              • GetTickCount.KERNEL32 ref: 00408E67
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00408E96
                                                                                                                              • GetTickCount.KERNEL32 ref: 00408EC1
                                                                                                                              • GetTickCount.KERNEL32 ref: 00408EF8
                                                                                                                              • GetTickCount.KERNEL32 ref: 00408F22
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00408F92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountTick$CurrentThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3968769311-0
                                                                                                                              • Opcode ID: 20bc9faa338205b9676b9ce63f6a6fc95d4e340ef3c4d15d54fbfb65282f0910
                                                                                                                              • Instruction ID: 216a2c916ba6e2f13aacbc2b486a5202febe2ca6ab096472d485461ede499aa8
                                                                                                                              • Opcode Fuzzy Hash: 20bc9faa338205b9676b9ce63f6a6fc95d4e340ef3c4d15d54fbfb65282f0910
                                                                                                                              • Instruction Fuzzy Hash: FD4171712087429ED721AF78CA4031FBAD2AF94354F15897EE4D9D72C2DB7C9881874A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006A5F04 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			E006A5F04(void* __eax, void* __edx, intOrPtr _a4076) {
				char _v4120;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t6;
				void* _t11;
				signed char _t14;
				void* _t22;
				intOrPtr* _t23;
				void* _t24;
				void* _t28;
				long _t30;
				void* _t31;
				void* _t32;
				void* _t33;

				_push(__eax);
				_t6 = 2;
				do {
					_t32 = _t32 + 0xfffff004;
					_push(_t6);
					_t6 = _t6 - 1;
				} while (_t6 != 0);
				_t33 = _t32 + 4;
				_t28 = __edx;
				_t29 = _a4076;
				_t23 = E00414020(_t22, _a4076, GetModuleHandleW(L"kernel32.dll"), L"GetFinalPathNameByHandleW");
				if(_t23 == 0) {
					L11:
					_t11 = E0040A5A8(_t28, _t29);
				} else {
					_t14 = GetFileAttributesW(E0040B278(_t29));
					if(_t14 == 0xffffffff) {
						goto L11;
					} else {
						if((_t14 & 0x00000010) == 0) {
							_t30 = 0;
							__eflags = 0;
						} else {
							_t30 = 0x2000000;
						}
						_t31 = CreateFileW(E0040B278(_t29), 0, 7, 0, 3, _t30, 0);
						if(_t31 == 0xffffffff) {
							goto L11;
						} else {
							_t24 =  *_t23(_t31,  &_v4120, 0x1000, 0);
							CloseHandle(_t31);
							if(_t24 <= 0) {
								goto L11;
							} else {
								_t41 = _t24 - 0xff0;
								if(_t24 >= 0xff0) {
									goto L11;
								} else {
									_t11 = E006A5E1C(_t33, _t24, _t28, _t29, _t41);
								}
							}
						}
					}
				}
				return _t11;
			}


















                                                                                                                              0x006a5f08
                                                                                                                              0x006a5f09
                                                                                                                              0x006a5f0e
                                                                                                                              0x006a5f0e
                                                                                                                              0x006a5f14
                                                                                                                              0x006a5f15
                                                                                                                              0x006a5f15
                                                                                                                              0x006a5f1f
                                                                                                                              0x006a5f22
                                                                                                                              0x006a5f24
                                                                                                                              0x006a5f3b
                                                                                                                              0x006a5f3f
                                                                                                                              0x006a5fad
                                                                                                                              0x006a5fb1
                                                                                                                              0x006a5f41
                                                                                                                              0x006a5f49
                                                                                                                              0x006a5f51
                                                                                                                              0x00000000
                                                                                                                              0x006a5f53
                                                                                                                              0x006a5f55
                                                                                                                              0x006a5f5e
                                                                                                                              0x006a5f5e
                                                                                                                              0x006a5f57
                                                                                                                              0x006a5f57
                                                                                                                              0x006a5f57
                                                                                                                              0x006a5f78
                                                                                                                              0x006a5f7d
                                                                                                                              0x00000000
                                                                                                                              0x006a5f7f
                                                                                                                              0x006a5f8e
                                                                                                                              0x006a5f91
                                                                                                                              0x006a5f98
                                                                                                                              0x00000000
                                                                                                                              0x006a5f9a
                                                                                                                              0x006a5f9a
                                                                                                                              0x006a5fa0
                                                                                                                              0x00000000
                                                                                                                              0x006a5fa2
                                                                                                                              0x006a5fa6
                                                                                                                              0x006a5fa6
                                                                                                                              0x006a5fa0
                                                                                                                              0x006a5f98
                                                                                                                              0x006a5f7d
                                                                                                                              0x006a5f51
                                                                                                                              0x006a5fc0

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F30
                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F49
                                                                                                                              • CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 006A5F73
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 006A5F91
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandle$AttributesCloseCreateModule
                                                                                                                              • String ID: GetFinalPathNameByHandleW$kernel32.dll
                                                                                                                              • API String ID: 791737717-340263132
                                                                                                                              • Opcode ID: 1a7b63f1906dbd113f8a1e59398a2e9f4dce123c181ed44d30ef61a697fdc8a3
                                                                                                                              • Instruction ID: 33e75e3eedf917459a19461fb92274fc6dcf6f547d9e1cd84d4496d1484fa6be
                                                                                                                              • Opcode Fuzzy Hash: 1a7b63f1906dbd113f8a1e59398a2e9f4dce123c181ed44d30ef61a697fdc8a3
                                                                                                                              • Instruction Fuzzy Hash: FD110860740B043FE530B17A5C8BFBB204E8B96769F14013ABB1ADA3C2E9799D410D9A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00408BB4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 36%
                                                                                                                              			E00408BB4(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00405324();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E00406F0C(_v16);
						_push(_t41);
						_push(E00408C62);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00405324();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E00408C69);
							return E00406F28(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E004099B8();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}












                                                                                                                              0x00408bb5
                                                                                                                              0x00408bb7
                                                                                                                              0x00408bbc
                                                                                                                              0x00408bd6
                                                                                                                              0x00408c69
                                                                                                                              0x00408c69
                                                                                                                              0x00000000
                                                                                                                              0x00408bdc
                                                                                                                              0x00408bdc
                                                                                                                              0x00408bdf
                                                                                                                              0x00408be0
                                                                                                                              0x00408be2
                                                                                                                              0x00408be9
                                                                                                                              0x00000000
                                                                                                                              0x00408bf5
                                                                                                                              0x00408bfd
                                                                                                                              0x00408c02
                                                                                                                              0x00408c03
                                                                                                                              0x00408c08
                                                                                                                              0x00408c0b
                                                                                                                              0x00408c11
                                                                                                                              0x00408c15
                                                                                                                              0x00408c16
                                                                                                                              0x00408c1b
                                                                                                                              0x00408c22
                                                                                                                              0x00408c4c
                                                                                                                              0x00408c4e
                                                                                                                              0x00408c51
                                                                                                                              0x00408c54
                                                                                                                              0x00408c61
                                                                                                                              0x00408c24
                                                                                                                              0x00408c24
                                                                                                                              0x00408c3f
                                                                                                                              0x00408c42
                                                                                                                              0x00408c4a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408c4a
                                                                                                                              0x00408c35
                                                                                                                              0x00408c38
                                                                                                                              0x00408c70
                                                                                                                              0x00408c76
                                                                                                                              0x00408c76
                                                                                                                              0x00408c22
                                                                                                                              0x00408be9
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00408BC9
                                                                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408BCF
                                                                                                                              • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 00408BEB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressErrorHandleLastModuleProc
                                                                                                                              • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                                                                              • API String ID: 4275029093-79381301
                                                                                                                              • Opcode ID: d2b5bb259a4a67909b9857f382d53dc443368d34a06db9e148c60c099e14fc22
                                                                                                                              • Instruction ID: fae384035c4cbf403bb6e842233c038de7d928fc1d1ef8a2a4529768a9174d83
                                                                                                                              • Opcode Fuzzy Hash: d2b5bb259a4a67909b9857f382d53dc443368d34a06db9e148c60c099e14fc22
                                                                                                                              • Instruction Fuzzy Hash: E4117570D05208AEEF10EBA5DA45A6EB7F4DB44704F1084BFE454B72C1DF7D8A548B29
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B8141 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E006B8141(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char* _t18;
				char* _t23;
				intOrPtr* _t25;
				intOrPtr _t29;
				intOrPtr _t32;
				void* _t34;
				intOrPtr _t42;
				intOrPtr _t44;
				void* _t45;
				void* _t48;

				if( *((char*)(_t48 - 0x21)) != 0) {
					_t18 =  *0x6cdfdc; // 0x6d62e4
					if( *_t18 != 0) {
						E00616130(L"Not restarting Windows because Uninstall is being run from the debugger.", __ebx, __edi, __esi);
					} else {
						E00616130(L"Restarting Windows.", __ebx, __edi, __esi);
						_t23 =  *0x6cdefc; // 0x6d6825
						 *_t23 = 1;
						if(E0060F6D8() == 0) {
							_t25 =  *0x6cdec4; // 0x6d579c
							SetForegroundWindow( *( *_t25 + 0x188));
							_push(1);
							_push(1);
							_t29 =  *0x6cded8; // 0x6d5c28
							_t3 = _t29 + 0x164; // 0x0
							_push(E0040B278( *_t3));
							_t32 =  *0x6cded8; // 0x6d5c28
							_t4 = _t32 + 0x15c; // 0x0
							_t34 = E0040B278( *_t4);
							_pop(_t45);
							E006AF190(_t34, __ebx, 0x30, _t45, __edi, __esi);
						}
					}
				}
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(E006B8200);
				E0040A1C8(_t48 - 0x48);
				E0040A228(_t48 - 0x3c, 5);
				_t44 =  *0x4012b8; // 0x4012bc
				E0040C024(_t48 - 0x20, 7, _t44);
				return E0040A1EC(_t48 - 4);
			}













                                                                                                                              0x006b8145
                                                                                                                              0x006b8147
                                                                                                                              0x006b814f
                                                                                                                              0x006b81b6
                                                                                                                              0x006b8151
                                                                                                                              0x006b8156
                                                                                                                              0x006b815b
                                                                                                                              0x006b8160
                                                                                                                              0x006b816a
                                                                                                                              0x006b816c
                                                                                                                              0x006b817a
                                                                                                                              0x006b817f
                                                                                                                              0x006b8181
                                                                                                                              0x006b8183
                                                                                                                              0x006b8188
                                                                                                                              0x006b8193
                                                                                                                              0x006b8194
                                                                                                                              0x006b8199
                                                                                                                              0x006b819f
                                                                                                                              0x006b81a9
                                                                                                                              0x006b81aa
                                                                                                                              0x006b81aa
                                                                                                                              0x006b816a
                                                                                                                              0x006b814f
                                                                                                                              0x006b81bd
                                                                                                                              0x006b81c0
                                                                                                                              0x006b81c3
                                                                                                                              0x006b81cb
                                                                                                                              0x006b81d8
                                                                                                                              0x006b81e5
                                                                                                                              0x006b81eb
                                                                                                                              0x006b81f8

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0060F6D8: GetCurrentProcess.KERNEL32(00000028), ref: 0060F6E8
                                                                                                                                • Part of subcall function 0060F6D8: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0060F6EE
                                                                                                                              • SetForegroundWindow.USER32(?), ref: 006B817A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Process$CurrentForegroundOpenTokenWindow
                                                                                                                              • String ID: %hm$(\m$Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.$bm
                                                                                                                              • API String ID: 3179053593-36556386
                                                                                                                              • Opcode ID: b7594902ceb65011b7cd408ddb31800c32ac1c1d22a90f0235b323c67c5cc1dc
                                                                                                                              • Instruction ID: d1bb377931262cf507ba46983c8bd46f5a1d5c2f393bef5d4bb5aec732555b7a
                                                                                                                              • Opcode Fuzzy Hash: b7594902ceb65011b7cd408ddb31800c32ac1c1d22a90f0235b323c67c5cc1dc
                                                                                                                              • Instruction Fuzzy Hash: 621130746042049FD700EB69DD86FE837EAAB49304F5540BAF401AB7A2CE79AC82C759
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409E60 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 43%
                                                                                                                              			E00409E60(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x6cf05c == 0) {
					if( *0x6c5036 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L0040529C();
					}
					return _t3;
				} else {
					if( *0x6cf348 == 0xd7b2 &&  *0x6cf350 > 0) {
						 *0x6cf360();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E0040AC70(0x409ef4);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                                                                              0x00409e68
                                                                                                                              0x00409ece
                                                                                                                              0x00409ed0
                                                                                                                              0x00409ed2
                                                                                                                              0x00409ed7
                                                                                                                              0x00409edc
                                                                                                                              0x00409ede
                                                                                                                              0x00409ede
                                                                                                                              0x00409ee4
                                                                                                                              0x00409e6a
                                                                                                                              0x00409e73
                                                                                                                              0x00409e83
                                                                                                                              0x00409e83
                                                                                                                              0x00409e9f
                                                                                                                              0x00409eb2
                                                                                                                              0x00409ec6
                                                                                                                              0x00409ec6

                                                                                                                              APIs
                                                                                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?,0040707B), ref: 00409E99
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?,0040A032,0040701B,00407062,?,?), ref: 00409E9F
                                                                                                                              • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?,?), ref: 00409EBA
                                                                                                                              • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00409F18,?,?), ref: 00409EC0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleWrite
                                                                                                                              • String ID: Error$Runtime error at 00000000
                                                                                                                              • API String ID: 3320372497-2970929446
                                                                                                                              • Opcode ID: a4deac2aa97ac97823855fef04cac89a22f23a0563f87e50a6800a30aeefe081
                                                                                                                              • Instruction ID: a01582976990e38fcf300ac2ca1e4f1bd102d55210953f65d1fcb3aa769fb624
                                                                                                                              • Opcode Fuzzy Hash: a4deac2aa97ac97823855fef04cac89a22f23a0563f87e50a6800a30aeefe081
                                                                                                                              • Instruction Fuzzy Hash: 52F04FA0A44780BAEB10B7A19C07F7B261AD741B28F10567FB214B91D3C6B85CC49AE9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0043171C Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E0043171C(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					L00430EC8(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L0042F04C();
					return L00430EC8(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L0042F628();
						_t123 = _t64;
						if(_t123 == 0) {
							E00430C20(_t110);
						}
						L00431164(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E00431694(_v788 - 1, _t125) != 0) {
								L0042F650();
								L00430EC8(_v792);
								L0042F650();
								L00430EC8( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004316C4(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L0042F630();
							L00430EC8(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L0042F638();
							L00430EC8(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                              0x0043171c
                                                                                                                              0x00431728
                                                                                                                              0x0043172e
                                                                                                                              0x00431734
                                                                                                                              0x00431744
                                                                                                                              0x0043174b
                                                                                                                              0x0043174b
                                                                                                                              0x00431756
                                                                                                                              0x00431764
                                                                                                                              0x004318ef
                                                                                                                              0x004318f6
                                                                                                                              0x004318f7
                                                                                                                              0x00000000
                                                                                                                              0x0043176a
                                                                                                                              0x0043176d
                                                                                                                              0x0043178b
                                                                                                                              0x0043176f
                                                                                                                              0x0043177a
                                                                                                                              0x0043177a
                                                                                                                              0x0043179a
                                                                                                                              0x004317a6
                                                                                                                              0x004317a9
                                                                                                                              0x00431816
                                                                                                                              0x0043181c
                                                                                                                              0x0043181d
                                                                                                                              0x00431823
                                                                                                                              0x00431824
                                                                                                                              0x00431826
                                                                                                                              0x0043182b
                                                                                                                              0x0043182f
                                                                                                                              0x00431831
                                                                                                                              0x00431831
                                                                                                                              0x0043183c
                                                                                                                              0x00431847
                                                                                                                              0x00431852
                                                                                                                              0x0043185b
                                                                                                                              0x0043185e
                                                                                                                              0x0043187a
                                                                                                                              0x00431881
                                                                                                                              0x0043188c
                                                                                                                              0x004318a3
                                                                                                                              0x004318a8
                                                                                                                              0x004318bc
                                                                                                                              0x004318c1
                                                                                                                              0x004318d4
                                                                                                                              0x004318d4
                                                                                                                              0x004318dd
                                                                                                                              0x00431860
                                                                                                                              0x00431860
                                                                                                                              0x00431861
                                                                                                                              0x00431867
                                                                                                                              0x0043186d
                                                                                                                              0x0043186f
                                                                                                                              0x00431871
                                                                                                                              0x00431874
                                                                                                                              0x00431877
                                                                                                                              0x00431877
                                                                                                                              0x0043187a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0043187a
                                                                                                                              0x004317ab
                                                                                                                              0x004317ab
                                                                                                                              0x004317ac
                                                                                                                              0x004317ae
                                                                                                                              0x004317b4
                                                                                                                              0x004317b6
                                                                                                                              0x004317c5
                                                                                                                              0x004317c6
                                                                                                                              0x004317d0
                                                                                                                              0x004317d1
                                                                                                                              0x004317d6
                                                                                                                              0x004317e1
                                                                                                                              0x004317e2
                                                                                                                              0x004317ec
                                                                                                                              0x004317ed
                                                                                                                              0x004317f2
                                                                                                                              0x0043180d
                                                                                                                              0x0043180f
                                                                                                                              0x00431810
                                                                                                                              0x00431813
                                                                                                                              0x00431813
                                                                                                                              0x00000000
                                                                                                                              0x004317b4
                                                                                                                              0x004317a9

                                                                                                                              APIs
                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004317D1
                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004317ED
                                                                                                                              • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00431826
                                                                                                                              • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004318A3
                                                                                                                              • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004318BC
                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 004318F7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 351091851-0
                                                                                                                              • Opcode ID: 42b276f5329fa6364f3f2d82a2a8c8de37ba444dafc2dda7b531c9a608bab9a1
                                                                                                                              • Instruction ID: ede279f2d9249a03c5eeb803d5e3445196a0ad83b08d93498a0369a0c14e8414
                                                                                                                              • Opcode Fuzzy Hash: 42b276f5329fa6364f3f2d82a2a8c8de37ba444dafc2dda7b531c9a608bab9a1
                                                                                                                              • Instruction Fuzzy Hash: 41512D75A002299FCB62DB59CD81BD9B3FCAF0C304F4455EAE508E7212D634AF858F58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006AE6F8 Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E006AE6F8(signed int __eax) {
				intOrPtr* _t14;
				signed int _t18;
				intOrPtr* _t19;
				intOrPtr* _t23;
				signed int _t26;
				long _t27;
				intOrPtr* _t29;
				intOrPtr* _t33;
				signed int _t37;
				intOrPtr* _t38;

				_t37 = __eax;
				 *0x6d6827 = __eax ^ 0x00000001;
				_t14 =  *0x6cdec4; // 0x6d579c
				_t18 = GetWindowLongW( *( *_t14 + 0x188), 0xffffffec) & 0xffffff00 | (_t17 & 0x00000080) == 0x00000000;
				if(_t37 != _t18) {
					_t19 =  *0x6cdec4; // 0x6d579c
					SetWindowPos( *( *_t19 + 0x188), 0, 0, 0, 0, 0, 0x97);
					_t23 =  *0x6cdec4; // 0x6d579c
					_t26 = GetWindowLongW( *( *_t23 + 0x188), 0xffffffec);
					if(_t37 == 0) {
						_t27 = _t26 | 0x00000080;
					} else {
						_t27 = _t26 & 0xffffff7f;
					}
					_t38 =  *0x6cdec4; // 0x6d579c
					SetWindowLongW( *( *_t38 + 0x188), 0xffffffec, _t27);
					if(_t37 == 0) {
						_t29 =  *0x6cdec4; // 0x6d579c
						return SetWindowPos( *( *_t29 + 0x188), 0, 0, 0, 0, 0, 0x57);
					} else {
						_t33 =  *0x6cdec4; // 0x6d579c
						return ShowWindow( *( *_t33 + 0x188), 5);
					}
				}
				return _t18;
			}













                                                                                                                              0x006ae6f9
                                                                                                                              0x006ae6ff
                                                                                                                              0x006ae704
                                                                                                                              0x006ae71b
                                                                                                                              0x006ae720
                                                                                                                              0x006ae735
                                                                                                                              0x006ae743
                                                                                                                              0x006ae748
                                                                                                                              0x006ae758
                                                                                                                              0x006ae75f
                                                                                                                              0x006ae768
                                                                                                                              0x006ae761
                                                                                                                              0x006ae761
                                                                                                                              0x006ae761
                                                                                                                              0x006ae76d
                                                                                                                              0x006ae77f
                                                                                                                              0x006ae786
                                                                                                                              0x006ae7ab
                                                                                                                              0x00000000
                                                                                                                              0x006ae788
                                                                                                                              0x006ae78a
                                                                                                                              0x00000000
                                                                                                                              0x006ae798
                                                                                                                              0x006ae786
                                                                                                                              0x006ae7bf

                                                                                                                              APIs
                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 006AE714
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,006B78BD,00000000,006B81F9), ref: 006AE743
                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 006AE758
                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 006AE77F
                                                                                                                              • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 006AE798
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 006AE7B9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Long$Show
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3609083571-0
                                                                                                                              • Opcode ID: 20e26916085c5e6554055c250da2d7273406bdd96b7cd9a8ba3bc571ba314315
                                                                                                                              • Instruction ID: c5f2d3f14be40374ea6ae40072baf741f42d7864aa45c80e1917733d0618a2ec
                                                                                                                              • Opcode Fuzzy Hash: 20e26916085c5e6554055c250da2d7273406bdd96b7cd9a8ba3bc571ba314315
                                                                                                                              • Instruction Fuzzy Hash: FC111C75745200AFD700EB68DD81FE237EAAB9E314F4541A5F6158F3E2CA65EC40DB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405A04 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E00405A04(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr* _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				intOrPtr* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				intOrPtr* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x6cf05d; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t121 = VirtualAlloc(0, _t156, 0x101000, 4);
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00405764();
								_t99 =  *0x6d1b84; // 0x6d1b80
								 *_t147 = 0x6d1b80;
								 *0x6d1b84 = _t121;
								 *((intOrPtr*)(_t147 + 4)) = _t99;
								 *_t99 = _t121;
								 *0x6d1b7c = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x6cfaec], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x6cf98d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x6cfafc + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x6cfaf8;
							if((0xfffffffe << _t132 &  *0x6cfaf8) == 0) {
								_t133 =  *0x6cfaf4; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E004056E8(_t125);
								} else {
									_t110 =  *0x6cfaf0; // 0x767fff0
									_t109 = _t110 - _t125;
									 *0x6cfaf0 = _t109;
									 *0x6cfaf4 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x6cfaec = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x6cfb7c + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x6cfafc + _t142 * 4;
								 *_t80 =  *(0x6cfafc + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x6cfaf8], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E0040561C(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x6cfaec = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x6cf994; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x6c5084 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x6cf98d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x6cf05d;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x6cfaec], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x6cf98d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x6cfaec], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x6cfaf8;
							__eflags =  *(__ebx + 1) &  *0x6cfaf8;
							if(( *(__ebx + 1) &  *0x6cfaf8) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x6cfaf4; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E004056E8(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x6cfaec = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x6cfaf0; // 0x767fff0
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x6cfaf4 =  *0x6cfaf4 - __edi;
									 *0x6cfaf0 = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x6cfafc + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x6cfafc + __eax * 4) + __eax * 8 * 4;
								__edi = 0x6cfb7c + ( *(0x6cfafc + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x6cfafc + __eax * 4;
									 *_t38 =  *(0x6cfafc + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x6cfaf8], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E0040561C(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x6cfaec = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x7680010
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}





























                                                                                                                              0x00405a04
                                                                                                                              0x00405a10
                                                                                                                              0x00405a16
                                                                                                                              0x00405c64
                                                                                                                              0x00405c69
                                                                                                                              0x00405d7c
                                                                                                                              0x00405d7d
                                                                                                                              0x00405d7f
                                                                                                                              0x004057b0
                                                                                                                              0x004057b4
                                                                                                                              0x004057b6
                                                                                                                              0x004057c0
                                                                                                                              0x004057d5
                                                                                                                              0x004057d9
                                                                                                                              0x004057db
                                                                                                                              0x004057dd
                                                                                                                              0x004057e3
                                                                                                                              0x004057e6
                                                                                                                              0x004057eb
                                                                                                                              0x004057f0
                                                                                                                              0x004057f6
                                                                                                                              0x004057fc
                                                                                                                              0x004057ff
                                                                                                                              0x00405801
                                                                                                                              0x00405808
                                                                                                                              0x00405808
                                                                                                                              0x00405811
                                                                                                                              0x00405d85
                                                                                                                              0x00405d85
                                                                                                                              0x00405d87
                                                                                                                              0x00405d87
                                                                                                                              0x00405c6f
                                                                                                                              0x00405c6f
                                                                                                                              0x00405c7b
                                                                                                                              0x00405c7e
                                                                                                                              0x00405c80
                                                                                                                              0x00405c28
                                                                                                                              0x00405c2d
                                                                                                                              0x00405c35
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405c37
                                                                                                                              0x00405c39
                                                                                                                              0x00405c40
                                                                                                                              0x00000000
                                                                                                                              0x00405c42
                                                                                                                              0x00405c44
                                                                                                                              0x00405c4e
                                                                                                                              0x00405c56
                                                                                                                              0x00405c5a
                                                                                                                              0x00000000
                                                                                                                              0x00405c5a
                                                                                                                              0x00405c56
                                                                                                                              0x00000000
                                                                                                                              0x00405c40
                                                                                                                              0x00405c28
                                                                                                                              0x00405c82
                                                                                                                              0x00405c82
                                                                                                                              0x00405c82
                                                                                                                              0x00405c8a
                                                                                                                              0x00405c8d
                                                                                                                              0x00405c97
                                                                                                                              0x00405c97
                                                                                                                              0x00405c9e
                                                                                                                              0x00405cb1
                                                                                                                              0x00405cb5
                                                                                                                              0x00405cbb
                                                                                                                              0x00405cd4
                                                                                                                              0x00405cda
                                                                                                                              0x00405cda
                                                                                                                              0x00405cdc
                                                                                                                              0x00405cfa
                                                                                                                              0x00405cde
                                                                                                                              0x00405cde
                                                                                                                              0x00405ce3
                                                                                                                              0x00405ce5
                                                                                                                              0x00405cea
                                                                                                                              0x00405cf3
                                                                                                                              0x00405cf3
                                                                                                                              0x00405cff
                                                                                                                              0x00405d07
                                                                                                                              0x00405cbd
                                                                                                                              0x00405cbd
                                                                                                                              0x00405cc7
                                                                                                                              0x00405ccf
                                                                                                                              0x00000000
                                                                                                                              0x00405ccf
                                                                                                                              0x00405ca0
                                                                                                                              0x00405ca3
                                                                                                                              0x00405ca6
                                                                                                                              0x00405d08
                                                                                                                              0x00405d08
                                                                                                                              0x00405d09
                                                                                                                              0x00405d0a
                                                                                                                              0x00405d11
                                                                                                                              0x00405d14
                                                                                                                              0x00405d17
                                                                                                                              0x00405d1a
                                                                                                                              0x00405d1c
                                                                                                                              0x00405d1e
                                                                                                                              0x00405d25
                                                                                                                              0x00405d27
                                                                                                                              0x00405d27
                                                                                                                              0x00405d27
                                                                                                                              0x00405d2e
                                                                                                                              0x00405d30
                                                                                                                              0x00405d30
                                                                                                                              0x00405d2e
                                                                                                                              0x00405d3c
                                                                                                                              0x00405d41
                                                                                                                              0x00405d41
                                                                                                                              0x00405d43
                                                                                                                              0x00405d64
                                                                                                                              0x00405d64
                                                                                                                              0x00405d64
                                                                                                                              0x00405d45
                                                                                                                              0x00405d45
                                                                                                                              0x00405d4b
                                                                                                                              0x00405d4e
                                                                                                                              0x00405d52
                                                                                                                              0x00405d58
                                                                                                                              0x00405d5a
                                                                                                                              0x00405d5a
                                                                                                                              0x00405d58
                                                                                                                              0x00405d69
                                                                                                                              0x00405d6c
                                                                                                                              0x00405d6f
                                                                                                                              0x00405d7b
                                                                                                                              0x00405d7b
                                                                                                                              0x00405c9e
                                                                                                                              0x00405a1c
                                                                                                                              0x00405a1c
                                                                                                                              0x00405a1e
                                                                                                                              0x00405a1e
                                                                                                                              0x00405a25
                                                                                                                              0x00405a2c
                                                                                                                              0x00405a84
                                                                                                                              0x00405a84
                                                                                                                              0x00405a89
                                                                                                                              0x00405a8d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405a8f
                                                                                                                              0x00405a8f
                                                                                                                              0x00405a92
                                                                                                                              0x00405a97
                                                                                                                              0x00405a9b
                                                                                                                              0x00405a9d
                                                                                                                              0x00405a9d
                                                                                                                              0x00405aa0
                                                                                                                              0x00405aa5
                                                                                                                              0x00405aa9
                                                                                                                              0x00405aab
                                                                                                                              0x00405aae
                                                                                                                              0x00405ab0
                                                                                                                              0x00405ab7
                                                                                                                              0x00000000
                                                                                                                              0x00405ab9
                                                                                                                              0x00405abb
                                                                                                                              0x00405ac0
                                                                                                                              0x00405ac5
                                                                                                                              0x00405ac9
                                                                                                                              0x00405ad1
                                                                                                                              0x00000000
                                                                                                                              0x00405ad1
                                                                                                                              0x00405ac9
                                                                                                                              0x00405ab7
                                                                                                                              0x00405aa9
                                                                                                                              0x00000000
                                                                                                                              0x00405a9b
                                                                                                                              0x00405a84
                                                                                                                              0x00405a2e
                                                                                                                              0x00405a2e
                                                                                                                              0x00405a31
                                                                                                                              0x00405a34
                                                                                                                              0x00405a39
                                                                                                                              0x00405a3b
                                                                                                                              0x00405a54
                                                                                                                              0x00405a57
                                                                                                                              0x00405a5b
                                                                                                                              0x00405a5d
                                                                                                                              0x00405a60
                                                                                                                              0x00405ad8
                                                                                                                              0x00405ad9
                                                                                                                              0x00405ada
                                                                                                                              0x00405ae1
                                                                                                                              0x00405ae3
                                                                                                                              0x00405ae3
                                                                                                                              0x00405ae8
                                                                                                                              0x00405af0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00405af2
                                                                                                                              0x00405af4
                                                                                                                              0x00405afb
                                                                                                                              0x00000000
                                                                                                                              0x00405afd
                                                                                                                              0x00405aff
                                                                                                                              0x00405b04
                                                                                                                              0x00405b09
                                                                                                                              0x00405b11
                                                                                                                              0x00405b15
                                                                                                                              0x00000000
                                                                                                                              0x00405b15
                                                                                                                              0x00405b11
                                                                                                                              0x00000000
                                                                                                                              0x00405afb
                                                                                                                              0x00405ae3
                                                                                                                              0x00405b1c
                                                                                                                              0x00405b20
                                                                                                                              0x00405b20
                                                                                                                              0x00405b26
                                                                                                                              0x00405b98
                                                                                                                              0x00405b9c
                                                                                                                              0x00405ba2
                                                                                                                              0x00405ba4
                                                                                                                              0x00405bcc
                                                                                                                              0x00405bd0
                                                                                                                              0x00405bd2
                                                                                                                              0x00405bd7
                                                                                                                              0x00405bd9
                                                                                                                              0x00405bdb
                                                                                                                              0x00000000
                                                                                                                              0x00405bdd
                                                                                                                              0x00405bdd
                                                                                                                              0x00405be2
                                                                                                                              0x00405be4
                                                                                                                              0x00405be5
                                                                                                                              0x00405be6
                                                                                                                              0x00405be7
                                                                                                                              0x00405be7
                                                                                                                              0x00405ba6
                                                                                                                              0x00405ba6
                                                                                                                              0x00405bac
                                                                                                                              0x00405bb0
                                                                                                                              0x00405bb6
                                                                                                                              0x00405bb8
                                                                                                                              0x00405bba
                                                                                                                              0x00405bba
                                                                                                                              0x00405bbc
                                                                                                                              0x00405bbe
                                                                                                                              0x00405bc4
                                                                                                                              0x00000000
                                                                                                                              0x00405bc4
                                                                                                                              0x00405b28
                                                                                                                              0x00405b28
                                                                                                                              0x00405b2b
                                                                                                                              0x00405b32
                                                                                                                              0x00405b39
                                                                                                                              0x00405b3c
                                                                                                                              0x00405b3f
                                                                                                                              0x00405b46
                                                                                                                              0x00405b49
                                                                                                                              0x00405b4c
                                                                                                                              0x00405b4f
                                                                                                                              0x00405b51
                                                                                                                              0x00405b53
                                                                                                                              0x00405b55
                                                                                                                              0x00405b5a
                                                                                                                              0x00405b5c
                                                                                                                              0x00405b5c
                                                                                                                              0x00405b5c
                                                                                                                              0x00405b63
                                                                                                                              0x00405b65
                                                                                                                              0x00405b65
                                                                                                                              0x00405b63
                                                                                                                              0x00405b6c
                                                                                                                              0x00405b71
                                                                                                                              0x00405b74
                                                                                                                              0x00405b7a
                                                                                                                              0x00405be8
                                                                                                                              0x00405be8
                                                                                                                              0x00405be8
                                                                                                                              0x00405b7c
                                                                                                                              0x00405b7c
                                                                                                                              0x00405b7e
                                                                                                                              0x00405b82
                                                                                                                              0x00405b84
                                                                                                                              0x00405b87
                                                                                                                              0x00405b8a
                                                                                                                              0x00405b8d
                                                                                                                              0x00405b91
                                                                                                                              0x00405b91
                                                                                                                              0x00405bed
                                                                                                                              0x00405bed
                                                                                                                              0x00405bed
                                                                                                                              0x00405bf0
                                                                                                                              0x00405bf3
                                                                                                                              0x00405bf5
                                                                                                                              0x00405bfa
                                                                                                                              0x00405bfc
                                                                                                                              0x00405bff
                                                                                                                              0x00405c06
                                                                                                                              0x00405c09
                                                                                                                              0x00405c09
                                                                                                                              0x00405c0c
                                                                                                                              0x00405c10
                                                                                                                              0x00405c13
                                                                                                                              0x00405c16
                                                                                                                              0x00405c18
                                                                                                                              0x00405c18
                                                                                                                              0x00405c1a
                                                                                                                              0x00405c1d
                                                                                                                              0x00405c20
                                                                                                                              0x00405c23
                                                                                                                              0x00405c24
                                                                                                                              0x00405c25
                                                                                                                              0x00405c26
                                                                                                                              0x00405c26
                                                                                                                              0x00405a62
                                                                                                                              0x00405a62
                                                                                                                              0x00405a62
                                                                                                                              0x00405a62
                                                                                                                              0x00405a66
                                                                                                                              0x00405a69
                                                                                                                              0x00405a6c
                                                                                                                              0x00405a6f
                                                                                                                              0x00405a70
                                                                                                                              0x00405a70
                                                                                                                              0x00405a3d
                                                                                                                              0x00405a3d
                                                                                                                              0x00405a41
                                                                                                                              0x00405a41
                                                                                                                              0x00405a44
                                                                                                                              0x00405a47
                                                                                                                              0x00405a4a
                                                                                                                              0x00405a74
                                                                                                                              0x00405a77
                                                                                                                              0x00405a7a
                                                                                                                              0x00405a7d
                                                                                                                              0x00405a80
                                                                                                                              0x00405a81
                                                                                                                              0x00405a4c
                                                                                                                              0x00405a4c
                                                                                                                              0x00405a4f
                                                                                                                              0x00405a50
                                                                                                                              0x00405a50
                                                                                                                              0x00405a4a
                                                                                                                              0x00405a3b

                                                                                                                              APIs
                                                                                                                              • Sleep.KERNEL32(00000000,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405ABB
                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405AD1
                                                                                                                              • Sleep.KERNEL32(00000000,00000000,?,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405AFF
                                                                                                                              • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,004062A4,00000000,0040F3A7,00000000,0040F8B5,00000000,0040FB77,00000000,0040FBAD), ref: 00405B15
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3472027048-0
                                                                                                                              • Opcode ID: d5c76b6411e5b1297fee21c622a9732816c4700a6e5391fd7fe9993b0e9394e2
                                                                                                                              • Instruction ID: 7a051e160dd760b70f5de690832b1da94a718f6c47d0b95a7d4eebd5f387ad29
                                                                                                                              • Opcode Fuzzy Hash: d5c76b6411e5b1297fee21c622a9732816c4700a6e5391fd7fe9993b0e9394e2
                                                                                                                              • Instruction Fuzzy Hash: BCC1F272601B118BDB15CF69E884B27BBA2EB85310F18827FD4599F3D5C7B4A841CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060D3B4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 39%
                                                                                                                              			E0060D3B4(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void* _t60;
				signed int _t63;
				intOrPtr _t77;
				void* _t83;
				intOrPtr _t86;

				_t64 = 0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v16 = __edx;
				_v8 = __eax;
				E0040A2AC(_v8);
				_push(_t86);
				_push(0x60d4f1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t86;
				E005C4EA4(_v8,  &_v24);
				E0040A5F0( &_v8, _v24);
				_t83 = 0x123456;
				_t63 = 0;
				_v17 = 0;
				do {
					_t83 = _t83 + 1;
					if(_t83 > 0x1ffffff) {
						_t83 = 0;
					}
					_t90 = 0x123456 - _t83;
					if(0x123456 == _t83) {
						_t9 =  &_v32; // 0x6b7447
						E005C567C(_v8, _t64, _t9, _t90);
						_t11 =  &_v32; // 0x6b7447
						E005CD508(0x5a,  &_v28,  *_t11);
						_t64 = _v28;
						E00429008(_v28, 1);
						E004098C4();
					}
					_push(_v8);
					_push("_iu");
					E0060D21C(_t83, _t63,  &_v36, 0x123456, _t83);
					_push(_v36);
					_push(L".tmp");
					E0040B550( &_v12, _t63, 4, 0x123456, _t83);
					if(E005C6880(_t90) == 0) {
						_t63 = 1;
						_v17 = E005C685C(_v12);
						if(_v17 != 0) {
							_t60 = CreateFileW(E0040B278(_v12), 0xc0000000, 0, 0, 2, 0x80, 0);
							_t63 = 0 | _t60 != 0xffffffff;
							if(1 != 0) {
								CloseHandle(_t60);
							}
						}
					}
				} while (_t63 == 0);
				E0040A5A8(_v16, _v12);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_push(E0060D4F8);
				E0040A228( &_v36, 4);
				return E0040A228( &_v12, 2);
			}
















                                                                                                                              0x0060d3b7
                                                                                                                              0x0060d3b9
                                                                                                                              0x0060d3ba
                                                                                                                              0x0060d3bb
                                                                                                                              0x0060d3bc
                                                                                                                              0x0060d3bd
                                                                                                                              0x0060d3be
                                                                                                                              0x0060d3bf
                                                                                                                              0x0060d3c0
                                                                                                                              0x0060d3c4
                                                                                                                              0x0060d3c7
                                                                                                                              0x0060d3cd
                                                                                                                              0x0060d3d4
                                                                                                                              0x0060d3d5
                                                                                                                              0x0060d3da
                                                                                                                              0x0060d3dd
                                                                                                                              0x0060d3e6
                                                                                                                              0x0060d3f1
                                                                                                                              0x0060d3fb
                                                                                                                              0x0060d3fd
                                                                                                                              0x0060d3ff
                                                                                                                              0x0060d403
                                                                                                                              0x0060d403
                                                                                                                              0x0060d40a
                                                                                                                              0x0060d40c
                                                                                                                              0x0060d40c
                                                                                                                              0x0060d40e
                                                                                                                              0x0060d410
                                                                                                                              0x0060d412
                                                                                                                              0x0060d418
                                                                                                                              0x0060d41d
                                                                                                                              0x0060d427
                                                                                                                              0x0060d42c
                                                                                                                              0x0060d436
                                                                                                                              0x0060d43b
                                                                                                                              0x0060d43b
                                                                                                                              0x0060d440
                                                                                                                              0x0060d443
                                                                                                                              0x0060d44d
                                                                                                                              0x0060d452
                                                                                                                              0x0060d455
                                                                                                                              0x0060d462
                                                                                                                              0x0060d471
                                                                                                                              0x0060d473
                                                                                                                              0x0060d47d
                                                                                                                              0x0060d484
                                                                                                                              0x0060d4a1
                                                                                                                              0x0060d4a9
                                                                                                                              0x0060d4ae
                                                                                                                              0x0060d4b1
                                                                                                                              0x0060d4b1
                                                                                                                              0x0060d4ae
                                                                                                                              0x0060d484
                                                                                                                              0x0060d4b6
                                                                                                                              0x0060d4c4
                                                                                                                              0x0060d4cb
                                                                                                                              0x0060d4ce
                                                                                                                              0x0060d4d1
                                                                                                                              0x0060d4de
                                                                                                                              0x0060d4f0

                                                                                                                              APIs
                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4A1
                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,0060D4F1), ref: 0060D4B1
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateFileHandle
                                                                                                                              • String ID: .tmp$Gtk$_iu
                                                                                                                              • API String ID: 3498533004-1320520068
                                                                                                                              • Opcode ID: e8f0821bb612ef552b3c35d58cacd3479ba9379998e08d4d64206938cdf8a038
                                                                                                                              • Instruction ID: 38fd5bd3aef28e796ac18a57f9f91bd27b67d48edde35eb58a18837c564f9665
                                                                                                                              • Opcode Fuzzy Hash: e8f0821bb612ef552b3c35d58cacd3479ba9379998e08d4d64206938cdf8a038
                                                                                                                              • Instruction Fuzzy Hash: 73319030E80209ABDB14EBE4C842BDEBBB5AF54308F118169E904B73D1D738AE458B55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B8998 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 102COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E006B8998(char __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v40;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr _t44;
				intOrPtr _t48;
				intOrPtr _t61;
				intOrPtr _t66;
				intOrPtr _t92;
				void* _t96;
				void* _t97;
				void* _t98;
				intOrPtr _t99;

				_t100 = __eflags;
				_t95 = __esi;
				_t94 = __edi;
				_t68 = __ebx;
				_t97 = _t98;
				_t99 = _t98 + 0xffffffdc;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				 *[fs:eax] = _t99;
				_t27 =  *0x6cdec4; // 0x6d579c
				E005B8250( *_t27, L"Uninstall", __eflags);
				_t30 =  *0x6cdec4; // 0x6d579c
				ShowWindow( *( *_t30 + 0x188), 5);
				 *[fs:edx] = _t99;
				E006AF824();
				E005C745C( &_v20);
				E00424020(_v20);
				E005C6FB0(0, __ebx,  &_v24, __edi, __esi);
				E0040A5A8(0x6d68d0, _v24);
				E006B6C80(__ebx, __edi, __esi, _t100);
				_t44 =  *0x6d68d0; // 0x0
				E005C4F90(_t44, _t68,  &_v28, L".dat", _t94, _t95);
				E0040A5A8(0x6d68d4, _v28);
				_t48 =  *0x6d68d0; // 0x0
				E005C4F90(_t48, _t68,  &_v32, L".msg", _t94, _t95);
				E0040A5A8(0x6d68d8, _v32);
				_v8 = E005CBFB8(1, 1, 0, 2);
				 *[fs:eax] = _t99;
				 *((intOrPtr*)( *_v8 + 4))( *[fs:eax], 0x6b8af0, _t97,  *[fs:edx], 0x6b8c15, _t97,  *[fs:eax], 0x6b8c4e, _t97, __edi, __esi, __ebx, _t96);
				E005CBF78(_v8, _v40 - 8);
				E005CBF50(_v8, 8,  &_v16);
				if(_v16 == 0x67734d49) {
					_t61 =  *0x6d68d0; // 0x0
					E005CD6BC(_t61, _t68, 1, _v12, _t94, _t95);
				} else {
					_t66 =  *0x6d68d8; // 0x0
					E005CD6BC(_t66, _t68, 1, 0, _t94, _t95);
				}
				_pop(_t92);
				 *[fs:eax] = _t92;
				_push(E006B8AF7);
				return E00408444(_v8);
			}






















                                                                                                                              0x006b8998
                                                                                                                              0x006b8998
                                                                                                                              0x006b8998
                                                                                                                              0x006b8998
                                                                                                                              0x006b8999
                                                                                                                              0x006b899b
                                                                                                                              0x006b89a3
                                                                                                                              0x006b89a6
                                                                                                                              0x006b89a9
                                                                                                                              0x006b89ac
                                                                                                                              0x006b89ba
                                                                                                                              0x006b89bd
                                                                                                                              0x006b89c9
                                                                                                                              0x006b89d0
                                                                                                                              0x006b89de
                                                                                                                              0x006b89ee
                                                                                                                              0x006b89f1
                                                                                                                              0x006b89f9
                                                                                                                              0x006b8a01
                                                                                                                              0x006b8a0b
                                                                                                                              0x006b8a18
                                                                                                                              0x006b8a1d
                                                                                                                              0x006b8a2a
                                                                                                                              0x006b8a2f
                                                                                                                              0x006b8a3c
                                                                                                                              0x006b8a49
                                                                                                                              0x006b8a4e
                                                                                                                              0x006b8a5b
                                                                                                                              0x006b8a78
                                                                                                                              0x006b8a86
                                                                                                                              0x006b8a91
                                                                                                                              0x006b8a9d
                                                                                                                              0x006b8aad
                                                                                                                              0x006b8ab9
                                                                                                                              0x006b8ad0
                                                                                                                              0x006b8ad5
                                                                                                                              0x006b8abb
                                                                                                                              0x006b8abf
                                                                                                                              0x006b8ac4
                                                                                                                              0x006b8ac4
                                                                                                                              0x006b8adc
                                                                                                                              0x006b8adf
                                                                                                                              0x006b8ae2
                                                                                                                              0x006b8aef

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005B8250: SetWindowTextW.USER32(?,00000000), ref: 005B8281
                                                                                                                              • ShowWindow.USER32(?,00000005,00000000,006B8C4E,?,?,00000000), ref: 006B89DE
                                                                                                                                • Part of subcall function 005C745C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C746F
                                                                                                                                • Part of subcall function 00424020: SetCurrentDirectoryW.KERNEL32(00000000,?,006B8A06,00000000,006B8C15,?,?,00000005,00000000,006B8C4E,?,?,00000000), ref: 0042402B
                                                                                                                                • Part of subcall function 005C6FB0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,005C7045,?,?,?,00000001,?,0061037E,00000000,006103E9), ref: 005C6FE5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                                                              • String ID: .dat$.msg$IMsg$Uninstall
                                                                                                                              • API String ID: 3312786188-1660910688
                                                                                                                              • Opcode ID: f3279caf476708547096f2985ea174fc674a0b957c50a9dc1f64524f0346753e
                                                                                                                              • Instruction ID: 43941ce92546cf1f75effb4615d96ab71b8b1f254b2d248514a95b56d5af6042
                                                                                                                              • Opcode Fuzzy Hash: f3279caf476708547096f2985ea174fc674a0b957c50a9dc1f64524f0346753e
                                                                                                                              • Instruction Fuzzy Hash: 65415CB0A002059FC700EFA4CD96E9EBBB6FB88304F51846AF400A7751DB75AE41DFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006153AC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 94%
                                                                                                                              			E006153AC(struct HWND__* __eax, signed char __edx, void* __ebp) {
				char _v16;
				signed char _v20;
				char _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t8;
				struct HWND__* _t14;
				void* _t21;
				intOrPtr* _t22;
				struct HWND__* _t28;
				void* _t29;
				signed char* _t31;

				_t31 =  &_v20;
				 *_t31 = __edx;
				_t28 = __eax;
				_t21 = SendMessageW(__eax, 0xb06, 0, 0);
				if(_t21 != 0x6020000) {
					_v28 = _t21;
					_v24 = 0;
					_v20 = 0x6020000;
					_v16 = 0;
					_t23 = L"Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)";
					E00429044(_t21, L"Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)", 1, 0x6d62f8, _t28, 1,  &_v28);
					E004098C4();
				}
				 *0x6d62e4 = 1;
				 *0x6d62f4 = _t28;
				_t8 =  *0x615310; // 0x615368
				 *0x6d62f8 = E004785F8(E006158C4, _t8);
				if( *0x6d62f8 == 0) {
					E0060CD28(L"Failed to create DebugClientWnd", _t21);
				}
				_t29 = 4;
				_t22 =  *0x6cdb54; // 0x6cceb4
				do {
					E005C86E0( *0x6d62f8, _t23,  *_t22);
					_t22 = _t22 + 4;
					_t29 = _t29 - 1;
				} while (_t29 != 0);
				_t14 =  *0x6d62f4; // 0x0
				return SendMessageW(_t14, 0xb00,  *0x6d62f8,  *_t31 & 0x000000ff);
			}

















                                                                                                                              0x006153af
                                                                                                                              0x006153b2
                                                                                                                              0x006153b5
                                                                                                                              0x006153cb
                                                                                                                              0x006153d3
                                                                                                                              0x006153d5
                                                                                                                              0x006153d9
                                                                                                                              0x006153de
                                                                                                                              0x006153e6
                                                                                                                              0x006153f2
                                                                                                                              0x006153fe
                                                                                                                              0x00615403
                                                                                                                              0x00615403
                                                                                                                              0x00615408
                                                                                                                              0x0061540f
                                                                                                                              0x00615415
                                                                                                                              0x00615425
                                                                                                                              0x0061542a
                                                                                                                              0x00615431
                                                                                                                              0x00615431
                                                                                                                              0x00615436
                                                                                                                              0x0061543b
                                                                                                                              0x00615441
                                                                                                                              0x00615445
                                                                                                                              0x0061544a
                                                                                                                              0x0061544d
                                                                                                                              0x0061544d
                                                                                                                              0x0061545d
                                                                                                                              0x0061546e

                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(00000000,00000B06,00000000,00000000), ref: 006153C6
                                                                                                                              • SendMessageW.USER32(00000000,00000B00,00000000,00000000), ref: 00615463
                                                                                                                              Strings
                                                                                                                              • hSa, xrefs: 00615415
                                                                                                                              • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 006153F2
                                                                                                                              • Failed to create DebugClientWnd, xrefs: 0061542C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd$hSa
                                                                                                                              • API String ID: 3850602802-2905362044
                                                                                                                              • Opcode ID: 42b18b86f9387a328fd4277723ad0e260bb2a90527b2c333a88cd2e0ea48bd38
                                                                                                                              • Instruction ID: bd2b79d17f40968884fe1c372ced24de8c60c917dea0cb25488337d16b2a65e4
                                                                                                                              • Opcode Fuzzy Hash: 42b18b86f9387a328fd4277723ad0e260bb2a90527b2c333a88cd2e0ea48bd38
                                                                                                                              • Instruction Fuzzy Hash: 391123B1A403129FE300EB28DC81FDABBD69F94304F08002AF5858B3D2D3749C84C766
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00624AA4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 63%
                                                                                                                              			E00624AA4(HANDLE* __eax) {
				HANDLE* _v8;
				long _v12;
				intOrPtr* _t7;
				long _t11;
				intOrPtr _t27;
				void* _t30;

				_v8 = __eax;
				_push(_t30);
				_push(0x624b25);
				_push( *[fs:edx]);
				 *[fs:edx] = _t30 + 0xfffffff8;
				do {
					_t7 =  *0x6cdec4; // 0x6d579c
					E005B8704( *_t7);
					_t11 = MsgWaitForMultipleObjects(1, _v8, 0, 0xffffffff, 0x4ff);
				} while (_t11 == 1);
				if(_t11 == 0xffffffff) {
					E0060CE84(L"MsgWaitForMultipleObjects");
				}
				if(GetExitCodeProcess( *_v8,  &_v12) == 0) {
					E0060CE84(L"GetExitCodeProcess");
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(E00624B2C);
				return CloseHandle( *_v8);
			}









                                                                                                                              0x00624aaa
                                                                                                                              0x00624aaf
                                                                                                                              0x00624ab0
                                                                                                                              0x00624ab5
                                                                                                                              0x00624ab8
                                                                                                                              0x00624abb
                                                                                                                              0x00624abb
                                                                                                                              0x00624ac2
                                                                                                                              0x00624ad6
                                                                                                                              0x00624adb
                                                                                                                              0x00624ae3
                                                                                                                              0x00624aea
                                                                                                                              0x00624aea
                                                                                                                              0x00624b00
                                                                                                                              0x00624b07
                                                                                                                              0x00624b07
                                                                                                                              0x00624b0e
                                                                                                                              0x00624b11
                                                                                                                              0x00624b14
                                                                                                                              0x00624b24

                                                                                                                              APIs
                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 00624AD6
                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 00624AF9
                                                                                                                              • CloseHandle.KERNEL32(?,00624B2C,00000001,00000000,000000FF,000004FF,00000000,00624B25), ref: 00624B1F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                                                              • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                                                              • API String ID: 2573145106-3235461205
                                                                                                                              • Opcode ID: 5a47b888b64c9d71a21df3ce652ab4a6790a840d61fbcb63caf85f52caaf36c3
                                                                                                                              • Instruction ID: b445045a4a45572890d55b61ba1fda7f57045845c9b5a3357f52015174d7dfc9
                                                                                                                              • Opcode Fuzzy Hash: 5a47b888b64c9d71a21df3ce652ab4a6790a840d61fbcb63caf85f52caaf36c3
                                                                                                                              • Instruction Fuzzy Hash: CE01A234640605AFD710EFA8ED62E9977EAEB49721F200265F520D73D0DE74ED44CA19
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004070B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004070B0(signed int __eax, void* __edx) {
				short _v530;
				short _v1052;
				short _v1056;
				short _v1058;
				signed int _t20;
				void* _t24;
				WCHAR* _t25;

				_t25 =  &_v1052;
				_t24 = __edx;
				_t20 = __eax;
				if(__eax != 0) {
					 *_t25 = (__eax & 0x000000ff) + 0x41 - 1;
					_v1058 = 0x3a;
					_v1056 = 0;
					GetCurrentDirectoryW(0x105,  &_v530);
					SetCurrentDirectoryW(_t25);
				}
				GetCurrentDirectoryW(0x105,  &_v1052);
				if(_t20 != 0) {
					SetCurrentDirectoryW( &_v530);
				}
				return E0040B318(_t24, 0x105,  &_v1052);
			}










                                                                                                                              0x004070b2
                                                                                                                              0x004070b8
                                                                                                                              0x004070ba
                                                                                                                              0x004070be
                                                                                                                              0x004070c8
                                                                                                                              0x004070cc
                                                                                                                              0x004070d3
                                                                                                                              0x004070e7
                                                                                                                              0x004070ed
                                                                                                                              0x004070ed
                                                                                                                              0x004070fc
                                                                                                                              0x00407103
                                                                                                                              0x0040710d
                                                                                                                              0x0040710d
                                                                                                                              0x0040712a

                                                                                                                              APIs
                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 004070E7
                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 004070ED
                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 004070FC
                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,00000105,?), ref: 0040710D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentDirectory
                                                                                                                              • String ID: :
                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                              • Opcode ID: aa9707b4d0d9c5d03511b22bbefae7383822b12ede650e628390a7387f8948e9
                                                                                                                              • Instruction ID: 4e46778bef482c884a40b6a77bd37b1cdf5980326a29a022de95e28d89e8e0a5
                                                                                                                              • Opcode Fuzzy Hash: aa9707b4d0d9c5d03511b22bbefae7383822b12ede650e628390a7387f8948e9
                                                                                                                              • Instruction Fuzzy Hash: 71F0627154474465D310E7658852BDB729CDF84348F04843E76C89B2D1E6BC5948979B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0059BDE0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0059BDE0(int __eax, void* __edx) {
				void* __edi;
				void* __esi;
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				int _t45;
				void* _t47;
				int _t48;
				intOrPtr* _t49;

				_t18 = __eax;
				_t49 = __eax;
				if(( *(__eax + 0x1c) & 0x00000008) == 0) {
					if(( *(__eax + 0x1c) & 0x00000002) != 0) {
						 *((char*)(__eax + 0x80)) = 1;
						return __eax;
					}
					_t19 =  *((intOrPtr*)(__eax + 0x78));
					if( *((intOrPtr*)(__eax + 0x78)) != 0) {
						return E0059BDE0(_t19, __edx);
					}
					_t18 = GetMenuItemCount(E0059BF18(__eax, _t45, _t47));
					_t48 = _t18;
					_t40 = _t39 & 0xffffff00 | _t48 == 0x00000000;
					while(_t48 > 0) {
						_t45 = _t48 - 1;
						_t18 = GetMenuState(E0059BF18(_t49, _t45, _t48), _t45, 0x400);
						if((_t18 & 0x00000004) == 0) {
							_t18 = RemoveMenu(E0059BF18(_t49, _t45, _t48), _t45, 0x400);
							_t40 = 1;
						}
						_t48 = _t48 - 1;
					}
					if(_t40 != 0) {
						if( *((intOrPtr*)(_t49 + 0x70)) != 0) {
							L14:
							E0059BC9C(_t49, _t45, _t48);
							L15:
							return  *((intOrPtr*)( *_t49 + 0x50))();
						}
						_t44 =  *0x59a1c4; // 0x59a21c
						if(E0040868C( *((intOrPtr*)(_t49 + 0x7c)), _t44) == 0 || GetMenuItemCount(E0059BF18(_t49, _t45, _t48)) != 0) {
							goto L14;
						} else {
							DestroyMenu( *(_t49 + 0xbc));
							 *(_t49 + 0xbc) = 0;
							goto L15;
						}
					}
				}
				return _t18;
			}












                                                                                                                              0x0059bde0
                                                                                                                              0x0059bde4
                                                                                                                              0x0059bdea
                                                                                                                              0x0059bdf4
                                                                                                                              0x0059bdf6
                                                                                                                              0x00000000
                                                                                                                              0x0059bdf6
                                                                                                                              0x0059be02
                                                                                                                              0x0059be07
                                                                                                                              0x00000000
                                                                                                                              0x0059be09
                                                                                                                              0x0059be1b
                                                                                                                              0x0059be20
                                                                                                                              0x0059be24
                                                                                                                              0x0059be29
                                                                                                                              0x0059be32
                                                                                                                              0x0059be3c
                                                                                                                              0x0059be43
                                                                                                                              0x0059be53
                                                                                                                              0x0059be58
                                                                                                                              0x0059be58
                                                                                                                              0x0059be5a
                                                                                                                              0x0059be5b
                                                                                                                              0x0059be61
                                                                                                                              0x0059be67
                                                                                                                              0x0059bea2
                                                                                                                              0x0059bea4
                                                                                                                              0x0059bea9
                                                                                                                              0x00000000
                                                                                                                              0x0059beaf
                                                                                                                              0x0059be6c
                                                                                                                              0x0059be79
                                                                                                                              0x00000000
                                                                                                                              0x0059be8c
                                                                                                                              0x0059be93
                                                                                                                              0x0059be9a
                                                                                                                              0x00000000
                                                                                                                              0x0059be9a
                                                                                                                              0x0059be79
                                                                                                                              0x0059be61
                                                                                                                              0x0059beb6

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ad8bebb6b70c684c30d9747228a5e3f8ffc0963a0edfe972ae4d2d3d4fc87c04
                                                                                                                              • Instruction ID: f6f51fa323c2004b4ed4a12cf3aa4c02228d8e81e9c13bd86265522dc6499af0
                                                                                                                              • Opcode Fuzzy Hash: ad8bebb6b70c684c30d9747228a5e3f8ffc0963a0edfe972ae4d2d3d4fc87c04
                                                                                                                              • Instruction Fuzzy Hash: B01172A160425956FF706A7A6F09BEA3F9C7FD1745F050429BE419B283CB38CC458BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00423A20 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E00423A20(void* __eax) {
				signed char _t10;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t17;
				WCHAR* _t18;

				_t17 = __eax;
				_t18 = E0040B278(__eax);
				DeleteFileW(_t18);
				asm("sbb ebx, ebx");
				_t15 = _t14 + 1;
				if(_t15 == 0) {
					_t16 = GetLastError();
					_t10 = GetFileAttributesW(_t18);
					if(_t10 == 0xffffffff || (_t10 & 0x00000004) == 0 || (_t10 & 0x00000010) == 0) {
						SetLastError(_t16);
					} else {
						RemoveDirectoryW(E0040B278(_t17));
						asm("sbb ebx, ebx");
						_t15 = _t15 + 1;
					}
				}
				return _t15;
			}









                                                                                                                              0x00423a24
                                                                                                                              0x00423a2d
                                                                                                                              0x00423a30
                                                                                                                              0x00423a38
                                                                                                                              0x00423a3a
                                                                                                                              0x00423a3d
                                                                                                                              0x00423a44
                                                                                                                              0x00423a47
                                                                                                                              0x00423a4f
                                                                                                                              0x00423a70
                                                                                                                              0x00423a5a
                                                                                                                              0x00423a62
                                                                                                                              0x00423a6a
                                                                                                                              0x00423a6c
                                                                                                                              0x00423a6c
                                                                                                                              0x00423a4f
                                                                                                                              0x00423a7b

                                                                                                                              APIs
                                                                                                                              • DeleteFileW.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A30
                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A3F
                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000), ref: 00423A47
                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A62
                                                                                                                              • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A70
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2814369299-0
                                                                                                                              • Opcode ID: 78c61043f6d1cfb01e834102f9ec44c7c1274c41788072ad8e32d84b942e336c
                                                                                                                              • Instruction ID: b6ddb16581f5c3c7179c90d7d3f79c6d55466118c1baf1b24a27a0798ed1e7de
                                                                                                                              • Opcode Fuzzy Hash: 78c61043f6d1cfb01e834102f9ec44c7c1274c41788072ad8e32d84b942e336c
                                                                                                                              • Instruction Fuzzy Hash: FAF0A7613803241999203DBE28C9ABF115CC9427AFB54077FF994D22D2D62D5F87415D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005B631C Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E005B631C() {
				intOrPtr _v4;
				void* _v8;
				int _t5;
				void* _t6;
				intOrPtr _t12;
				struct HHOOK__* _t14;
				void* _t19;
				void* _t20;

				if( *0x6d57c0 != 0) {
					_t14 =  *0x6d57c0; // 0x0
					UnhookWindowsHookEx(_t14);
				}
				 *0x6d57c0 = 0;
				_v4 = 0x6d57c4;
				_t5 = 0;
				asm("lock xchg [edx], eax");
				_v8 = 0;
				if(_v8 != 0) {
					_t6 =  *0x6d57bc; // 0x0
					SetEvent(_t6);
					if(GetCurrentThreadId() !=  *0x6d57b8) {
						while(MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff) != 0) {
							_t12 =  *0x6d579c; // 0x0
							E005B871C(_t12, _t19, _t20);
						}
					}
					_t5 = CloseHandle(_v8);
				}
				return _t5;
			}











                                                                                                                              0x005b6326
                                                                                                                              0x005b6328
                                                                                                                              0x005b632e
                                                                                                                              0x005b632e
                                                                                                                              0x005b6335
                                                                                                                              0x005b633a
                                                                                                                              0x005b6346
                                                                                                                              0x005b6348
                                                                                                                              0x005b634b
                                                                                                                              0x005b6352
                                                                                                                              0x005b6354
                                                                                                                              0x005b635a
                                                                                                                              0x005b636a
                                                                                                                              0x005b6378
                                                                                                                              0x005b636e
                                                                                                                              0x005b6373
                                                                                                                              0x005b6373
                                                                                                                              0x005b6378
                                                                                                                              0x005b6395
                                                                                                                              0x005b6395
                                                                                                                              0x005b639c

                                                                                                                              APIs
                                                                                                                              • UnhookWindowsHookEx.USER32(00000000), ref: 005B632E
                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 005B635A
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 005B635F
                                                                                                                              • MsgWaitForMultipleObjects.USER32 ref: 005B6388
                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 005B6395
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCurrentEventHandleHookMultipleObjectsThreadUnhookWaitWindows
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2132507429-0
                                                                                                                              • Opcode ID: 3d70fa8801357980af144d8f96a13d0436440f37400d9bd4b324e4fa6e60107c
                                                                                                                              • Instruction ID: 777aa0f60006170efd8bf97b8faec0e2cbbea874aebe53a0ac6f8c30ff2fdbbe
                                                                                                                              • Opcode Fuzzy Hash: 3d70fa8801357980af144d8f96a13d0436440f37400d9bd4b324e4fa6e60107c
                                                                                                                              • Instruction Fuzzy Hash: 30018B70A09700EED700EB65DC45BAE37E9FB44715F604A2AF055C75D0DB38A480CB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B8F64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E006B8F64(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				WCHAR* _t43;
				char _t58;
				intOrPtr _t68;
				void* _t72;
				signed int _t74;
				void* _t78;

				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = __edx;
				_v16 = __eax;
				_push(_t78);
				_push(0x6b9062);
				_push( *[fs:eax]);
				 *[fs:eax] = _t78 + 0xffffffe4;
				E0040A1C8(_v20);
				E005C5428(_v16, 0,  &_v8);
				_t72 = 0;
				_t58 = 0;
				do {
					_v32 = _t58;
					_v28 = 0;
					E004244F8(L"isRS-%.3u.tmp", 0,  &_v32,  &_v24);
					E0040B4C8( &_v12, _v24, _v8);
					_t74 = GetFileAttributesW(E0040B278(_v12));
					if(_t74 == 0xffffffff) {
						L5:
						_t43 = E0040B278(_v12);
						if(MoveFileExW(E0040B278(_v16), _t43, 1) == 0) {
							_t72 = _t72 + 1;
							if(_t72 == 0xa) {
								break;
							}
							goto L8;
						}
						E0040A5A8(_v20, _v12);
						break;
					}
					if((_t74 & 0x00000010) != 0) {
						goto L8;
					}
					if((_t74 & 0x00000001) != 0) {
						SetFileAttributesW(E0040B278(_v12), _t74 & 0xfffffffe);
					}
					goto L5;
					L8:
					_t58 = _t58 + 1;
				} while (_t58 != 0x3e8);
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E006B9069);
				E0040A1C8( &_v24);
				return E0040A228( &_v12, 2);
			}
















                                                                                                                              0x006b8f6f
                                                                                                                              0x006b8f72
                                                                                                                              0x006b8f75
                                                                                                                              0x006b8f78
                                                                                                                              0x006b8f7b
                                                                                                                              0x006b8f80
                                                                                                                              0x006b8f81
                                                                                                                              0x006b8f86
                                                                                                                              0x006b8f89
                                                                                                                              0x006b8f8f
                                                                                                                              0x006b8f9a
                                                                                                                              0x006b8f9f
                                                                                                                              0x006b8fa1
                                                                                                                              0x006b8fa3
                                                                                                                              0x006b8fa7
                                                                                                                              0x006b8faa
                                                                                                                              0x006b8fb8
                                                                                                                              0x006b8fc6
                                                                                                                              0x006b8fd9
                                                                                                                              0x006b8fde
                                                                                                                              0x006b9002
                                                                                                                              0x006b9007
                                                                                                                              0x006b901d
                                                                                                                              0x006b902c
                                                                                                                              0x006b9030
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x006b9030
                                                                                                                              0x006b9025
                                                                                                                              0x00000000
                                                                                                                              0x006b9025
                                                                                                                              0x006b8fe6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x006b8fee
                                                                                                                              0x006b8ffd
                                                                                                                              0x006b8ffd
                                                                                                                              0x00000000
                                                                                                                              0x006b9032
                                                                                                                              0x006b9032
                                                                                                                              0x006b9033
                                                                                                                              0x006b9041
                                                                                                                              0x006b9044
                                                                                                                              0x006b9047
                                                                                                                              0x006b904f
                                                                                                                              0x006b9061

                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,006C46F1,00000000,006B9062,?,?,006D579C,?,00000000,00000000,?,006B9494,00000000,006B949E,?,00000000), ref: 006B8FD4
                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,006C46F1,00000000,006B9062,?,?,006D579C,?,00000000,00000000,?,006B9494,00000000,006B949E), ref: 006B8FFD
                                                                                                                              • MoveFileExW.KERNEL32(00000000,00000000,00000001,00000000,006C46F1,00000000,006B9062,?,?,006D579C,?,00000000,00000000,?,006B9494,00000000), ref: 006B9016
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Attributes$Move
                                                                                                                              • String ID: isRS-%.3u.tmp
                                                                                                                              • API String ID: 3839737484-3657609586
                                                                                                                              • Opcode ID: aafdcd19b3f1f28d3928030d0c556ed5ca44d7952ac85682188d31d0a0f6b408
                                                                                                                              • Instruction ID: 31d351f3c97924346b89867796ea0414510024315a00da88274a448b23120628
                                                                                                                              • Opcode Fuzzy Hash: aafdcd19b3f1f28d3928030d0c556ed5ca44d7952ac85682188d31d0a0f6b408
                                                                                                                              • Instruction Fuzzy Hash: AB318170D04218ABCB00EBB9C8859EEB7B9EF48314F51467EF814B7281D7385E818769
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B6998 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59processCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 55%
                                                                                                                              			E006B6998(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				struct _PROCESS_INFORMATION _v92;
				int _t22;
				intOrPtr _t28;
				intOrPtr _t41;
				void* _t47;

				_v8 = 0;
				_t44 = __edx;
				_t32 = __eax;
				_push(_t47);
				_push(0x6b6a40);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47 + 0xffffffa8;
				_push(0x6b6a5c);
				_push(__eax);
				_push(E006B6A6C);
				_push(__edx);
				E0040B550( &_v8, __eax, 4, __edi, __edx);
				E00407760( &_v76, 0x44);
				_v76.cb = 0x44;
				_t22 = CreateProcessW(0, E0040B278(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92);
				_t49 = _t22;
				if(_t22 == 0) {
					_t28 =  *0x6cded8; // 0x6d5c28
					_t8 = _t28 + 0x20c; // 0x0
					E006B68EC( *_t8, _t32, 0, _t44, _t49);
				}
				CloseHandle(_v92.hThread);
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E006B6A47);
				return E0040A1C8( &_v8);
			}










                                                                                                                              0x006b69a2
                                                                                                                              0x006b69a5
                                                                                                                              0x006b69a7
                                                                                                                              0x006b69ab
                                                                                                                              0x006b69ac
                                                                                                                              0x006b69b1
                                                                                                                              0x006b69b4
                                                                                                                              0x006b69b7
                                                                                                                              0x006b69bc
                                                                                                                              0x006b69bd
                                                                                                                              0x006b69c2
                                                                                                                              0x006b69cb
                                                                                                                              0x006b69da
                                                                                                                              0x006b69df
                                                                                                                              0x006b6a05
                                                                                                                              0x006b6a0a
                                                                                                                              0x006b6a0c
                                                                                                                              0x006b6a0e
                                                                                                                              0x006b6a13
                                                                                                                              0x006b6a19
                                                                                                                              0x006b6a19
                                                                                                                              0x006b6a22
                                                                                                                              0x006b6a2c
                                                                                                                              0x006b6a2f
                                                                                                                              0x006b6a32
                                                                                                                              0x006b6a3f

                                                                                                                              APIs
                                                                                                                              • CreateProcessW.KERNEL32 ref: 006B6A05
                                                                                                                              • CloseHandle.KERNEL32(006B6AB0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,006B6A6C,?,006B6A5C,00000000), ref: 006B6A22
                                                                                                                                • Part of subcall function 006B68EC: GetLastError.KERNEL32(00000000,006B6989,?,?,?), ref: 006B690F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateErrorHandleLastProcess
                                                                                                                              • String ID: (\m$D
                                                                                                                              • API String ID: 3798668922-1981685662
                                                                                                                              • Opcode ID: a5833d7c80436315819c56a95c2be4cf65ccd9a37b43d1b18280e5cc74a4d4a7
                                                                                                                              • Instruction ID: 5a29f4a3f67f8962990b16f59edcecd6c92ec2fdb2b6e45770094aa6b13b7383
                                                                                                                              • Opcode Fuzzy Hash: a5833d7c80436315819c56a95c2be4cf65ccd9a37b43d1b18280e5cc74a4d4a7
                                                                                                                              • Instruction Fuzzy Hash: 53115EB1604248AFDB00EBA5CC92EEE77ADEF08704F51407AF505F7281E678AE448768
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0062460C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 48%
                                                                                                                              			E0062460C(void* __eax, void* __ebx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _t19;
				char _t20;
				void* _t34;
				intOrPtr _t39;
				intOrPtr _t45;

				_t42 = __esi;
				_push(0);
				_push(0);
				_push(0);
				_push(_t45);
				_push(0x6246a6);
				 *[fs:eax] = _t45;
				E005C52C8(__eax,  &_v16, _t45,  *[fs:eax]);
				E0040B368( &_v8, _v16);
				_push(E0040EC28( &_v12));
				_t19 = E0040AEF4(_v8);
				_t34 = _t19;
				_push(_t34);
				L0043C244();
				if(_t19 != 0) {
					E0060CE98(L"LoadTypeLib", _t34, _t19, __esi);
				}
				_push(0);
				_push(_t34);
				_t20 = _v12;
				_push(_t20);
				L0043C24C();
				if(_t20 != 0) {
					E0060CE98(L"RegisterTypeLib", _t34, _t20, _t42);
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E006246AD);
				E0040A1C8( &_v16);
				E0040EC28( &_v12);
				return E0040A210( &_v8);
			}











                                                                                                                              0x0062460c
                                                                                                                              0x0062460f
                                                                                                                              0x00624611
                                                                                                                              0x00624613
                                                                                                                              0x0062461a
                                                                                                                              0x0062461b
                                                                                                                              0x00624623
                                                                                                                              0x0062462b
                                                                                                                              0x00624636
                                                                                                                              0x00624643
                                                                                                                              0x00624647
                                                                                                                              0x0062464c
                                                                                                                              0x0062464e
                                                                                                                              0x0062464f
                                                                                                                              0x00624656
                                                                                                                              0x0062465f
                                                                                                                              0x0062465f
                                                                                                                              0x00624664
                                                                                                                              0x00624666
                                                                                                                              0x00624667
                                                                                                                              0x0062466a
                                                                                                                              0x0062466b
                                                                                                                              0x00624672
                                                                                                                              0x0062467b
                                                                                                                              0x0062467b
                                                                                                                              0x00624682
                                                                                                                              0x00624685
                                                                                                                              0x00624688
                                                                                                                              0x00624690
                                                                                                                              0x00624698
                                                                                                                              0x006246a5

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005C52C8: GetFullPathNameW.KERNEL32(00000000,00001000,?,?,00000002,?,?,006D579C,00000000,0060D8F7,00000000,0060DBD2,?,?,006D579C), ref: 005C52F9
                                                                                                                              • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0062464F
                                                                                                                              • RegisterTypeLib.OLEAUT32(?,00000000,00000000), ref: 0062466B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Type$FullLoadNamePathRegister
                                                                                                                              • String ID: LoadTypeLib$RegisterTypeLib
                                                                                                                              • API String ID: 4170313675-2435364021
                                                                                                                              • Opcode ID: 4a5734cba4f1f567cfe39a2ea32e2412489323ff365467ecfcfbb8db8d726f7e
                                                                                                                              • Instruction ID: a0643c8b31b351ed7dd0ed5e96a0399ab73b0cd2583ebe073036f576505b33dd
                                                                                                                              • Opcode Fuzzy Hash: 4a5734cba4f1f567cfe39a2ea32e2412489323ff365467ecfcfbb8db8d726f7e
                                                                                                                              • Instruction Fuzzy Hash: 2D0148317407146BDB10EBB6DC82F8E77EDDB49704F514876B400F62D2DE78AE058A58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0042E20C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 80%
                                                                                                                              			E0042E20C(int __ecx, void* __edx, char _a4, intOrPtr _a8) {
				char _v24;
				void* __ebp;
				void* _t14;
				intOrPtr _t20;
				void* _t23;
				void* _t29;
				int _t30;
				intOrPtr _t31;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t36;
				int _t40;

				_t32 = __edx;
				_t30 = __ecx;
				if(__edx != 0) {
					_t36 = _t36 + 0xfffffff0;
					_t14 = E00408A40(_t14, _t35);
				}
				_t29 = _t32;
				_t34 = _t14;
				if(_t30 != 0) {
					 *(_t34 + 0xc) = _t30;
				} else {
					 *(_t34 + 0xc) = GetACP();
				}
				 *((intOrPtr*)(_t34 + 0x10)) = _a8;
				_t5 =  &_a4; // 0x46e824
				 *((intOrPtr*)(_t34 + 0x14)) =  *_t5;
				_t7 =  &_v24; // 0x42e125
				_t8 = _t34 + 0xc; // 0x42e30c
				_t40 = GetCPInfo( *_t8, _t7);
				if(_t40 == 0) {
					_t31 =  *0x6cdf2c; // 0x4154c0
					E004290C4(_t31, 1);
					E004098C4();
				}
				_t9 =  &_v24; // 0x42e125
				_t20 =  *_t9;
				 *((intOrPtr*)(_t34 + 8)) = _t20;
				 *((char*)(_t34 + 4)) = _t20 - 0x00000001 & 0xffffff00 | _t40 == 0x00000000;
				_t23 = _t34;
				if(_t29 != 0) {
					E00408A98(_t23);
					_pop( *[fs:0x0]);
				}
				return _t34;
			}
















                                                                                                                              0x0042e20c
                                                                                                                              0x0042e20c
                                                                                                                              0x0042e216
                                                                                                                              0x0042e218
                                                                                                                              0x0042e21b
                                                                                                                              0x0042e21b
                                                                                                                              0x0042e220
                                                                                                                              0x0042e222
                                                                                                                              0x0042e226
                                                                                                                              0x0042e232
                                                                                                                              0x0042e228
                                                                                                                              0x0042e22d
                                                                                                                              0x0042e22d
                                                                                                                              0x0042e238
                                                                                                                              0x0042e23b
                                                                                                                              0x0042e23e
                                                                                                                              0x0042e241
                                                                                                                              0x0042e245
                                                                                                                              0x0042e24e
                                                                                                                              0x0042e250
                                                                                                                              0x0042e252
                                                                                                                              0x0042e25f
                                                                                                                              0x0042e264
                                                                                                                              0x0042e264
                                                                                                                              0x0042e269
                                                                                                                              0x0042e269
                                                                                                                              0x0042e26c
                                                                                                                              0x0042e273
                                                                                                                              0x0042e276
                                                                                                                              0x0042e27a
                                                                                                                              0x0042e27c
                                                                                                                              0x0042e281
                                                                                                                              0x0042e288
                                                                                                                              0x0042e292

                                                                                                                              APIs
                                                                                                                              • GetACP.KERNEL32(004213C8,00000001), ref: 0042E228
                                                                                                                              • GetCPInfo.KERNEL32(0042E30C,%BF,004213C8,00000001), ref: 0042E249
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Info
                                                                                                                              • String ID: $F$%BF
                                                                                                                              • API String ID: 1807457897-1213976744
                                                                                                                              • Opcode ID: a2c95108f9b8ff47af942959d65ecc4349aa3fde787a6eb6c20a8524e76fe961
                                                                                                                              • Instruction ID: 1f83107e1eeb7a5b97efb5f655ff368bf58d4a69870ac0221b3df8472eb2f9c5
                                                                                                                              • Opcode Fuzzy Hash: a2c95108f9b8ff47af942959d65ecc4349aa3fde787a6eb6c20a8524e76fe961
                                                                                                                              • Instruction Fuzzy Hash: 0801C472B01605CBC720EFAAE441997B7E8AB04754B00853FE89AC7741EA39A9048BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0060DAE9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E0060DAE9(void* __edx) {
				WCHAR* _t13;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t36;

				SetFileAttributesW(E0040B278( *((intOrPtr*)(_t36 - 0x10))), 0x20);
				if(E00423A20( *((intOrPtr*)(_t36 - 0x10))) == 0) {
					E0060CE84(L"DeleteFile");
				}
				_t13 = E0040B278( *((intOrPtr*)(_t36 - 0x10)));
				if(MoveFileW(E0040B278( *((intOrPtr*)(_t36 - 0x14))), _t13) == 0) {
					E0060CE84(L"MoveFile");
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E0060DBD9);
				E0040A228(_t36 - 0x44, 7);
				return E0040A228(_t36 - 0x1c, 7);
			}







                                                                                                                              0x0060daf4
                                                                                                                              0x0060db03
                                                                                                                              0x0060db0a
                                                                                                                              0x0060db0a
                                                                                                                              0x0060db12
                                                                                                                              0x0060db28
                                                                                                                              0x0060db2f
                                                                                                                              0x0060db2f
                                                                                                                              0x0060db36
                                                                                                                              0x0060db39
                                                                                                                              0x0060dbac
                                                                                                                              0x0060dbaf
                                                                                                                              0x0060dbb2
                                                                                                                              0x0060dbbf
                                                                                                                              0x0060dbd1

                                                                                                                              APIs
                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000020), ref: 0060DAF4
                                                                                                                                • Part of subcall function 00423A20: DeleteFileW.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A30
                                                                                                                                • Part of subcall function 00423A20: GetLastError.KERNEL32(00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex), ref: 00423A3F
                                                                                                                                • Part of subcall function 00423A20: GetFileAttributesW.KERNEL32(00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000,00000000), ref: 00423A47
                                                                                                                                • Part of subcall function 00423A20: RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,006D579C,?,006B9479,00000000,006B94CE,?,?,00000005,?,00000000,00000000), ref: 00423A62
                                                                                                                              • MoveFileW.KERNEL32(00000000,00000000), ref: 0060DB21
                                                                                                                                • Part of subcall function 0060CE84: GetLastError.KERNEL32(00000000,0060DBAA,00000005,00000000,0060DBD2,?,?,006D579C,?,00000000,00000000,00000000,?,006B910F,00000000,006B912A), ref: 0060CE87
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AttributesErrorLast$DeleteDirectoryMoveRemove
                                                                                                                              • String ID: DeleteFile$MoveFile
                                                                                                                              • API String ID: 3947864702-139070271
                                                                                                                              • Opcode ID: 8653c3cd1b991befb4a6e522ad2c8b3e0382a0039e8c164c3e0110bd5ab2660b
                                                                                                                              • Instruction ID: fe212bc12655be3e3d7d94ed230904773b29f806c55adb2c37bf9887ca86c235
                                                                                                                              • Opcode Fuzzy Hash: 8653c3cd1b991befb4a6e522ad2c8b3e0382a0039e8c164c3e0110bd5ab2660b
                                                                                                                              • Instruction Fuzzy Hash: 62F044706841058AEB08FBF6E9069AF73A5EF44318F51467EF404E72C1DA3C9C05862D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00626F48 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E00626F48(signed int __eax, void* __ecx, void* __edx, void* __ebp) {
				void* _v16;
				void* __ebx;
				void* _t31;
				signed int _t33;

				_push(__ecx);
				_t31 = __edx;
				_t22 = __eax;
				_t33 = __eax & 0x0000007f;
				if( *((intOrPtr*)(0x6d6374 + _t33 * 4)) == 0) {
					if(E005C7A14(__eax, L"SOFTWARE\\Microsoft\\.NETFramework", 0x80000002,  &_v16, 1, 0) == 0) {
						E005C793C();
						RegCloseKey(_v16);
					}
					if( *((intOrPtr*)(0x6d6374 + _t33 * 4)) == 0) {
						E0060CD28(L".NET Framework not found", _t22);
					}
				}
				return E0040A5A8(_t31,  *((intOrPtr*)(0x6d6374 + _t33 * 4)));
			}







                                                                                                                              0x00626f4b
                                                                                                                              0x00626f4c
                                                                                                                              0x00626f4e
                                                                                                                              0x00626f52
                                                                                                                              0x00626f5d
                                                                                                                              0x00626f7b
                                                                                                                              0x00626f8c
                                                                                                                              0x00626f95
                                                                                                                              0x00626f95
                                                                                                                              0x00626fa2
                                                                                                                              0x00626fa9
                                                                                                                              0x00626fa9
                                                                                                                              0x00626fa2
                                                                                                                              0x00626fc0

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005C7A14: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,005C80EE,?,00000000,?,005C808E,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,005C80EE), ref: 005C7A30
                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,00000003,00626DA0,00000003,00000000,006270EB,00000000,006272A5,?,00626DA0,?,00000000,00000000), ref: 00626F95
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpen
                                                                                                                              • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                                                              • API String ID: 47109696-2631785700
                                                                                                                              • Opcode ID: c2f7e1eb2f3beb466438181c562f84fa430cca0b96ca427e7ff2b0155b10b8c6
                                                                                                                              • Instruction ID: de5110e5fa14fd350821f7972f2051635d336fb801c9b7b6397190480774c976
                                                                                                                              • Opcode Fuzzy Hash: c2f7e1eb2f3beb466438181c562f84fa430cca0b96ca427e7ff2b0155b10b8c6
                                                                                                                              • Instruction Fuzzy Hash: 48F0FF31B05524AFEB10EB49FC41B5A6B9BDB85310F50213AF184C3281E631DC018BA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C86E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 47%
                                                                                                                              			E005C86E0(void* __eax, void* __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				void* _t3;
				void* _t7;
				void* _t12;
				intOrPtr* _t13;

				_t8 = __ecx;
				_push(__ecx);
				_t7 = __edx;
				_t12 = __eax;
				if( *0x6d57f0 == 0) {
					 *0x6d57f4 = E00414020(_t7, _t12, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilterEx");
					 *_t13 = 0x6d57f0;
					asm("lock xchg [edx], eax");
				}
				if( *0x6d57f4 == 0) {
					_t3 = E005C8644(_t7, _t8);
				} else {
					_t3 =  *0x6d57f4(_t12, _t7, 1, 0);
				}
				return _t3;
			}









                                                                                                                              0x005c86e0
                                                                                                                              0x005c86e2
                                                                                                                              0x005c86e3
                                                                                                                              0x005c86e5
                                                                                                                              0x005c86ee
                                                                                                                              0x005c8705
                                                                                                                              0x005c870a
                                                                                                                              0x005c8719
                                                                                                                              0x005c8719
                                                                                                                              0x005c8723
                                                                                                                              0x005c8735
                                                                                                                              0x005c8725
                                                                                                                              0x005c872b
                                                                                                                              0x005c872b
                                                                                                                              0x005c873d

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C86FA
                                                                                                                                • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                                                                                • Part of subcall function 005C8644: GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005C873A,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C865B
                                                                                                                              • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C872B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule$AddressChangeFilterMessageProcWindow
                                                                                                                              • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                                                              • API String ID: 989041661-2676053874
                                                                                                                              • Opcode ID: 7df53831068b11b3bc6f85ec8e00ebaae734f643accca07e7ade5c95f0b28fc3
                                                                                                                              • Instruction ID: 33574298acf09a9ab3b8dc906f6acd80ea038e69245e9512450f7745a5549cab
                                                                                                                              • Opcode Fuzzy Hash: 7df53831068b11b3bc6f85ec8e00ebaae734f643accca07e7ade5c95f0b28fc3
                                                                                                                              • Instruction Fuzzy Hash: F7F0A070702610DFD715EBA9AC89F662FE6EB84345F30142EF1069B691DBB60880C699
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004698FC Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 107COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E004698FC(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, void* _a4, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t30;
				void* _t67;
				void* _t68;
				intOrPtr _t73;
				intOrPtr _t77;
				char _t78;
				intOrPtr _t82;
				signed short _t93;
				void* _t96;
				void* _t98;
				void* _t99;
				intOrPtr _t100;

				_t78 = __edx;
				_t68 = __ecx;
				_t98 = _t99;
				_t100 = _t99 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t100 = _t100 + 0xfffffff0;
					_t30 = E00408A40(_t30, _t98);
				}
				_t96 = _t68;
				_v5 = _t78;
				_t67 = _t30;
				_t93 = _a8;
				_push(_t98);
				_push(0x469a4c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t100;
				if((0x0000ff00 & _t93) != 0xff00) {
					E0046976C(E004236A4(_t96, _t93 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t67 + 4)) == 0xffffffff) {
						E00423BD0(_t96,  &_v36);
						_v24 = _v36;
						_v20 = 0x11;
						E00427D54(GetLastError(), _t67, 0, _t96);
						_v16 = _v40;
						_v12 = 0x11;
						_t73 =  *0x6cd8a8; // 0x415564
						E00429100(_t67, _t73, 1, _t93, _t96, 1,  &_v24);
						E004098C4();
					}
				} else {
					_t94 = _t93 & 0x000000ff;
					if((_t93 & 0x000000ff) == 0xff) {
						_t94 = 0x10;
					}
					E0046976C(E004236FC(_t96, _t94 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t67 + 4)) == 0xffffffff) {
						E00423BD0(_t96,  &_v28);
						_v24 = _v28;
						_v20 = 0x11;
						E00427D54(GetLastError(), _t67, 0, _t96);
						_v16 = _v32;
						_v12 = 0x11;
						_t77 =  *0x6ce1a8; // 0x41555c
						E00429100(_t67, _t77, 1, _t94, _t96, 1,  &_v24);
						E004098C4();
					}
				}
				_t28 = _t67 + 8; // 0x443d54
				E0040A5A8(_t28, _t96);
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(E00469A53);
				return E0040A228( &_v40, 4);
			}
























                                                                                                                              0x004698fc
                                                                                                                              0x004698fc
                                                                                                                              0x004698fd
                                                                                                                              0x004698ff
                                                                                                                              0x00469907
                                                                                                                              0x0046990a
                                                                                                                              0x0046990d
                                                                                                                              0x00469910
                                                                                                                              0x00469915
                                                                                                                              0x00469917
                                                                                                                              0x0046991a
                                                                                                                              0x0046991a
                                                                                                                              0x0046991f
                                                                                                                              0x00469921
                                                                                                                              0x00469924
                                                                                                                              0x00469926
                                                                                                                              0x0046992b
                                                                                                                              0x0046992c
                                                                                                                              0x00469931
                                                                                                                              0x00469934
                                                                                                                              0x00469942
                                                                                                                              0x004699d2
                                                                                                                              0x004699db
                                                                                                                              0x004699e2
                                                                                                                              0x004699ea
                                                                                                                              0x004699ed
                                                                                                                              0x004699fb
                                                                                                                              0x00469a03
                                                                                                                              0x00469a06
                                                                                                                              0x00469a10
                                                                                                                              0x00469a1d
                                                                                                                              0x00469a22
                                                                                                                              0x00469a22
                                                                                                                              0x00469944
                                                                                                                              0x00469944
                                                                                                                              0x0046994e
                                                                                                                              0x00469950
                                                                                                                              0x00469950
                                                                                                                              0x00469967
                                                                                                                              0x00469970
                                                                                                                              0x0046997b
                                                                                                                              0x00469983
                                                                                                                              0x00469986
                                                                                                                              0x00469994
                                                                                                                              0x0046999c
                                                                                                                              0x0046999f
                                                                                                                              0x004699a9
                                                                                                                              0x004699b6
                                                                                                                              0x004699bb
                                                                                                                              0x004699bb
                                                                                                                              0x00469970
                                                                                                                              0x00469a27
                                                                                                                              0x00469a2c
                                                                                                                              0x00469a33
                                                                                                                              0x00469a36
                                                                                                                              0x00469a39
                                                                                                                              0x00469a4b

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(00000000,00469A4C,?,?,00443D4C,00000001), ref: 0046998A
                                                                                                                                • Part of subcall function 004236A4: CreateFileW.KERNEL32(00000000,000000F0,000000F0,00000000,00000003,00000080,00000000,?,?,00443D4C,004699CC,00000000,00469A4C,?,?,00443D4C), ref: 004236F3
                                                                                                                                • Part of subcall function 00423BD0: GetFullPathNameW.KERNEL32(00000000,00000104,?,?,?,?,?,00443D4C,004699E7,00000000,00469A4C,?,?,00443D4C,00000001), ref: 00423BF3
                                                                                                                              • GetLastError.KERNEL32(00000000,00469A4C,?,?,00443D4C,00000001), ref: 004699F1
                                                                                                                                • Part of subcall function 00427D54: FormatMessageW.KERNEL32(00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,00443D4C,00000000,?,00469A00,00000000,00469A4C), ref: 00427D78
                                                                                                                                • Part of subcall function 00427D54: LocalFree.KERNEL32(00000001,00427DD1,00003300,00000000,00000000,00000000,00000001,00000000,00000000,?,00443D4C,00000000,?,00469A00,00000000,00469A4C), ref: 00427DC4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$CreateFileFormatFreeFullLocalMessageNamePath
                                                                                                                              • String ID: \UA$dUA
                                                                                                                              • API String ID: 503893064-3864016770
                                                                                                                              • Opcode ID: e736c599be1d6034274a3c0f3d8694df9c68d7f40ec267f9edceecc9aa6349f3
                                                                                                                              • Instruction ID: 123e0454fb2a9dec89cd9e8203dbd653fcf04e778e7e37e714b9737e464d7bf3
                                                                                                                              • Opcode Fuzzy Hash: e736c599be1d6034274a3c0f3d8694df9c68d7f40ec267f9edceecc9aa6349f3
                                                                                                                              • Instruction Fuzzy Hash: 8641A370B002599FDB00EFA6C8815EEBBF5AF58314F40812AE914A7382D77D5E05CB6A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040DE74 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E0040DE74(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x6d1c0c()) {
					_v16 = E0040DE30( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x6d1c08(4,  &_v32,  &_v20);
				}
				_t39 = E0040DE30( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E0040B2DC(_t81, _t67);
					_t39 = E00406F28(_t67);
				}
				if(_v16 != 0) {
					 *0x6d1c08(0, 0,  &_v20);
					_t68 = E0040DE30( &_v12);
					if(_v8 != _v12 || E0040DE0C(_v16, _v12, _t68) != 0) {
						 *0x6d1c08(8, _v16,  &_v20);
					}
					E00406F28(_t68);
					return E00406F28(_v16);
				}
				return _t39;
			}





















                                                                                                                              0x0040de7c
                                                                                                                              0x0040de7e
                                                                                                                              0x0040de82
                                                                                                                              0x0040de8e
                                                                                                                              0x0040de98
                                                                                                                              0x0040de9b
                                                                                                                              0x0040de9d
                                                                                                                              0x0040dea4
                                                                                                                              0x0040dea7
                                                                                                                              0x0040deb8
                                                                                                                              0x0040debe
                                                                                                                              0x0040dec1
                                                                                                                              0x0040dec4
                                                                                                                              0x0040dec7
                                                                                                                              0x0040decd
                                                                                                                              0x0040ded3
                                                                                                                              0x0040dee3
                                                                                                                              0x0040dee3
                                                                                                                              0x0040deec
                                                                                                                              0x0040def1
                                                                                                                              0x0040def5
                                                                                                                              0x0040defa
                                                                                                                              0x0040deff
                                                                                                                              0x0040df01
                                                                                                                              0x0040df02
                                                                                                                              0x0040df09
                                                                                                                              0x0040df11
                                                                                                                              0x0040df16
                                                                                                                              0x0040df16
                                                                                                                              0x0040df1c
                                                                                                                              0x0040df1f
                                                                                                                              0x0040df1f
                                                                                                                              0x0040df09
                                                                                                                              0x0040df26
                                                                                                                              0x0040df2d
                                                                                                                              0x0040df2d
                                                                                                                              0x0040df36
                                                                                                                              0x0040df40
                                                                                                                              0x0040df4e
                                                                                                                              0x0040df56
                                                                                                                              0x0040df73
                                                                                                                              0x0040df73
                                                                                                                              0x0040df7b
                                                                                                                              0x00000000
                                                                                                                              0x0040df83
                                                                                                                              0x0040df8d

                                                                                                                              APIs
                                                                                                                              • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040DE85
                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040DEE3
                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040DF40
                                                                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040DF73
                                                                                                                                • Part of subcall function 0040DE30: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040DEF1), ref: 0040DE47
                                                                                                                                • Part of subcall function 0040DE30: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040DEF1), ref: 0040DE64
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Thread$LanguagesPreferred$Language
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2255706666-0
                                                                                                                              • Opcode ID: 7b6831f497646e761f52de9c536b6e12a9bbcbfaf2b29159977432e5b56d760a
                                                                                                                              • Instruction ID: 69b1dabfcf83cd92044bbbe7d095353c7cd2b80021ffbfb9d1b785f1729ac455
                                                                                                                              • Opcode Fuzzy Hash: 7b6831f497646e761f52de9c536b6e12a9bbcbfaf2b29159977432e5b56d760a
                                                                                                                              • Instruction Fuzzy Hash: 63317070E1021A9BCB10DFE9D884AAEB7B5FF14305F40417AE516FB2D1D7789A09CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005CE374 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E005CE374(intOrPtr* __eax, int __ecx, int __edx, int _a4, int _a8) {
				int _v8;
				int _v12;
				int _t31;
				intOrPtr* _t41;
				int _t54;
				int _t55;

				_v8 = __ecx;
				_t54 = __edx;
				_t41 = __eax;
				MulDiv( *(__eax + 0x50), __edx, _v8);
				_v12 = MulDiv( *(_t41 + 0x54), _a8, _a4);
				if(( *(_t41 + 0x61) & 0x00000001) != 0) {
					_t55 =  *(_t41 + 0x58);
				} else {
					_t55 = MulDiv( *(_t41 + 0x58), _t54, _v8);
				}
				if(( *(_t41 + 0x61) & 0x00000002) != 0) {
					_t31 =  *(_t41 + 0x5c);
				} else {
					_t31 = MulDiv( *(_t41 + 0x5c), _a8, _a4);
				}
				return  *((intOrPtr*)( *_t41 + 0xc8))(_t31, _t55);
			}









                                                                                                                              0x005ce37d
                                                                                                                              0x005ce380
                                                                                                                              0x005ce382
                                                                                                                              0x005ce38d
                                                                                                                              0x005ce3a5
                                                                                                                              0x005ce3ac
                                                                                                                              0x005ce3c0
                                                                                                                              0x005ce3ae
                                                                                                                              0x005ce3bc
                                                                                                                              0x005ce3bc
                                                                                                                              0x005ce3c7
                                                                                                                              0x005ce3dc
                                                                                                                              0x005ce3c9
                                                                                                                              0x005ce3d5
                                                                                                                              0x005ce3d5
                                                                                                                              0x005ce3f6

                                                                                                                              APIs
                                                                                                                              • MulDiv.KERNEL32(?,0068D5D0,?), ref: 005CE38D
                                                                                                                              • MulDiv.KERNEL32(?,005CE4BF,0068D5D0), ref: 005CE3A0
                                                                                                                              • MulDiv.KERNEL32(?,0068D5D0,?), ref: 005CE3B7
                                                                                                                              • MulDiv.KERNEL32(?,005CE4BF,0068D5D0), ref: 005CE3D5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ac23038dacf6796b57d110ed30358184083c47a134689276074c101833fe842e
                                                                                                                              • Instruction ID: 3e71b6adc286f200af4aaafaaf3a8fca573aba72415269075ac824ff0f327e96
                                                                                                                              • Opcode Fuzzy Hash: ac23038dacf6796b57d110ed30358184083c47a134689276074c101833fe842e
                                                                                                                              • Instruction Fuzzy Hash: B9113072A04244AFCB44DEDDD8C5E9F7BEDEF48364B144499F908DB242C678ED808BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004F53AC Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 67%
                                                                                                                              			E004F53AC(intOrPtr* __eax, struct HICON__* __edx, void* __eflags) {
				intOrPtr* _v8;
				struct _ICONINFO _v28;
				intOrPtr _v44;
				intOrPtr _v48;
				void _v52;
				intOrPtr _t33;
				intOrPtr _t45;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t49 = _t51;
				_t52 = _t51 + 0xffffffd0;
				_v8 = __eax;
				E004F5338(_v8, __edx);
				if(__edx == 0 || GetIconInfo(__edx,  &_v28) == 0) {
					return  *((intOrPtr*)( *_v8 + 0x10))();
				} else {
					_push(_t49);
					_push(0x4f5429);
					_push( *[fs:edx]);
					 *[fs:edx] = _t52;
					if(GetObjectW(_v28.hbmColor, 0x18,  &_v52) != 0) {
						_t33 =  *((intOrPtr*)(_v8 + 0x28));
						 *((intOrPtr*)(_t33 + 0xc)) = _v48;
						 *((intOrPtr*)(_t33 + 0x10)) = _v44;
					}
					_pop(_t45);
					 *[fs:eax] = _t45;
					_push(E004F5430);
					DeleteObject(_v28.hbmMask);
					return DeleteObject(_v28.hbmColor);
				}
			}













                                                                                                                              0x004f53ad
                                                                                                                              0x004f53af
                                                                                                                              0x004f53b5
                                                                                                                              0x004f53bf
                                                                                                                              0x004f53c6
                                                                                                                              0x004f543f
                                                                                                                              0x004f53d6
                                                                                                                              0x004f53d8
                                                                                                                              0x004f53d9
                                                                                                                              0x004f53de
                                                                                                                              0x004f53e1
                                                                                                                              0x004f53f5
                                                                                                                              0x004f53fa
                                                                                                                              0x004f5400
                                                                                                                              0x004f5406
                                                                                                                              0x004f5406
                                                                                                                              0x004f540b
                                                                                                                              0x004f540e
                                                                                                                              0x004f5411
                                                                                                                              0x004f541a
                                                                                                                              0x004f5428
                                                                                                                              0x004f5428

                                                                                                                              APIs
                                                                                                                              • GetIconInfo.USER32(00000000,00000000), ref: 004F53CD
                                                                                                                              • GetObjectW.GDI32(0068D5D0,00000018,00000000,00000000,004F5429,?,004C0068), ref: 004F53EE
                                                                                                                              • DeleteObject.GDI32(?), ref: 004F541A
                                                                                                                              • DeleteObject.GDI32(0068D5D0), ref: 004F5423
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$Delete$IconInfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 507670407-0
                                                                                                                              • Opcode ID: 939d8cbd648baad16ebc5502745bc899ef72b4fd7c693fad9428492138ac7e12
                                                                                                                              • Instruction ID: 4322d414b200eb17045e09ec041732102b9da4c87ad94fc4c4d540c0fc3291bf
                                                                                                                              • Opcode Fuzzy Hash: 939d8cbd648baad16ebc5502745bc899ef72b4fd7c693fad9428492138ac7e12
                                                                                                                              • Instruction Fuzzy Hash: 2B11A375A00608AFCB04DFA6D981DAEB7F9EF88314B5081AAFE04D3351DB38DE408B54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005B9590 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 93%
                                                                                                                              			E005B9590(signed char __eax, intOrPtr _a4) {
				int _t22;
				void* _t23;
				int _t31;
				signed int _t35;
				signed char _t38;
				void* _t43;
				void* _t44;

				_t38 = __eax;
				_t2 = _a4 - 4; // 0xc31852ff
				_t22 = IsWindowVisible( *( *_t2 + 0x188));
				asm("sbb eax, eax");
				_t23 = _t22 + 1;
				_t43 = _t23 -  *0x6cccd4; // 0x0
				if(_t43 == 0) {
					_t44 = _t38 -  *0x6cccd4; // 0x0
					if(_t44 != 0) {
						_t5 = _a4 - 4; // 0xc31852ff
						if( *((char*)( *_t5 + 0xeb)) != 0 &&  *0x6cccd4 == 0) {
							_t8 = _a4 - 4; // 0xc31852ff
							_t35 = GetWindowLongW( *( *_t8 + 0x188), 0xffffffec);
							_t11 = _a4 - 4; // 0xc31852ff
							SetWindowLongW( *( *_t11 + 0x188), 0xffffffec, _t35 | 0x08000000);
						}
						_t16 = _a4 - 4; // 0xc31852ff
						_t31 = SetWindowPos( *( *_t16 + 0x188), 0, 0, 0, 0, 0,  *(0x6cccd6 + (_t38 & 0x000000ff) * 2) & 0x0000ffff);
						 *0x6cccd4 = _t38;
						return _t31;
					}
				}
				return _t23;
			}










                                                                                                                              0x005b9594
                                                                                                                              0x005b9599
                                                                                                                              0x005b95a3
                                                                                                                              0x005b95ab
                                                                                                                              0x005b95ad
                                                                                                                              0x005b95ae
                                                                                                                              0x005b95b4
                                                                                                                              0x005b95b6
                                                                                                                              0x005b95bc
                                                                                                                              0x005b95c1
                                                                                                                              0x005b95cb
                                                                                                                              0x005b95d9
                                                                                                                              0x005b95e5
                                                                                                                              0x005b95ed
                                                                                                                              0x005b95ff
                                                                                                                              0x005b95ff
                                                                                                                              0x005b961d
                                                                                                                              0x005b9627
                                                                                                                              0x005b962c
                                                                                                                              0x00000000
                                                                                                                              0x005b962c
                                                                                                                              0x005b95bc
                                                                                                                              0x005b9634

                                                                                                                              APIs
                                                                                                                              • IsWindowVisible.USER32(?), ref: 005B95A3
                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 005B95E5
                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005B95FF
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,C31852FF,?,00000000,?,005B96B9,?,?,?,00000000), ref: 005B9627
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Long$Visible
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2967648141-0
                                                                                                                              • Opcode ID: 842486b8e95f12e4d0d419cdbe77ed65285d8059c807cbf751cb688483714887
                                                                                                                              • Instruction ID: de5a40ccb5800a4cef2b87037ee72a09c9fd5293aebedbf233be07227e7c069f
                                                                                                                              • Opcode Fuzzy Hash: 842486b8e95f12e4d0d419cdbe77ed65285d8059c807cbf751cb688483714887
                                                                                                                              • Instruction Fuzzy Hash: B31161742851446FDB00DB28D888FFA7FE9AB45324F458191F988CB362CA38ED80CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0046A218 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 80%
                                                                                                                              			E0046A218(void* __eax, struct HINSTANCE__* __edx, WCHAR* _a8) {
				WCHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				void* _t23;
				WCHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t29 = FindResourceW(__edx, _v8, _a8);
				 *(_t23 + 0x10) = _t29;
				if(_t29 == 0) {
					E0046A178(_t23, _t24, _t29, _t31, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x46a2b4
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				if(_t30 == 0) {
					E0046A178(_t23, _t24, _t30, _t31, _t32);
				}
				_t7 = _t23 + 0x10; // 0x46a2b4
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x469b00
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E00469AAC(_t23, _t25, _t18);
			}

















                                                                                                                              0x0046a21f
                                                                                                                              0x0046a222
                                                                                                                              0x0046a224
                                                                                                                              0x0046a234
                                                                                                                              0x0046a236
                                                                                                                              0x0046a23b
                                                                                                                              0x0046a23e
                                                                                                                              0x0046a243
                                                                                                                              0x0046a243
                                                                                                                              0x0046a244
                                                                                                                              0x0046a24e
                                                                                                                              0x0046a250
                                                                                                                              0x0046a255
                                                                                                                              0x0046a258
                                                                                                                              0x0046a25d
                                                                                                                              0x0046a25e
                                                                                                                              0x0046a268
                                                                                                                              0x0046a269
                                                                                                                              0x0046a26d
                                                                                                                              0x0046a276
                                                                                                                              0x0046a281

                                                                                                                              APIs
                                                                                                                              • FindResourceW.KERNEL32(?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000,?,006D579C,?,?,006AC890), ref: 0046A22F
                                                                                                                              • LoadResource.KERNEL32(?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000,?,006D579C,?), ref: 0046A249
                                                                                                                              • SizeofResource.KERNEL32(?,0046A2B4,?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000,00000000), ref: 0046A263
                                                                                                                              • LockResource.KERNEL32(00469B00,00000000,?,0046A2B4,?,0046A2B4,?,?,?,00444A50,?,00000001,00000000,?,0046A15A,00000000), ref: 0046A26D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Resource$FindLoadLockSizeof
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3473537107-0
                                                                                                                              • Opcode ID: c0a3742649e4821bf1d8e39dd4131d6b260b263a11f53cd498264533ba18d33a
                                                                                                                              • Instruction ID: abb9b97bb193dfeb05d9d82a7f41705a61c143c3b7d9841fcbe573c2d8062a85
                                                                                                                              • Opcode Fuzzy Hash: c0a3742649e4821bf1d8e39dd4131d6b260b263a11f53cd498264533ba18d33a
                                                                                                                              • Instruction Fuzzy Hash: C4F081B36406046F5745EE9DA881DAB77ECEE89364310015FF908D7302EA39DD51477A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00610040 Relevance: 6.0, APIs: 4, Instructions: 48registrywindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00610040(void* __eax, void* __ecx, void* __edx) {
				void* _v16;
				int _t13;
				void* _t20;
				void* _t26;
				void* _t27;

				_push(__ecx);
				_t27 = __edx;
				_t26 = __eax;
				if(__ecx == 0) {
					_t20 = 0x80000002;
				} else {
					_t20 = 0x80000001;
				}
				if(E005C7A14(0,  *((intOrPtr*)(0x6ccfc0 + (E005C77E8() & 0x0000007f) * 4)), _t20,  &_v16, 2, 0) == 0) {
					RegDeleteValueW(_v16, E0040B278(_t26));
					RegCloseKey(_v16);
				}
				_t13 = RemoveFontResourceW(E0040B278(_t27));
				if(_t13 != 0) {
					_t13 = SendNotifyMessageW(0xffff, 0x1d, 0, 0);
				}
				return _t13;
			}








                                                                                                                              0x00610043
                                                                                                                              0x00610044
                                                                                                                              0x00610046
                                                                                                                              0x0061004a
                                                                                                                              0x00610053
                                                                                                                              0x0061004c
                                                                                                                              0x0061004c
                                                                                                                              0x0061004c
                                                                                                                              0x0061007b
                                                                                                                              0x0061008a
                                                                                                                              0x00610093
                                                                                                                              0x00610093
                                                                                                                              0x006100a0
                                                                                                                              0x006100a7
                                                                                                                              0x006100b4
                                                                                                                              0x006100b4
                                                                                                                              0x006100bd

                                                                                                                              APIs
                                                                                                                              • RegDeleteValueW.ADVAPI32(?,00000000,?,00000002,00000000,?,?,?,?,0062AC8F), ref: 0061008A
                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000002,00000000,?,?,?,?,0062AC8F), ref: 00610093
                                                                                                                              • RemoveFontResourceW.GDI32(00000000), ref: 006100A0
                                                                                                                              • SendNotifyMessageW.USER32(0000FFFF,0000001D,00000000,00000000), ref: 006100B4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseDeleteFontMessageNotifyRemoveResourceSendValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 261542597-0
                                                                                                                              • Opcode ID: 77a4b43a7585b641cb4056c657f18fe2b74d7f9113a8b954b3ed7bedb6d61676
                                                                                                                              • Instruction ID: 1dce9f2b70afa6587215b720e4c7b57155893329b24cac9d33cbe1fd09ddcff8
                                                                                                                              • Opcode Fuzzy Hash: 77a4b43a7585b641cb4056c657f18fe2b74d7f9113a8b954b3ed7bedb6d61676
                                                                                                                              • Instruction Fuzzy Hash: B2F0C87674430567EA20B6B65C4BFEF128E8FC9745F24492EBA04EB282D668DC814369
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0050E958 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E0050E958(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t5;
				struct HWND__* _t12;
				void* _t15;
				DWORD* _t16;

				_t13 = __ecx;
				_push(__ecx);
				_t12 = __eax;
				_t15 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t16) != 0 && GetCurrentProcessId() ==  *_t16) {
					_t5 =  *0x6d5648; // 0x0
					if(GlobalFindAtomW(E0040B278(_t5)) !=  *0x6d5642) {
						_t15 = E0050E924(_t12, _t13);
					} else {
						_t15 = GetPropW(_t12,  *0x6d5642 & 0x0000ffff);
					}
				}
				return _t15;
			}







                                                                                                                              0x0050e958
                                                                                                                              0x0050e95a
                                                                                                                              0x0050e95b
                                                                                                                              0x0050e95d
                                                                                                                              0x0050e961
                                                                                                                              0x0050e978
                                                                                                                              0x0050e98f
                                                                                                                              0x0050e9aa
                                                                                                                              0x0050e991
                                                                                                                              0x0050e99f
                                                                                                                              0x0050e99f
                                                                                                                              0x0050e98f
                                                                                                                              0x0050e9b1

                                                                                                                              APIs
                                                                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 0050E965
                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,005BA39A,?,?,00000000,00000001,005B8697,?,00000000,00000000,00000000,00000000), ref: 0050E96E
                                                                                                                              • GlobalFindAtomW.KERNEL32(00000000), ref: 0050E983
                                                                                                                              • GetPropW.USER32(00000000,00000000), ref: 0050E99A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2582817389-0
                                                                                                                              • Opcode ID: 96014bfda2539c3c724341726d25520330f77261c7fcf234c4c7e102e9717c52
                                                                                                                              • Instruction ID: 299b27e64c01e87a133ce8a54c99347aef86e5c58dac0e1e1101b5cceb09c5b5
                                                                                                                              • Opcode Fuzzy Hash: 96014bfda2539c3c724341726d25520330f77261c7fcf234c4c7e102e9717c52
                                                                                                                              • Instruction Fuzzy Hash: 09F0ECA160511166CB60BBB65C8787F5A8C9FC43907751D2BF841DA192D514CC8142FE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006A5D88 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E006A5D88() {
				long _v8;
				void _v12;
				void* _v16;
				void* _t16;
				HANDLE* _t17;

				_t17 =  &_v12;
				_t16 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 8, _t17) != 0) {
					_v12 = 0;
					if(GetTokenInformation(_v16, 0x12,  &_v12, 4,  &_v8) != 0) {
						_t16 = _v16;
					}
					CloseHandle( *_t17);
				}
				return _t16;
			}








                                                                                                                              0x006a5d89
                                                                                                                              0x006a5d8c
                                                                                                                              0x006a5d9e
                                                                                                                              0x006a5da2
                                                                                                                              0x006a5dc0
                                                                                                                              0x006a5dc2
                                                                                                                              0x006a5dc2
                                                                                                                              0x006a5dca
                                                                                                                              0x006a5dca
                                                                                                                              0x006a5dd5

                                                                                                                              APIs
                                                                                                                              • GetCurrentProcess.KERNEL32(00000008), ref: 006A5D91
                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008), ref: 006A5D97
                                                                                                                              • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008), ref: 006A5DB9
                                                                                                                              • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008), ref: 006A5DCA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 215268677-0
                                                                                                                              • Opcode ID: afea7f4269af62d161ed65023b08510fb3f5f5d3f19be2d10221e2fcac776304
                                                                                                                              • Instruction ID: 606920211f29873d44d72264013709cf63daaae85b794eef22724c21b877f5a5
                                                                                                                              • Opcode Fuzzy Hash: afea7f4269af62d161ed65023b08510fb3f5f5d3f19be2d10221e2fcac776304
                                                                                                                              • Instruction Fuzzy Hash: 30F030716043017BD700EAB58D82EDB77DCAF45715F00482DBA98C7281DA38ED489766
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004F5548 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004F5548() {
				signed char _v28;
				void* _t4;
				signed int _t8;
				struct HDC__* _t9;
				struct tagTEXTMETRICW* _t10;

				_t8 = 1;
				_t9 = GetDC(0);
				if(_t9 != 0) {
					_t4 =  *0x6d54b0; // 0x58a00b4
					if(SelectObject(_t9, _t4) != 0 && GetTextMetricsW(_t9, _t10) != 0) {
						_t8 = _v28 & 0x000000ff;
					}
					ReleaseDC(0, _t9);
				}
				return _t8;
			}








                                                                                                                              0x004f554d
                                                                                                                              0x004f5556
                                                                                                                              0x004f555a
                                                                                                                              0x004f555c
                                                                                                                              0x004f556a
                                                                                                                              0x004f5577
                                                                                                                              0x004f5577
                                                                                                                              0x004f557f
                                                                                                                              0x004f557f
                                                                                                                              0x004f558b

                                                                                                                              APIs
                                                                                                                              • GetDC.USER32(00000000), ref: 004F5551
                                                                                                                              • SelectObject.GDI32(00000000,058A00B4), ref: 004F5563
                                                                                                                              • GetTextMetricsW.GDI32(00000000,?,00000000,058A00B4,00000000), ref: 004F556E
                                                                                                                              • ReleaseDC.USER32 ref: 004F557F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MetricsObjectReleaseSelectText
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2013942131-0
                                                                                                                              • Opcode ID: 7f08a457e74fbd3b271c5bbe40b56a30871c5d5dda21d4d00258fc544de77888
                                                                                                                              • Instruction ID: eb0f3ac5e6ff13c2d338f041733c2278b611cd6d279531a3f0c2a93b6799ed89
                                                                                                                              • Opcode Fuzzy Hash: 7f08a457e74fbd3b271c5bbe40b56a30871c5d5dda21d4d00258fc544de77888
                                                                                                                              • Instruction Fuzzy Hash: 64E0DF71E029A432D61071661C82BEF2A498F823AAF08112BFF08992D1DA0CC94083FE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B72C2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 72%
                                                                                                                              			E006B72C2(void* __ecx, void* __esi, void* __fp0) {
				void* _t21;
				intOrPtr* _t27;
				intOrPtr* _t33;
				void* _t41;
				intOrPtr _t43;
				char _t46;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t59;
				void* _t60;
				void* _t61;
				intOrPtr _t62;
				void* _t67;

				_t67 = __fp0;
				_t60 = __esi;
				_t47 = __ecx;
				if(( *(_t61 - 9) & 0x00000001) != 0) {
					L3:
					_t46 = 1;
				} else {
					_t64 =  *(_t61 - 9) & 0x00000040;
					if(( *(_t61 - 9) & 0x00000040) != 0) {
						goto L3;
					} else {
						_t46 = 0;
					}
				}
				_t21 = E006A5DD8(_t46, _t47, 0, _t64, _t67);
				_t65 = _t21;
				if(_t21 != 0) {
					_t27 =  *0x6cdec4; // 0x6d579c
					SetWindowPos( *( *_t27 + 0x188), 0, 0, 0, 0, 0, 0x97);
					_push(_t61);
					_push(0x6b736d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t62;
					_t33 =  *0x6cdec4; // 0x6d579c
					 *((intOrPtr*)(_t61 - 0x18)) =  *((intOrPtr*)( *_t33 + 0x188));
					 *((char*)(_t61 - 0x14)) = 0;
					E004244F8(L"/INITPROCWND=$%x ", 0, _t61 - 0x18, _t61 - 0x10);
					_push(_t61 - 0x10);
					E005C6E90(_t61 - 0x1c, _t46, _t60, _t65);
					_pop(_t41);
					E0040B470(_t41,  *((intOrPtr*)(_t61 - 0x1c)));
					_t43 =  *0x6d68d0; // 0x0
					E006A60E8(_t43, _t46, 0x6cd884,  *((intOrPtr*)(_t61 - 0x10)), _t60, _t65, _t67);
					_pop(_t59);
					 *[fs:eax] = _t59;
					 *((char*)(_t61 - 1)) = 1;
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E006B73CE);
				E0040A1C8(_t61 - 0x1c);
				return E0040A1C8(_t61 - 0x10);
			}
















                                                                                                                              0x006b72c2
                                                                                                                              0x006b72c2
                                                                                                                              0x006b72c2
                                                                                                                              0x006b72c6
                                                                                                                              0x006b72d2
                                                                                                                              0x006b72d2
                                                                                                                              0x006b72c8
                                                                                                                              0x006b72c8
                                                                                                                              0x006b72cc
                                                                                                                              0x00000000
                                                                                                                              0x006b72ce
                                                                                                                              0x006b72ce
                                                                                                                              0x006b72ce
                                                                                                                              0x006b72cc
                                                                                                                              0x006b72d8
                                                                                                                              0x006b72dd
                                                                                                                              0x006b72df
                                                                                                                              0x006b72f4
                                                                                                                              0x006b7302
                                                                                                                              0x006b7309
                                                                                                                              0x006b730a
                                                                                                                              0x006b730f
                                                                                                                              0x006b7312
                                                                                                                              0x006b7319
                                                                                                                              0x006b7326
                                                                                                                              0x006b7329
                                                                                                                              0x006b7337
                                                                                                                              0x006b733f
                                                                                                                              0x006b7343
                                                                                                                              0x006b734b
                                                                                                                              0x006b734c
                                                                                                                              0x006b7359
                                                                                                                              0x006b735e
                                                                                                                              0x006b7365
                                                                                                                              0x006b7368
                                                                                                                              0x006b73a5
                                                                                                                              0x006b73a5
                                                                                                                              0x006b73ab
                                                                                                                              0x006b73ae
                                                                                                                              0x006b73b1
                                                                                                                              0x006b73b9
                                                                                                                              0x006b73c6

                                                                                                                              APIs
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 006B7302
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window
                                                                                                                              • String ID: /INITPROCWND=$%x $@
                                                                                                                              • API String ID: 2353593579-4169826103
                                                                                                                              • Opcode ID: 0b4accc46286caa26b6757a0caf382a36936dc3eade099e6a1758b3271c5afb8
                                                                                                                              • Instruction ID: aee196482ecc750f80196a5b85e8ce4b28bd470815894a77b79cec9963f5eee4
                                                                                                                              • Opcode Fuzzy Hash: 0b4accc46286caa26b6757a0caf382a36936dc3eade099e6a1758b3271c5afb8
                                                                                                                              • Instruction Fuzzy Hash: 0721C070A083489FDB01EBA4D841FEE77F6EF89304F51447AF800E7291DA38AA45DB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00435608 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 66%
                                                                                                                              			E00435608(signed short* __eax, void* __ebx, void* __edx) {
				signed short* _v8;
				char _v16;
				char _v24;
				void* _t23;
				intOrPtr _t31;
				void* _t32;
				void* _t34;

				_t23 = __edx;
				_v8 = __eax;
				_t2 =  &_v24; // 0x435946
				L0042F03C();
				 *[fs:eax] = _t34 + 0xffffffec;
				_t4 =  &_v24; // 0x435946
				E00430ED4( *((intOrPtr*)( *((intOrPtr*)( *0x6cdffc))))(_v8, 0x400, 0, 8,  *[fs:eax], 0x435674, _t34, _t2, __ebx, _t32), 8,  *_v8 & 0x0000ffff);
				_t6 =  &_v16; // 0x43596b
				E0040A61C(_t23,  *_t6);
				_t31 = _t4;
				 *[fs:eax] = _t31;
				_push(E0043567B);
				_t7 =  &_v24; // 0x435946
				return L00431164(_t7);
			}










                                                                                                                              0x0043560f
                                                                                                                              0x00435611
                                                                                                                              0x00435614
                                                                                                                              0x00435618
                                                                                                                              0x00435628
                                                                                                                              0x00435638
                                                                                                                              0x0043564f
                                                                                                                              0x00435656
                                                                                                                              0x00435659
                                                                                                                              0x00435660
                                                                                                                              0x00435663
                                                                                                                              0x00435666
                                                                                                                              0x0043566b
                                                                                                                              0x00435673

                                                                                                                              APIs
                                                                                                                              • VariantInit.OLEAUT32(FYC), ref: 00435618
                                                                                                                                • Part of subcall function 0040A61C: SysReAllocStringLen.OLEAUT32(00000000,?,?), ref: 0040A636
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocInitStringVariant
                                                                                                                              • String ID: FYC$kYC
                                                                                                                              • API String ID: 4010818693-1629163012
                                                                                                                              • Opcode ID: 3b028a09afde62da82f47710d3d6daef9e5d11d6f2f19900e295b27d7684dbff
                                                                                                                              • Instruction ID: 78d3457c21f8c6ae710edabf1b7f51a26e4fb704544ac86c5ed1d2f79e361521
                                                                                                                              • Opcode Fuzzy Hash: 3b028a09afde62da82f47710d3d6daef9e5d11d6f2f19900e295b27d7684dbff
                                                                                                                              • Instruction Fuzzy Hash: 2FF08171704608AFD700EB95CC52E9EB3F8EB4D700FA04176F604E3690DA346E04C769
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B8CAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 73%
                                                                                                                              			E006B8CAC(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t1;
				int _t9;
				void* _t12;
				void* _t15;
				intOrPtr _t16;
				void* _t17;
				void* _t18;
				intOrPtr _t20;

				_t15 = __edx;
				if( *0x6d68e5 != 0) {
					E00616130(L"Detected restart. Removing temporary directory.", _t12, _t17, _t18);
					_push(0x6b8ce7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t20;
					E006ACE20();
					E006ACB10(_t12, _t15, _t17, _t18);
					_pop(_t16);
					 *[fs:eax] = _t16;
					E00615560();
					_t9 =  *0x6cd884; // 0x1
					return TerminateProcess(GetCurrentProcess(), _t9);
				}
				return _t1;
			}















                                                                                                                              0x006b8cac
                                                                                                                              0x006b8cb9
                                                                                                                              0x006b8cc0
                                                                                                                              0x006b8cc8
                                                                                                                              0x006b8ccd
                                                                                                                              0x006b8cd0
                                                                                                                              0x006b8cd3
                                                                                                                              0x006b8cd8
                                                                                                                              0x006b8cdf
                                                                                                                              0x006b8ce2
                                                                                                                              0x006b8cf6
                                                                                                                              0x006b8cfb
                                                                                                                              0x00000000
                                                                                                                              0x006b8d07
                                                                                                                              0x006b8d10

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 006ACE20: FreeLibrary.KERNEL32(00000000,006B8CD8,00000000,006B8CE7,?,?,?,?,?,006B97CB), ref: 006ACE36
                                                                                                                                • Part of subcall function 006ACB10: GetTickCount.KERNEL32 ref: 006ACB58
                                                                                                                                • Part of subcall function 00615560: SendMessageW.USER32(00000000,00000B01,00000000,00000000), ref: 0061557F
                                                                                                                              • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,006B97CB), ref: 006B8D01
                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,006B97CB), ref: 006B8D07
                                                                                                                              Strings
                                                                                                                              • Detected restart. Removing temporary directory., xrefs: 006B8CBB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                                                              • String ID: Detected restart. Removing temporary directory.
                                                                                                                              • API String ID: 1717587489-3199836293
                                                                                                                              • Opcode ID: ba331b089060afb977d72fce05483963aa44ed152fcb3281d86fb57da4e379c7
                                                                                                                              • Instruction ID: 85aea6856e01ecd59818c985a9c9c54c6fb1bec533a363d5825b66760217dfd7
                                                                                                                              • Opcode Fuzzy Hash: ba331b089060afb977d72fce05483963aa44ed152fcb3281d86fb57da4e379c7
                                                                                                                              • Instruction Fuzzy Hash: 38E0E5F16082446EE2417BB9FC13DA67F9FDB86764B51043BF50083542D9295C80C338
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C8790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 62%
                                                                                                                              			E005C8790(void* __eax, void* __edx, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t9;
				void* _t11;
				intOrPtr* _t12;
				void* _t14;
				void* _t15;

				_t14 = __edx;
				_t15 = __eax;
				E005C8820(__eax, __eflags);
				_t12 = E00414020(_t11, _t15, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonCreate");
				if(_t12 == 0) {
					__eflags = 0;
					return 0;
				}
				_t9 =  *_t12(_t15, E0040B278(_t14));
				asm("sbb eax, eax");
				return _t9 + 1;
			}










                                                                                                                              0x005c8793
                                                                                                                              0x005c8795
                                                                                                                              0x005c8799
                                                                                                                              0x005c87b3
                                                                                                                              0x005c87b7
                                                                                                                              0x005c87cc
                                                                                                                              0x00000000
                                                                                                                              0x005c87cc
                                                                                                                              0x005c87c2
                                                                                                                              0x005c87c7
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 005C8820: GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005C879E,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019), ref: 005C882E
                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019,?,00000000,006B80E6), ref: 005C87A8
                                                                                                                                • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule$AddressProc
                                                                                                                              • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                                                              • API String ID: 1883125708-2866557904
                                                                                                                              • Opcode ID: 2aa4c1ecb0c25f1be1c5e6900995ae7394209ee48eb3cc3556ffc74fd539a6e1
                                                                                                                              • Instruction ID: 7110eff28424d8e01fad9884693b7150e68d4fec514983f83c6ed3211673b8d3
                                                                                                                              • Opcode Fuzzy Hash: 2aa4c1ecb0c25f1be1c5e6900995ae7394209ee48eb3cc3556ffc74fd539a6e1
                                                                                                                              • Instruction Fuzzy Hash: E7E0C2623402212E020071FF2C85F7F08CCEDC8B6A3300C3EB200D3501EE5ACC0101AC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C7488 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 75%
                                                                                                                              			E005C7488(void* __eax, void* __esi, void* __ebp, void* __eflags) {
				char _v536;
				void* __ebx;
				intOrPtr* _t6;
				void* _t9;
				void* _t15;

				_t9 = __eax;
				E0040A1C8(__eax);
				_t6 = E00414020(_t9, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetSystemWow64DirectoryW");
				if(_t6 != 0) {
					_t6 =  *_t6( &_v536, 0x105);
					if(_t6 > 0 && _t6 < 0x105) {
						return E0040B318(_t9, 0x105, _t15);
					}
				}
				return _t6;
			}








                                                                                                                              0x005c748f
                                                                                                                              0x005c7493
                                                                                                                              0x005c74a8
                                                                                                                              0x005c74af
                                                                                                                              0x005c74bb
                                                                                                                              0x005c74bf
                                                                                                                              0x00000000
                                                                                                                              0x005c74d1
                                                                                                                              0x005c74bf
                                                                                                                              0x005c74dd

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemWow64DirectoryW,?,0060D678,00000000,0060D74A,?,?,006D579C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C74A2
                                                                                                                                • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                              • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                              • API String ID: 1646373207-1816364905
                                                                                                                              • Opcode ID: 4c32a65a860ad497678a8e71e86e44d9654e19785abb72717ae8a0dce5466f25
                                                                                                                              • Instruction ID: e1b2a1fbaeccbf4b8658dcbc551e8be6aafa7850fd628b76cf9cecd9236f8401
                                                                                                                              • Opcode Fuzzy Hash: 4c32a65a860ad497678a8e71e86e44d9654e19785abb72717ae8a0dce5466f25
                                                                                                                              • Instruction Fuzzy Hash: 95E0DFB07047051BDF1061FA8CC3F9A1D896BDC794F20483E3A90D66C2F9ACD9400AAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C8644 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 45%
                                                                                                                              			E005C8644(void* __eax, void* __ecx) {
				void* __ebx;
				void* _t1;
				void* _t4;
				void* _t8;
				intOrPtr* _t9;

				_t1 = __eax;
				_t4 = __eax;
				if( *0x6d57e8 == 0) {
					 *0x6d57ec = E00414020(_t4, _t8, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilter");
					 *_t9 = 0x6d57e8;
					_t1 = 1;
					asm("lock xchg [edx], eax");
				}
				if( *0x6d57ec != 0) {
					_t1 =  *0x6d57ec(_t4, 1);
				}
				return _t1;
			}








                                                                                                                              0x005c8644
                                                                                                                              0x005c8646
                                                                                                                              0x005c864f
                                                                                                                              0x005c8666
                                                                                                                              0x005c866b
                                                                                                                              0x005c8675
                                                                                                                              0x005c867a
                                                                                                                              0x005c867a
                                                                                                                              0x005c8684
                                                                                                                              0x005c8689
                                                                                                                              0x005c8689
                                                                                                                              0x005c8691

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,?,005C873A,?,00000004,006CCEB4,0061544A,006158C4,00615368,00000000,00000B06,00000000,00000000), ref: 005C865B
                                                                                                                                • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                              • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                                              • API String ID: 1646373207-2498399450
                                                                                                                              • Opcode ID: d5c5c43d7ea52c44e9976db0544a7561c6df8b4dd84608384c188d363e3b4acb
                                                                                                                              • Instruction ID: f5cb7bf2fd8e9c4876a78839223762f9bc4b5f6247b358773db5c5b1cf956787
                                                                                                                              • Opcode Fuzzy Hash: d5c5c43d7ea52c44e9976db0544a7561c6df8b4dd84608384c188d363e3b4acb
                                                                                                                              • Instruction Fuzzy Hash: 4CE01AB4A01701DED711ABA6AC49FE93BEEE798305F20641EB246D6695CBB904C0CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 005C8820 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 44%
                                                                                                                              			E005C8820(void* __eax, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t7;
				intOrPtr* _t8;
				void* _t9;

				_t9 = __eax;
				_t8 = E00414020(_t7, _t9, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonDestroy");
				if(_t8 == 0) {
					L2:
					return 0;
				} else {
					_push(_t9);
					if( *_t8() != 0) {
						return 1;
					} else {
						goto L2;
					}
				}
			}








                                                                                                                              0x005c8822
                                                                                                                              0x005c8839
                                                                                                                              0x005c883d
                                                                                                                              0x005c8846
                                                                                                                              0x005c884a
                                                                                                                              0x005c883f
                                                                                                                              0x005c883f
                                                                                                                              0x005c8844
                                                                                                                              0x005c884f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x005c8844

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,?,005C879E,?,?,?,006B7DE9,0000000A,00000002,00000001,00000031,00000000,006B8019), ref: 005C882E
                                                                                                                                • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                              • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                                                              • API String ID: 1646373207-260599015
                                                                                                                              • Opcode ID: 8427ef742386233abb3eb781771c12357b31464d3db843b592f5d6180d91b402
                                                                                                                              • Instruction ID: f0c74795214b74e90bc607b5066537e4d8d40fa8e1211c6ca3dcb32fdea7855f
                                                                                                                              • Opcode Fuzzy Hash: 8427ef742386233abb3eb781771c12357b31464d3db843b592f5d6180d91b402
                                                                                                                              • Instruction Fuzzy Hash: 22D0C7B37117222A651075FA3CE1FF70A8CDD95795354087EF700E2941DD55DC4111A8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006B9800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E006B9800(void* __eflags) {
				intOrPtr* _t2;
				void* _t4;
				void* _t5;

				_t2 = E00414020(_t4, _t5, GetModuleHandleW(L"user32.dll"), L"DisableProcessWindowsGhosting");
				if(_t2 != 0) {
					return  *_t2();
				}
				return _t2;
			}






                                                                                                                              0x006b9810
                                                                                                                              0x006b9817
                                                                                                                              0x00000000
                                                                                                                              0x006b9819
                                                                                                                              0x006b981b

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,006C46BE,00000001,00000000,006C46F1), ref: 006B980A
                                                                                                                                • Part of subcall function 00414020: GetProcAddress.KERNEL32(?,?), ref: 0041404A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.820623882.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.820617383.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823202480.00000000006C5000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823234952.00000000006CA000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823268043.00000000006CC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823317733.00000000006CE000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823333711.00000000006CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823366570.00000000006D4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823416669.00000000006D9000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823440663.00000000006DB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823457200.00000000006DC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.823480328.00000000006DE000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                              • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                                                              • API String ID: 1646373207-834958232
                                                                                                                              • Opcode ID: 93f995bdab4b473a61fd02318e1a2b49a3f24fe148fe8aefdfb1ddf0f8e4a138
                                                                                                                              • Instruction ID: a737f6cb342469133653c2ad22e7ce718afd724c013acdac2058dbbd1ad6bbf7
                                                                                                                              • Opcode Fuzzy Hash: 93f995bdab4b473a61fd02318e1a2b49a3f24fe148fe8aefdfb1ddf0f8e4a138
                                                                                                                              • Instruction Fuzzy Hash: 99B092F0240331101C1072B33C02ACA080A08CBB497024C2A3720A108ADD4880C01239
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:11.3%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:0.8%
                                                                                                                              Total number of Nodes:512
                                                                                                                              Total number of Limit Nodes:9
                                                                                                                              execution_graph 2683 66d995 2684 66d99f 2683->2684 2686 66d9ac 2683->2686 2685 684f5f _free 15 API calls 2684->2685 2684->2686 2685->2686 2687 66cea0 2690 66ced0 _ValidateLocalCookies __except_handler4 __IsNonwritableInCurrentImage 2687->2690 2688 66cf8e _ValidateLocalCookies __except_handler4 2690->2688 2699 66e2ae RtlUnwind 2690->2699 2691 66cf75 ___vcrt_initialize_pure_virtual_call_handler _ValidateLocalCookies ___vcrt_initialize_winapi_thunks __except_handler4 2700 66e2de 2691->2700 2694 66d019 2696 66d021 2697 66d02c 2696->2697 2714 66e32f 2696->2714 2699->2691 2701 66e2e7 2700->2701 2703 66e310 2701->2703 2705 66d015 2701->2705 2718 66d25a 2701->2718 2704 66e32f ___vcrt_uninitialize_locks RtlDeleteCriticalSection 2703->2704 2704->2705 2705->2694 2706 66da51 2705->2706 2727 66d16f 2706->2727 2708 66da5b 2709 66da66 2708->2709 2732 66d21d 2708->2732 2709->2696 2711 66da74 2712 66da81 2711->2712 2737 66da84 2711->2737 2712->2696 2715 66e33a 2714->2715 2717 66e359 2714->2717 2716 66e344 RtlDeleteCriticalSection 2715->2716 2716->2716 2716->2717 2717->2694 2723 66d04e 2718->2723 2720 66d274 2721 66d291 InitializeCriticalSectionAndSpinCount 2720->2721 2722 66d27d 2720->2722 2721->2722 2722->2701 2724 66d07e 2723->2724 2726 66d082 __crt_fast_encode_pointer 2723->2726 2725 66d0ae GetProcAddress 2724->2725 2724->2726 2725->2726 2726->2720 2728 66d04e try_get_function GetProcAddress 2727->2728 2729 66d189 2728->2729 2730 66d1a1 TlsAlloc 2729->2730 2731 66d192 2729->2731 2731->2708 2733 66d04e try_get_function GetProcAddress 2732->2733 2734 66d237 2733->2734 2735 66d251 TlsSetValue 2734->2735 2736 66d246 2734->2736 2735->2736 2736->2711 2738 66da8e 2737->2738 2740 66da94 2737->2740 2741 66d1a9 2738->2741 2740->2709 2742 66d04e try_get_function GetProcAddress 2741->2742 2743 66d1c3 2742->2743 2744 66d1da TlsFree 2743->2744 2745 66d1cf 2743->2745 2744->2745 2745->2740 2103 684f5f 2104 684f6a RtlFreeHeap 2103->2104 2105 684f93 _free 2103->2105 2104->2105 2106 684f7f 2104->2106 2109 677311 2106->2109 2112 6899f9 GetLastError 2109->2112 2113 689a18 2112->2113 2114 689a12 2112->2114 2118 689a6f SetLastError 2113->2118 2136 68471d 2113->2136 2131 689ec2 2114->2131 2120 677316 GetLastError 2118->2120 2119 689a32 2143 684f5f 2119->2143 2120->2105 2123 689a47 2123->2119 2125 689a4e 2123->2125 2124 689a38 2126 689a66 SetLastError 2124->2126 2154 6897e7 2125->2154 2126->2120 2129 684f5f _free 12 API calls 2130 689a5f 2129->2130 2130->2118 2130->2126 2159 689bd0 2131->2159 2133 689ee9 2134 689f01 TlsGetValue 2133->2134 2135 689ef5 2133->2135 2134->2135 2135->2113 2141 68472a ___std_exception_copy 2136->2141 2137 68476a 2140 677311 _free 14 API calls 2137->2140 2138 684755 RtlAllocateHeap 2139 684768 2138->2139 2138->2141 2139->2119 2149 689f18 2139->2149 2140->2139 2141->2137 2141->2138 2172 686da2 2141->2172 2144 684f6a RtlFreeHeap 2143->2144 2145 684f93 _free 2143->2145 2144->2145 2146 684f7f 2144->2146 2145->2124 2147 677311 _free 13 API calls 2146->2147 2148 684f85 GetLastError 2147->2148 2148->2145 2150 689bd0 std::_Deallocate 5 API calls 2149->2150 2151 689f3f 2150->2151 2152 689f5a TlsSetValue 2151->2152 2153 689f4e 2151->2153 2152->2153 2153->2123 2186 6897bf 2154->2186 2160 689bfc 2159->2160 2161 689c00 __crt_fast_encode_pointer 2159->2161 2160->2161 2163 689c20 2160->2163 2165 689c6c 2160->2165 2161->2133 2163->2161 2164 689c2c GetProcAddress 2163->2164 2164->2161 2166 689c8d LoadLibraryExW 2165->2166 2170 689c82 2165->2170 2167 689caa GetLastError 2166->2167 2171 689cc2 2166->2171 2168 689cb5 LoadLibraryExW 2167->2168 2167->2171 2168->2171 2169 689cd9 FreeLibrary 2169->2170 2170->2160 2171->2169 2171->2170 2175 686de6 2172->2175 2174 686db8 2174->2141 2176 686df2 new 2175->2176 2181 6846ac RtlEnterCriticalSection 2176->2181 2178 686dfd 2182 686e2f 2178->2182 2180 686e24 new 2180->2174 2181->2178 2185 6846f4 RtlLeaveCriticalSection 2182->2185 2184 686e36 2184->2180 2185->2184 2192 6896ff 2186->2192 2188 6897e3 2189 68976f 2188->2189 2203 689603 2189->2203 2191 689793 2191->2129 2193 68970b new 2192->2193 2198 6846ac RtlEnterCriticalSection 2193->2198 2195 689715 2199 68973b 2195->2199 2197 689733 new 2197->2188 2198->2195 2202 6846f4 RtlLeaveCriticalSection 2199->2202 2201 689745 2201->2197 2202->2201 2204 68960f new 2203->2204 2211 6846ac RtlEnterCriticalSection 2204->2211 2206 689619 2212 68992a 2206->2212 2208 689631 2216 689647 2208->2216 2210 68963f new 2210->2191 2211->2206 2213 689960 std::_Deallocate 2212->2213 2214 689939 std::_Deallocate 2212->2214 2213->2208 2214->2213 2219 695924 2214->2219 2333 6846f4 RtlLeaveCriticalSection 2216->2333 2218 689651 2218->2210 2220 6959a4 2219->2220 2223 69593a 2219->2223 2222 684f5f _free 15 API calls 2220->2222 2245 6959f2 2220->2245 2224 6959c6 2222->2224 2223->2220 2227 684f5f _free 15 API calls 2223->2227 2229 69596d 2223->2229 2225 684f5f _free 15 API calls 2224->2225 2228 6959d9 2225->2228 2226 695a00 2231 695a60 2226->2231 2244 684f5f 15 API calls _free 2226->2244 2232 695962 2227->2232 2233 684f5f _free 15 API calls 2228->2233 2234 684f5f _free 15 API calls 2229->2234 2246 69598f 2229->2246 2230 684f5f _free 15 API calls 2235 695999 2230->2235 2236 684f5f _free 15 API calls 2231->2236 2247 694cfc 2232->2247 2238 6959e7 2233->2238 2239 695984 2234->2239 2240 684f5f _free 15 API calls 2235->2240 2241 695a66 2236->2241 2242 684f5f _free 15 API calls 2238->2242 2275 6951b6 2239->2275 2240->2220 2241->2213 2242->2245 2244->2226 2287 695a97 2245->2287 2246->2230 2248 694d0d 2247->2248 2274 694df6 2247->2274 2249 694d1e 2248->2249 2250 684f5f _free 15 API calls 2248->2250 2251 694d30 2249->2251 2252 684f5f _free 15 API calls 2249->2252 2250->2249 2253 694d42 2251->2253 2254 684f5f _free 15 API calls 2251->2254 2252->2251 2255 694d54 2253->2255 2256 684f5f _free 15 API calls 2253->2256 2254->2253 2257 694d66 2255->2257 2258 684f5f _free 15 API calls 2255->2258 2256->2255 2259 684f5f _free 15 API calls 2257->2259 2260 694d78 2257->2260 2258->2257 2259->2260 2261 684f5f _free 15 API calls 2260->2261 2263 694d8a 2260->2263 2261->2263 2262 694d9c 2265 694dae 2262->2265 2266 684f5f _free 15 API calls 2262->2266 2263->2262 2264 684f5f _free 15 API calls 2263->2264 2264->2262 2267 694dc0 2265->2267 2268 684f5f _free 15 API calls 2265->2268 2266->2265 2269 694dd2 2267->2269 2270 684f5f _free 15 API calls 2267->2270 2268->2267 2271 694de4 2269->2271 2272 684f5f _free 15 API calls 2269->2272 2270->2269 2273 684f5f _free 15 API calls 2271->2273 2271->2274 2272->2271 2273->2274 2274->2229 2276 69521b 2275->2276 2277 6951c3 2275->2277 2276->2246 2278 6951d3 2277->2278 2280 684f5f _free 15 API calls 2277->2280 2279 6951e5 2278->2279 2281 684f5f _free 15 API calls 2278->2281 2282 6951f7 2279->2282 2283 684f5f _free 15 API calls 2279->2283 2280->2278 2281->2279 2284 695209 2282->2284 2285 684f5f _free 15 API calls 2282->2285 2283->2282 2284->2276 2286 684f5f _free 15 API calls 2284->2286 2285->2284 2286->2276 2288 695ac2 2287->2288 2289 695aa4 2287->2289 2288->2226 2289->2288 2293 6956f4 2289->2293 2292 684f5f _free 15 API calls 2292->2288 2294 695705 2293->2294 2328 6957d2 2293->2328 2329 69543b 2294->2329 2297 69543b std::_Deallocate 15 API calls 2298 695718 2297->2298 2299 69543b std::_Deallocate 15 API calls 2298->2299 2300 695723 2299->2300 2301 69543b std::_Deallocate 15 API calls 2300->2301 2302 69572e 2301->2302 2303 69543b std::_Deallocate 15 API calls 2302->2303 2304 69573c 2303->2304 2305 684f5f _free 15 API calls 2304->2305 2306 695747 2305->2306 2307 684f5f _free 15 API calls 2306->2307 2308 695752 2307->2308 2309 684f5f _free 15 API calls 2308->2309 2310 69575d 2309->2310 2311 69543b std::_Deallocate 15 API calls 2310->2311 2312 69576b 2311->2312 2313 69543b std::_Deallocate 15 API calls 2312->2313 2314 695779 2313->2314 2315 69543b std::_Deallocate 15 API calls 2314->2315 2316 69578a 2315->2316 2317 69543b std::_Deallocate 15 API calls 2316->2317 2318 695798 2317->2318 2319 69543b std::_Deallocate 15 API calls 2318->2319 2320 6957a6 2319->2320 2321 684f5f _free 15 API calls 2320->2321 2322 6957b1 2321->2322 2323 684f5f _free 15 API calls 2322->2323 2324 6957bc 2323->2324 2325 684f5f _free 15 API calls 2324->2325 2326 6957c7 2325->2326 2327 684f5f _free 15 API calls 2326->2327 2327->2328 2328->2292 2330 695472 2329->2330 2331 695462 2329->2331 2330->2297 2331->2330 2332 684f5f _free 15 API calls 2331->2332 2332->2331 2333->2218 2334 54429d 2335 5442a7 __EH_prolog 2334->2335 2350 4682ae 2335->2350 2339 4682ae 32 API calls 2348 5442cb 2339->2348 2340 651855 24 API calls new 2340->2348 2341 544424 WaitForSingleObject 2343 54443d 2341->2343 2341->2348 2342 4683eb 30 API calls 2342->2341 2345 544453 2343->2345 2347 4683eb 30 API calls 2343->2347 2346 543ef9 38 API calls 2346->2348 2347->2345 2348->2339 2348->2340 2348->2341 2348->2342 2348->2346 2349 544c36 23 API calls 2348->2349 2371 544ad9 2348->2371 2349->2348 2377 651af8 2350->2377 2352 4682b8 RtlEnterCriticalSection 2378 63fe2b 2352->2378 2356 4682d3 2357 46833b __Mtx_unlock 2356->2357 2360 468302 GetCurrentThreadId 2356->2360 2358 468a88 23 API calls 2357->2358 2359 468354 2358->2359 2363 4683eb 2359->2363 2385 49234e 2360->2385 2362 468325 GetCurrentThreadId 2362->2357 2364 4683f5 __EH_prolog 2363->2364 2365 63fe2b 6 API calls 2364->2365 2366 468403 2365->2366 2367 468a88 23 API calls 2366->2367 2368 46840a __Mtx_unlock 2367->2368 2369 468a88 23 API calls 2368->2369 2370 468472 RtlLeaveCriticalSection 2369->2370 2370->2348 2372 544ae3 __EH_prolog 2371->2372 2373 4682ae 32 API calls 2372->2373 2374 544af4 2373->2374 2375 4683eb 30 API calls 2374->2375 2376 544b01 2375->2376 2376->2348 2377->2352 2387 63fbda 2378->2387 2380 4682cc 2381 468a88 2380->2381 2382 468a8f 2381->2382 2383 468a98 2381->2383 2400 63fefe 2382->2400 2383->2356 2386 492364 2385->2386 2386->2362 2388 63fc02 GetCurrentThreadId 2387->2388 2389 63fc2f 2387->2389 2390 63fc0d 2388->2390 2395 63fc27 2388->2395 2391 63fc33 GetCurrentThreadId 2389->2391 2392 63fc58 2389->2392 2396 63fc1e GetCurrentThreadId 2390->2396 2397 63fc42 2391->2397 2393 63fcf0 GetCurrentThreadId 2392->2393 2399 63fc78 mtx_do_lock _xtime_get 2392->2399 2393->2397 2394 63fd44 GetCurrentThreadId 2394->2395 2395->2380 2396->2395 2397->2394 2397->2395 2398 63fcb0 GetCurrentThreadId 2398->2397 2398->2399 2399->2395 2399->2397 2399->2398 2401 63ff21 2400->2401 2403 63ff08 2400->2403 2401->2383 2403->2401 2405 63ff2b 2403->2405 2406 63ff41 std::_Throw_Cpp_error 2405->2406 2411 63feb0 2406->2411 2408 63ff51 2419 669fd4 2408->2419 2410 63ff5f 2412 63febc __EH_prolog3_GS 2411->2412 2422 40f46f 2412->2422 2416 63fee2 2435 40fa9f 2416->2435 2418 63feee std::system_error::system_error 2418->2408 2420 669ff4 2419->2420 2421 66a026 RaiseException 2420->2421 2421->2410 2423 40f489 std::system_error::system_error 2422->2423 2439 40f3f7 2423->2439 2425 40f496 2426 420f70 2425->2426 2467 40fa1b 2426->2467 2430 420fa3 2478 420eac 2430->2478 2433 40fa9f std::system_error::system_error 21 API calls 2434 420fba 2433->2434 2434->2416 2436 40fad3 2435->2436 2437 40faae std::system_error::system_error 2435->2437 2436->2418 2437->2436 2527 40fa3e 2437->2527 2440 40f405 std::system_error::system_error 2439->2440 2442 40f424 std::system_error::system_error 2440->2442 2443 40f98e 2440->2443 2442->2425 2448 40f755 2443->2448 2445 40f9a4 2447 40f9c1 std::system_error::system_error 2445->2447 2455 40f72d 2445->2455 2447->2442 2449 40f761 2448->2449 2450 40f75e 2448->2450 2458 63e6df 2449->2458 2450->2445 2453 40f755 std::system_error::system_error 23 API calls 2454 40f77b std::system_error::system_error 2453->2454 2454->2445 2456 40f755 std::system_error::system_error 23 API calls 2455->2456 2457 40f73b 2456->2457 2457->2447 2459 63e530 std::invalid_argument::invalid_argument 22 API calls 2458->2459 2460 63e6f0 2459->2460 2461 669fd4 __CxxThrowException@8 RaiseException 2460->2461 2462 63e6fe 2461->2462 2463 63e575 std::regex_error::regex_error 22 API calls 2462->2463 2464 63e710 2463->2464 2465 669fd4 __CxxThrowException@8 RaiseException 2464->2465 2466 40f76b 2465->2466 2466->2453 2468 40f98e std::system_error::system_error 23 API calls 2467->2468 2469 40fa38 2468->2469 2470 420eed 2469->2470 2471 420ef9 std::system_error::system_error __EH_prolog3_GS 2470->2471 2482 40f549 2471->2482 2473 420f3b 2474 40fa9f std::system_error::system_error 21 API calls 2473->2474 2475 420f46 std::system_error::system_error 2474->2475 2476 40fa9f std::system_error::system_error 21 API calls 2475->2476 2477 420f68 std::system_error::system_error 2476->2477 2477->2430 2479 420eb9 2478->2479 2502 420e75 2479->2502 2483 40f755 std::system_error::system_error 23 API calls 2482->2483 2484 40f55f 2483->2484 2489 40f578 std::system_error::system_error 2484->2489 2494 63e6bf 2484->2494 2489->2473 2499 63e4f4 2494->2499 2497 669fd4 __CxxThrowException@8 RaiseException 2498 63e6de 2497->2498 2500 420e75 std::exception::exception 22 API calls 2499->2500 2501 63e506 2500->2501 2501->2497 2505 66abb5 2502->2505 2504 420ea1 2504->2433 2506 66abef 2505->2506 2507 66abc2 2505->2507 2506->2504 2507->2506 2511 67a1eb 2507->2511 2516 684ea8 ___std_exception_copy 2511->2516 2512 684ee6 2514 677311 _free 15 API calls 2512->2514 2513 684ed1 RtlAllocateHeap 2515 66abdf 2513->2515 2513->2516 2514->2515 2515->2506 2518 684458 2515->2518 2516->2512 2516->2513 2517 686da2 new RtlEnterCriticalSection RtlLeaveCriticalSection 2516->2517 2517->2516 2519 684465 2518->2519 2520 684473 2518->2520 2519->2520 2525 68448a 2519->2525 2521 677311 _free 15 API calls 2520->2521 2522 68447b 2521->2522 2523 673df3 ___std_exception_copy 21 API calls 2522->2523 2524 684485 2523->2524 2524->2506 2525->2524 2526 677311 _free 15 API calls 2525->2526 2526->2522 2528 40fa50 2527->2528 2530 40fa7d 2528->2530 2534 673d78 2528->2534 2530->2436 2531 673e12 2542 673e20 IsProcessorFeaturePresent 2531->2542 2533 673e1f 2535 6899f9 std::_Deallocate 15 API calls 2534->2535 2536 673d8e 2535->2536 2537 673e20 std::_Deallocate 6 API calls 2536->2537 2540 673d9c 2536->2540 2538 673df2 2537->2538 2539 673d78 std::_Deallocate 21 API calls 2538->2539 2541 673dff 2539->2541 2540->2531 2541->2531 2543 673e2b 2542->2543 2546 673c29 2543->2546 2545 673e40 GetCurrentProcess TerminateProcess 2545->2533 2547 673c45 std::_Deallocate 2546->2547 2548 673c71 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2547->2548 2549 673d42 std::_Deallocate 2548->2549 2549->2545 2550 40f839 2551 40f845 __EH_prolog3_catch 2550->2551 2556 40f7e3 2551->2556 2553 40fa9f std::system_error::system_error 21 API calls 2555 40f8f7 2553->2555 2554 40f895 std::system_error::system_error 2554->2553 2557 40f7eb 2556->2557 2558 40f7ee 2556->2558 2557->2554 2559 40f82d 2558->2559 2561 40f81b 2558->2561 2564 651855 2559->2564 2562 651855 new 24 API calls 2561->2562 2563 40f821 2562->2563 2563->2554 2566 65185a 2564->2566 2565 67a1eb ___std_exception_copy 16 API calls 2565->2566 2566->2565 2567 651886 2566->2567 2568 686da2 new 2 API calls 2566->2568 2571 65275e 2566->2571 2576 63e665 2566->2576 2567->2563 2568->2566 2572 65276c Concurrency::cancel_current_task 2571->2572 2573 669fd4 __CxxThrowException@8 RaiseException 2572->2573 2574 65277a IsProcessorFeaturePresent 2573->2574 2575 6527a1 2574->2575 2575->2566 2577 63e673 Concurrency::cancel_current_task 2576->2577 2578 669fd4 __CxxThrowException@8 RaiseException 2577->2578 2579 63e681 Concurrency::cancel_current_task 2578->2579 2580 669fd4 __CxxThrowException@8 RaiseException 2579->2580 2581 63e69e 2580->2581 2586 63e4b8 2581->2586 2584 669fd4 __CxxThrowException@8 RaiseException 2585 63e6be 2584->2585 2587 420e75 std::exception::exception 22 API calls 2586->2587 2588 63e4ca 2587->2588 2588->2584 2589 468518 2608 651af8 2589->2608 2591 468522 GetCurrentThreadId 2592 63fe2b 6 API calls 2591->2592 2593 46853e 2592->2593 2594 468a88 23 API calls 2593->2594 2595 468545 2594->2595 2609 467901 2595->2609 2597 46855f __Mtx_unlock 2598 468a88 23 API calls 2597->2598 2599 468573 2598->2599 2600 63fe2b 6 API calls 2599->2600 2601 46858a 2600->2601 2602 468a88 23 API calls 2601->2602 2603 468591 __Mtx_unlock 2602->2603 2604 468a88 23 API calls 2603->2604 2605 4685a9 2604->2605 2616 46814b 2605->2616 2607 4685b2 2608->2591 2610 467915 2609->2610 2611 467932 2610->2611 2612 46791d 2610->2612 2624 42817b 2611->2624 2619 467d3b 2612->2619 2615 46792d 2615->2597 2617 40fa9f std::system_error::system_error 21 API calls 2616->2617 2618 46815a 2617->2618 2618->2607 2628 4678ce 2619->2628 2625 428191 2624->2625 2626 428184 2624->2626 2625->2615 2627 40f98e std::system_error::system_error 23 API calls 2626->2627 2627->2625 2640 467796 2628->2640 2633 4677f9 2634 467803 __EH_prolog 2633->2634 2635 46789b 2634->2635 2636 46784f 2634->2636 2662 4690b5 2635->2662 2656 468aa0 2636->2656 2639 46787f 2639->2615 2641 4677a0 __EH_prolog 2640->2641 2649 467d07 2641->2649 2644 468b05 2645 468b22 2644->2645 2646 4678f3 2644->2646 2647 63e6bf std::system_error::system_error 23 API calls 2645->2647 2646->2633 2648 468b2c 2647->2648 2650 467d11 __EH_prolog 2649->2650 2651 4677ce 2650->2651 2653 467713 2650->2653 2651->2644 2654 40fa1b std::system_error::system_error 23 API calls 2653->2654 2655 467743 2654->2655 2655->2651 2658 468ab2 2656->2658 2657 468ae3 2657->2639 2658->2657 2665 4b5cbf 2658->2665 2677 468ae8 2662->2677 2664 4690dd 2664->2639 2666 4b5cd8 2665->2666 2673 468b2d 2666->2673 2668 468adc 2669 468d04 2668->2669 2671 468d10 2669->2671 2672 468d2f 2669->2672 2670 4677f9 23 API calls 2670->2671 2671->2670 2671->2672 2672->2657 2674 468b37 __EH_prolog 2673->2674 2675 63e6bf std::system_error::system_error 23 API calls 2674->2675 2676 468b8a 2674->2676 2675->2676 2676->2668 2680 468125 2677->2680 2679 468af7 2679->2664 2681 40fa9f std::system_error::system_error 21 API calls 2680->2681 2682 468134 2681->2682 2682->2679

                                                                                                                              Executed Functions

                                                                                                                              Function 0054429D Relevance: 6.2, APIs: 4, Instructions: 165synchronizationCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E0054429D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t59;
				signed int _t62;
				void* _t79;
				signed int _t85;
				signed int _t86;
				signed int _t89;
				signed int _t93;
				char _t102;
				signed int _t105;
				signed int _t108;
				intOrPtr _t124;
				signed int _t125;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t131;

				E00651AF8(0x6ba344);
				_t124 =  *((intOrPtr*)(_t131 + 8));
				_t128 = _t124 + 0x10;
				 *((intOrPtr*)(_t131 - 0x1c)) = _t128;
				E004682AE(_t128, __eflags, _t128);
				 *(_t131 - 4) =  *(_t131 - 4) & 0x00000000;
				_t102 = 0;
				_push(_t128);
				 *((char*)(_t131 - 0x18)) = 0;
				E004683EB(0);
				_t129 = _t124 + 0x7c;
				do {
					if(_t102 == 0) {
						_t102 = _t102 + 1;
						 *((char*)(_t131 - 0x18)) = _t102;
						E004682AE(_t129, _t102, _t124 + 0x10);
					}
					if( *((intOrPtr*)(_t129 + 4)) -  *_t129 < 4) {
						L6:
						_t143 =  *((char*)(_t124 + 0x90));
						if( *((char*)(_t124 + 0x90)) != 0) {
							_t86 = E00651855(_t120, _t143, 0x1c);
							 *(_t131 - 0x10) = _t86;
							if(_t86 == 0) {
								_t108 = 0;
								__eflags = 0;
							} else {
								_t93 = E00543EF9(_t86, _t124, 1); // executed
								_t108 = _t93;
							}
							 *(_t131 - 0x10) = _t108;
							if(_t108 != 0) {
								 *((intOrPtr*)( *_t108 + 4))(_t108);
							}
							 *(_t131 - 4) = 1;
							E00544C36(_t102, _t129, _t131 - 0x10);
							_t89 =  *(_t131 - 0x10);
							 *(_t131 - 4) = 2;
							_t146 = _t89;
							if(_t89 != 0) {
								 *((intOrPtr*)( *_t89 + 8))(_t89);
							}
							 *(_t131 - 4) = 0;
							 *((char*)(_t124 + 0x90)) = 0;
						}
						_t59 = E00651855(_t120, _t146, 0x1c);
						 *(_t131 - 0x10) = _t59;
						if(_t59 == 0) {
							_t105 = 0;
							__eflags = 0;
						} else {
							_t85 = E00543EF9(_t59, _t124, 0); // executed
							_t105 = _t85;
						}
						 *(_t131 - 0x10) = _t105;
						if(_t105 != 0) {
							 *((intOrPtr*)( *_t105 + 4))(_t105);
						}
						 *(_t131 - 4) = 3;
						E00544C36(_t102, _t129, _t131 - 0x10);
						_t62 =  *(_t131 - 0x10);
						 *(_t131 - 4) = 4;
						if(_t62 != 0) {
							 *((intOrPtr*)( *_t62 + 8))(_t62);
						}
						 *(_t131 - 4) = 0;
					} else {
						_t120 =  *((intOrPtr*)(_t124 + 0x74)) -  *((intOrPtr*)(_t124 + 0x70)) >> 2;
						if( *((intOrPtr*)(_t124 + 0x8c)) + ( *((intOrPtr*)(_t124 + 0x74)) -  *((intOrPtr*)(_t124 + 0x70)) >> 2) > ( *((intOrPtr*)(_t129 + 4)) -  *_t129 >> 2) - 1 &&  *((intOrPtr*)(_t129 + 4)) -  *_t129 >> 2 < 0x20) {
							goto L6;
						}
					}
					 *(_t131 - 0x10) =  *(_t131 - 0x10) & 0x00000000;
					_t150 =  *((intOrPtr*)(_t129 + 4)) -  *_t129 >> 2;
					if( *((intOrPtr*)(_t129 + 4)) -  *_t129 >> 2 != 0) {
						_t125 =  *(_t131 - 0x10);
						do {
							if(E00544AD9( *((intOrPtr*)( *_t129 + _t125 * 4)), _t150) != 0) {
								_t79 =  *_t129 + _t125 * 4;
								_t125 = _t125 - 1;
								E005D2189(_t129, _t131 - 0x14, _t79);
							}
							_t125 = _t125 + 1;
						} while (_t125 <  *((intOrPtr*)(_t129 + 4)) -  *_t129 >> 2);
						_t124 =  *((intOrPtr*)(_t131 + 8));
					}
					if(_t102 != 0) {
						_t102 = 0;
						_push(_t124 + 0x10);
						 *((char*)(_t131 - 0x18)) = 0;
						E004683EB(0);
					}
				} while (WaitForSingleObject( *(_t124 + 0x68), 0x14d) == 0x102);
				_t157 = _t102;
				 *(_t131 - 4) = 5;
				if(_t102 != 0) {
					_push( *((intOrPtr*)(_t131 - 0x1c)));
					E004683EB(_t157);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t131 - 0xc));
				return 0;
			}


















                                                                                                                              0x005442a2
                                                                                                                              0x005442ad
                                                                                                                              0x005442b0
                                                                                                                              0x005442b4
                                                                                                                              0x005442b7
                                                                                                                              0x005442bc
                                                                                                                              0x005442c0
                                                                                                                              0x005442c2
                                                                                                                              0x005442c3
                                                                                                                              0x005442c6
                                                                                                                              0x005442cb
                                                                                                                              0x005442ce
                                                                                                                              0x005442d0
                                                                                                                              0x005442d5
                                                                                                                              0x005442d8
                                                                                                                              0x005442db
                                                                                                                              0x005442db
                                                                                                                              0x005442e8
                                                                                                                              0x0054431d
                                                                                                                              0x0054431d
                                                                                                                              0x00544324
                                                                                                                              0x00544328
                                                                                                                              0x0054432d
                                                                                                                              0x00544333
                                                                                                                              0x00544343
                                                                                                                              0x00544343
                                                                                                                              0x00544335
                                                                                                                              0x0054433a
                                                                                                                              0x0054433f
                                                                                                                              0x0054433f
                                                                                                                              0x00544345
                                                                                                                              0x0054434a
                                                                                                                              0x0054434f
                                                                                                                              0x0054434f
                                                                                                                              0x00544355
                                                                                                                              0x0054435c
                                                                                                                              0x00544361
                                                                                                                              0x00544364
                                                                                                                              0x00544368
                                                                                                                              0x0054436a
                                                                                                                              0x0054436f
                                                                                                                              0x0054436f
                                                                                                                              0x00544372
                                                                                                                              0x00544376
                                                                                                                              0x00544376
                                                                                                                              0x0054437f
                                                                                                                              0x00544384
                                                                                                                              0x0054438a
                                                                                                                              0x0054439a
                                                                                                                              0x0054439a
                                                                                                                              0x0054438c
                                                                                                                              0x00544391
                                                                                                                              0x00544396
                                                                                                                              0x00544396
                                                                                                                              0x0054439c
                                                                                                                              0x005443a1
                                                                                                                              0x005443a6
                                                                                                                              0x005443a6
                                                                                                                              0x005443ac
                                                                                                                              0x005443b3
                                                                                                                              0x005443b8
                                                                                                                              0x005443bb
                                                                                                                              0x005443c1
                                                                                                                              0x005443c6
                                                                                                                              0x005443c6
                                                                                                                              0x005443c9
                                                                                                                              0x005442ea
                                                                                                                              0x005442fb
                                                                                                                              0x00544306
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00544306
                                                                                                                              0x005443d2
                                                                                                                              0x005443d9
                                                                                                                              0x005443db
                                                                                                                              0x005443dd
                                                                                                                              0x005443e0
                                                                                                                              0x005443ee
                                                                                                                              0x005443f4
                                                                                                                              0x005443f7
                                                                                                                              0x005443fd
                                                                                                                              0x005443fd
                                                                                                                              0x00544405
                                                                                                                              0x0054440b
                                                                                                                              0x0054440f
                                                                                                                              0x0054440f
                                                                                                                              0x00544414
                                                                                                                              0x00544419
                                                                                                                              0x0054441b
                                                                                                                              0x0054441c
                                                                                                                              0x0054441f
                                                                                                                              0x0054441f
                                                                                                                              0x00544432
                                                                                                                              0x0054443f
                                                                                                                              0x00544441
                                                                                                                              0x00544449
                                                                                                                              0x0054444b
                                                                                                                              0x0054444e
                                                                                                                              0x0054444e
                                                                                                                              0x00544458
                                                                                                                              0x00544462

                                                                                                                              APIs
                                                                                                                              • __EH_prolog.LIBCMT ref: 005442A2
                                                                                                                                • Part of subcall function 004682AE: __EH_prolog.LIBCMT ref: 004682B3
                                                                                                                                • Part of subcall function 004682AE: RtlEnterCriticalSection.NTDLL(?), ref: 004682BC
                                                                                                                                • Part of subcall function 004682AE: GetCurrentThreadId.KERNEL32 ref: 00468312
                                                                                                                                • Part of subcall function 004682AE: GetCurrentThreadId.KERNEL32 ref: 00468328
                                                                                                                                • Part of subcall function 004682AE: __Mtx_unlock.LIBCPMT ref: 00468348
                                                                                                                                • Part of subcall function 004683EB: __EH_prolog.LIBCMT ref: 004683F0
                                                                                                                                • Part of subcall function 004683EB: __Mtx_unlock.LIBCPMT ref: 00468466
                                                                                                                                • Part of subcall function 004683EB: RtlLeaveCriticalSection.NTDLL(?), ref: 00468475
                                                                                                                              • new.LIBCMT ref: 00544328
                                                                                                                              • new.LIBCMT ref: 0054437F
                                                                                                                              • WaitForSingleObject.KERNEL32(?,0000014D,?), ref: 0054442C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: H_prolog$CriticalCurrentMtx_unlockSectionThread$EnterLeaveObjectSingleWait
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2556069985-0
                                                                                                                              • Opcode ID: 0d0ee18ac62203443fb5a9cab0c12697164a340091a9971460b46faf117e71d5
                                                                                                                              • Instruction ID: c6e29849c6836c3248c25bed6139588d28fc6a7127372fb25caf91636d9dedce
                                                                                                                              • Opcode Fuzzy Hash: 0d0ee18ac62203443fb5a9cab0c12697164a340091a9971460b46faf117e71d5
                                                                                                                              • Instruction Fuzzy Hash: D951BE70640206AFDB24DFB8C899BAEBBF5BF45708F14491DE492E7281CB34EA44CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00468518 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00468518(void* __eflags) {
				void* _t25;
				void* _t39;
				intOrPtr* _t40;
				void* _t42;
				void* _t46;

				E00651AF8(0x6af34e);
				 *((intOrPtr*)(_t46 - 0x10)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t46 - 0x14)) = 0x7bfd18;
				E00468A88(E0063FE2B(0x7bfd18));
				_t40 =  *((intOrPtr*)(_t46 + 8));
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				E00467901(0x7bfd48, _t46 - 0x1c, _t46 - 0x10, _t40);
				 *(_t46 - 4) = 1;
				E00468A88(E0063FE50(0x7bfd18));
				 *(_t46 - 4) =  *(_t46 - 4) | 0xffffffff;
				_t25 =  *((intOrPtr*)( *_t40))( *((intOrPtr*)(_t40 + 4)), _t39, _t42); // executed
				E00468A88(E0063FE2B(0x7bfd18));
				 *(_t46 - 4) = 2;
				E00468A88(E0063FE50(0x7bfd18));
				E0046814B(_t40, _t46, 1);
				 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
				return _t25;
			}








                                                                                                                              0x0046851d
                                                                                                                              0x00468532
                                                                                                                              0x00468536
                                                                                                                              0x00468540
                                                                                                                              0x00468545
                                                                                                                              0x0046854b
                                                                                                                              0x0046855a
                                                                                                                              0x00468560
                                                                                                                              0x0046856e
                                                                                                                              0x00468578
                                                                                                                              0x0046857c
                                                                                                                              0x0046858c
                                                                                                                              0x00468596
                                                                                                                              0x004685a4
                                                                                                                              0x004685ad
                                                                                                                              0x004685b9
                                                                                                                              0x004685c3

                                                                                                                              APIs
                                                                                                                              • __EH_prolog.LIBCMT ref: 0046851D
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00468527
                                                                                                                                • Part of subcall function 0063FE2B: mtx_do_lock.LIBCPMT ref: 0063FE33
                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 00468567
                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 0046859D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Mtx_unlock$CurrentH_prologThreadmtx_do_lock
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2822297656-0
                                                                                                                              • Opcode ID: 45d5f0599a139b2b94f12ce032d72ab9cf0a2936db16ad04306f2e5869556d17
                                                                                                                              • Instruction ID: 31807c322ed0de2ebcbc4e78d729ac087eb52246a986b4a207439976a9507fac
                                                                                                                              • Opcode Fuzzy Hash: 45d5f0599a139b2b94f12ce032d72ab9cf0a2936db16ad04306f2e5869556d17
                                                                                                                              • Instruction Fuzzy Hash: EA1186B1E40209BADB00FBF4DC0AAAE7769DF41715F10022FF814A7292DE795E0187E9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040F7E3 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 83 40f7e3-40f7e9 84 40f7eb-40f7ed 83->84 85 40f7ee-40f7f9 83->85 86 40f800-40f80a 85->86 87 40f7fb 85->87 88 40f80c-40f812 86->88 89 40f82d-40f82e call 651855 86->89 87->86 88->89 91 40f814-40f819 88->91 92 40f833-40f834 89->92 91->87 93 40f81b-40f82b call 651855 91->93 95 40f836-40f838 92->95 93->95
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E0040F7E3(signed int _a4, signed int _a8, char _a12) {
				char _v16;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v60;
				char _v64;
				intOrPtr _v76;
				char _v80;
				char _v100;
				signed int _t29;
				signed int _t30;
				signed int _t32;
				intOrPtr _t54;
				signed int _t56;
				signed int _t57;
				signed int _t59;
				signed int _t69;
				void* _t71;
				void* _t72;
				void* _t73;
				void* _t74;
				void* _t75;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				_t56 = _a4;
				if(_t56 != 0) {
					_t30 = _t29 | 0xffffffff;
					_t69 = _t30 % _a8;
					__eflags = _t30 / _a8 - _t56;
					if(_t30 / _a8 >= _t56) {
						_t57 = _t56 * _a8;
						__eflags = _a12;
						if(__eflags == 0) {
							L8:
							_t32 = E00651855(_t69, __eflags, _t57); // executed
							_t59 = _t32;
							goto L9;
						} else {
							__eflags = _t57 - 0x1000;
							if(__eflags < 0) {
								goto L8;
							} else {
								_t10 = _t57 + 0x23; // 0x23
								_t34 = _t10;
								__eflags = _t10 - _t57;
								if(__eflags <= 0) {
									goto L3;
								} else {
									_t54 = E00651855(_t69, __eflags, _t34);
									_t11 = _t54 + 0x23; // 0x23
									_t59 = _t11 & 0xffffffe0;
									 *((intOrPtr*)(_t59 - 4)) = _t54;
									L9:
									return _t59;
								}
							}
						}
					} else {
						L3:
						_t71 = _t77;
						_t78 = _t77 - 0xc;
						E0040FD09( &_v16);
						E00669FD4( &_v16, 0x793128);
						asm("int3");
						_push(_t71);
						_t72 = _t78;
						_t79 = _t78 - 0xc;
						E0063E4A7( &_v32);
						E00669FD4( &_v32, 0x78ebec);
						asm("int3");
						_push(_t72);
						_t73 = _t79;
						_t80 = _t79 - 0xc;
						E0063E4B8( &_v48, _v28);
						E00669FD4( &_v48, 0x7678e4);
						asm("int3");
						_push(_t73);
						_t74 = _t80;
						_t81 = _t80 - 0xc;
						E0063E4F4( &_v64, _v44);
						E00669FD4( &_v64, 0x78eb74);
						asm("int3");
						_push(_t74);
						_t75 = _t81;
						E0063E530( &_v80, _v60);
						E00669FD4( &_v80, 0x78ebb0);
						asm("int3");
						_push(_t75);
						E0063E575( &_v100, _v76);
						E00669FD4( &_v100, 0x78ec24);
						asm("int3");
						return "bad function call";
					}
				} else {
					return 0;
				}
			}































                                                                                                                              0x0040f7e3
                                                                                                                              0x0040f7e9
                                                                                                                              0x0040f7ee
                                                                                                                              0x0040f7f3
                                                                                                                              0x0040f7f7
                                                                                                                              0x0040f7f9
                                                                                                                              0x0040f800
                                                                                                                              0x0040f805
                                                                                                                              0x0040f80a
                                                                                                                              0x0040f82d
                                                                                                                              0x0040f82e
                                                                                                                              0x0040f834
                                                                                                                              0x00000000
                                                                                                                              0x0040f80c
                                                                                                                              0x0040f80c
                                                                                                                              0x0040f812
                                                                                                                              0x00000000
                                                                                                                              0x0040f814
                                                                                                                              0x0040f814
                                                                                                                              0x0040f814
                                                                                                                              0x0040f817
                                                                                                                              0x0040f819
                                                                                                                              0x00000000
                                                                                                                              0x0040f81b
                                                                                                                              0x0040f81c
                                                                                                                              0x0040f822
                                                                                                                              0x0040f825
                                                                                                                              0x0040f828
                                                                                                                              0x0040f836
                                                                                                                              0x0040f838
                                                                                                                              0x0040f838
                                                                                                                              0x0040f819
                                                                                                                              0x0040f812
                                                                                                                              0x0040f7fb
                                                                                                                              0x0040f7fb
                                                                                                                              0x0063e666
                                                                                                                              0x0063e668
                                                                                                                              0x0063e66e
                                                                                                                              0x0063e67c
                                                                                                                              0x0063e681
                                                                                                                              0x0063e682
                                                                                                                              0x0063e683
                                                                                                                              0x0063e685
                                                                                                                              0x0063e68b
                                                                                                                              0x0063e699
                                                                                                                              0x0063e69e
                                                                                                                              0x0063e69f
                                                                                                                              0x0063e6a0
                                                                                                                              0x0063e6a2
                                                                                                                              0x0063e6ab
                                                                                                                              0x0063e6b9
                                                                                                                              0x0063e6be
                                                                                                                              0x0063e6bf
                                                                                                                              0x0063e6c0
                                                                                                                              0x0063e6c2
                                                                                                                              0x0063e6cb
                                                                                                                              0x0063e6d9
                                                                                                                              0x0063e6de
                                                                                                                              0x0063e6df
                                                                                                                              0x0063e6e0
                                                                                                                              0x0063e6eb
                                                                                                                              0x0063e6f9
                                                                                                                              0x0063e6fe
                                                                                                                              0x0063e6ff
                                                                                                                              0x0063e70b
                                                                                                                              0x0063e719
                                                                                                                              0x0063e71e
                                                                                                                              0x0063e724
                                                                                                                              0x0063e724
                                                                                                                              0x0040f7eb
                                                                                                                              0x0040f7ed
                                                                                                                              0x0040f7ed

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3dbe1b54718eb22db603c58d4db83496368e26ff95a98adf8f3fb41c6f052739
                                                                                                                              • Instruction ID: 085093dc991957a30e7a596d3c85e2c6205757732385270974148b11aa68bb6b
                                                                                                                              • Opcode Fuzzy Hash: 3dbe1b54718eb22db603c58d4db83496368e26ff95a98adf8f3fb41c6f052739
                                                                                                                              • Instruction Fuzzy Hash: 63F027B221420169CB7C9734C460B6A7B969B85311F208E3FF01BDA9D0D738CC8DC60D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0067A1EB Relevance: 1.5, APIs: 1, Instructions: 37memoryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 97 67a1eb-684eb4 99 684ee6-684ef1 call 677311 97->99 100 684eb6-684eb8 97->100 108 684ef3-684ef5 99->108 101 684eba-684ebb 100->101 102 684ed1-684ee2 RtlAllocateHeap 100->102 101->102 104 684ebd-684ec4 call 68914c 102->104 105 684ee4 102->105 104->99 110 684ec6-684ecf call 686da2 104->110 105->108 110->99 110->102
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E0067A1EB(void* __ecx, long _a4) {
				void* _t3;
				void* _t5;
				void* _t6;
				long _t8;

				_t6 = __ecx;
				_pop(_t10);
				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L8:
					 *((intOrPtr*)(E00677311())) = 0xc;
					_t3 = 0;
					__eflags = 0;
				} else {
					if(_t8 == 0) {
						_t8 = _t8 + 1;
					}
					while(1) {
						_t3 = RtlAllocateHeap( *0x8004a0, 0, _t8); // executed
						if(_t3 != 0) {
							break;
						}
						__eflags = E0068914C();
						if(__eflags == 0) {
							goto L8;
						} else {
							_t5 = E00686DA2(_t6, __eflags, _t8);
							_pop(_t6);
							__eflags = _t5;
							if(_t5 == 0) {
								goto L8;
							} else {
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				return _t3;
			}







                                                                                                                              0x0067a1eb
                                                                                                                              0x0067a1f0
                                                                                                                              0x00684eae
                                                                                                                              0x00684eb4
                                                                                                                              0x00684ee6
                                                                                                                              0x00684eeb
                                                                                                                              0x00684ef1
                                                                                                                              0x00684ef1
                                                                                                                              0x00684eb6
                                                                                                                              0x00684eb8
                                                                                                                              0x00684eba
                                                                                                                              0x00684eba
                                                                                                                              0x00684ed1
                                                                                                                              0x00684eda
                                                                                                                              0x00684ee2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00684ec2
                                                                                                                              0x00684ec4
                                                                                                                              0x00000000
                                                                                                                              0x00684ec6
                                                                                                                              0x00684ec7
                                                                                                                              0x00684ecc
                                                                                                                              0x00684ecd
                                                                                                                              0x00684ecf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00684ecf
                                                                                                                              0x00000000
                                                                                                                              0x00684ec4
                                                                                                                              0x00684ee4
                                                                                                                              0x00684ef3
                                                                                                                              0x00684ef5

                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,0063E6D0,0063FF51), ref: 00684EDA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: 428b248707f2a0ff5c97e0bce623fcd49f995554f85c83d50ff0fd515fabcd88
                                                                                                                              • Instruction ID: 67f3d0254b39adb30a1e0ff8987403f0463955174bc1839172662a859b69b94b
                                                                                                                              • Opcode Fuzzy Hash: 428b248707f2a0ff5c97e0bce623fcd49f995554f85c83d50ff0fd515fabcd88
                                                                                                                              • Instruction Fuzzy Hash: 66F0272110821397E7707A6A5C0CBBB768FBF823B0F550321EC04A3680DF20DC0183E8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00543EF9 Relevance: 1.5, APIs: 1, Instructions: 29threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 113 543ef9-543f3d CreateThread
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E00543EF9(void* __ecx, intOrPtr _a4, char _a8) {
				void* _v8;
				void* _t15;
				void* _t20;

				_push(__ecx);
				_t20 = __ecx;
				_v8 = __ecx;
				 *(__ecx + 8) =  *(__ecx + 8) | 0xffffffff;
				 *((intOrPtr*)(__ecx + 0x14)) = _a4;
				 *((char*)(__ecx + 0x18)) = _a8;
				_t8 = _t20 + 0x10; // 0x10
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *__ecx = 0x6f9130;
				 *((char*)(__ecx + 0xc)) = 0;
				_t15 = CreateThread(0, 0, E005447C3, __ecx, 0, _t8); // executed
				 *(_t20 + 8) = _t15;
				return _t20;
			}






                                                                                                                              0x00543efc
                                                                                                                              0x00543f01
                                                                                                                              0x00543f05
                                                                                                                              0x00543f08
                                                                                                                              0x00543f0c
                                                                                                                              0x00543f12
                                                                                                                              0x00543f15
                                                                                                                              0x00543f22
                                                                                                                              0x00543f25
                                                                                                                              0x00543f2b
                                                                                                                              0x00543f2e
                                                                                                                              0x00543f34
                                                                                                                              0x00543f3d

                                                                                                                              APIs
                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_001447C3,00000000,00000000,00000010), ref: 00543F2E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2422867632-0
                                                                                                                              • Opcode ID: fc2643d9a89462e02a190f65bfcdd27f47c917761810af243506e7db0aaeb749
                                                                                                                              • Instruction ID: 721318121151a343cad2e588276c794f9e6f79b1596b0fcc5e2f69efd019f413
                                                                                                                              • Opcode Fuzzy Hash: fc2643d9a89462e02a190f65bfcdd27f47c917761810af243506e7db0aaeb749
                                                                                                                              • Instruction Fuzzy Hash: DFF08271515744AF8338CF5DD805CA3BFF8EA09720700C75EB9AAC3741D270A5048BB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00651AE0 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 114 651ae0-651ae6 call 651aa5 116 651aeb-651af4 114->116
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E00651AE0(void* __eflags, intOrPtr _a4) {
				signed int _t2;

				_t2 = E00651AA5(_a4); // executed
				asm("sbb eax, eax");
				return  ~( ~_t2) - 1;
			}




                                                                                                                              0x00651ae6
                                                                                                                              0x00651aee
                                                                                                                              0x00651af4

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __onexit
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1448380652-0
                                                                                                                              • Opcode ID: d78d9142898b9c98952a14e3dedbcd9244443e9bdde8ff525791cf48f29bf47b
                                                                                                                              • Instruction ID: cf84a9b3958c924348658f9fa8e7285169b0ac0411b3e1127fa34ff99a44dc01
                                                                                                                              • Opcode Fuzzy Hash: d78d9142898b9c98952a14e3dedbcd9244443e9bdde8ff525791cf48f29bf47b
                                                                                                                              • Instruction Fuzzy Hash: 0FB0123149810E2B7E1579F5EC058343B4DD612661F400326FC0DC80E1DE12A4540088
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00673C29 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E00673C29(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				void* __ebp;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x7ba428; // 0x8e973bf9
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00652B00(_t41);
					_pop(_t61);
				}
				E0066C3C0(_t66,  &_v804, 0, 0x50);
				E0066C3C0(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0xec458d00
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x63ff55
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0x78edc068
				_v544 =  *_t28;
				_t30 =  &_a8; // 0xe9cc0002
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xffffff15
				_v800 =  *_t32;
				_t34 =  &_v0; // 0xec458d00
				_v792 =  *_t34;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x63fc29
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0xa075e850
					_push( *_t38);
					_t57 = E00652B00(_t57);
				}
				_t39 =  &_v8; // 0xffffff5f
				return L0065208E(_t57,  *_t39 ^ _t69);
			}







































                                                                                                                              0x00673c29
                                                                                                                              0x00673c29
                                                                                                                              0x00673c29
                                                                                                                              0x00673c34
                                                                                                                              0x00673c39
                                                                                                                              0x00673c3b
                                                                                                                              0x00673c43
                                                                                                                              0x00673c45
                                                                                                                              0x00673c48
                                                                                                                              0x00673c4d
                                                                                                                              0x00673c4d
                                                                                                                              0x00673c59
                                                                                                                              0x00673c6c
                                                                                                                              0x00673c7a
                                                                                                                              0x00673c80
                                                                                                                              0x00673c86
                                                                                                                              0x00673c8c
                                                                                                                              0x00673c92
                                                                                                                              0x00673c98
                                                                                                                              0x00673c9e
                                                                                                                              0x00673ca4
                                                                                                                              0x00673caa
                                                                                                                              0x00673cb0
                                                                                                                              0x00673cb7
                                                                                                                              0x00673cbe
                                                                                                                              0x00673cc5
                                                                                                                              0x00673ccc
                                                                                                                              0x00673cd3
                                                                                                                              0x00673cda
                                                                                                                              0x00673cdb
                                                                                                                              0x00673ce1
                                                                                                                              0x00673ce4
                                                                                                                              0x00673cea
                                                                                                                              0x00673cea
                                                                                                                              0x00673ced
                                                                                                                              0x00673cf3
                                                                                                                              0x00673cfd
                                                                                                                              0x00673d00
                                                                                                                              0x00673d06
                                                                                                                              0x00673d09
                                                                                                                              0x00673d0f
                                                                                                                              0x00673d12
                                                                                                                              0x00673d18
                                                                                                                              0x00673d1b
                                                                                                                              0x00673d29
                                                                                                                              0x00673d2b
                                                                                                                              0x00673d31
                                                                                                                              0x00673d40
                                                                                                                              0x00673d4c
                                                                                                                              0x00673d4c
                                                                                                                              0x00673d4f
                                                                                                                              0x00673d54
                                                                                                                              0x00673d55
                                                                                                                              0x00673d63

                                                                                                                              APIs
                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0063E6D0), ref: 00673D21
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0063E6D0), ref: 00673D2B
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(0063FC29,?,?,?,?,?,0063E6D0), ref: 00673D38
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3906539128-0
                                                                                                                              • Opcode ID: eb1c22202bdccbdf8a8f668cf6478881aef279c10f66fa13959d7adb2dd45f08
                                                                                                                              • Instruction ID: 75912893ef346366e3393d0e233488582f8321a50ce68d8ce8c262a4d3558670
                                                                                                                              • Opcode Fuzzy Hash: eb1c22202bdccbdf8a8f668cf6478881aef279c10f66fa13959d7adb2dd45f08
                                                                                                                              • Instruction Fuzzy Hash: 8E31D5B5901228ABCB61DF24D988BDCBBB9BF08310F5041EAE81CA7250E7709B858F44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00695924 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 201 695924-695938 202 69593a-69593f 201->202 203 6959a6-6959ae 201->203 202->203 206 695941-695946 202->206 204 6959b0-6959b3 203->204 205 6959f5-695a0d call 695a97 203->205 204->205 207 6959b5-6959f2 call 684f5f * 4 204->207 214 695a10-695a17 205->214 206->203 209 695948-69594b 206->209 207->205 209->203 212 69594d-695955 209->212 215 69596f-695977 212->215 216 695957-69595a 212->216 217 695a19-695a1d 214->217 218 695a36-695a3a 214->218 221 695979-69597c 215->221 222 695991-6959a5 call 684f5f * 2 215->222 216->215 219 69595c-69596e call 684f5f call 694cfc 216->219 223 695a1f-695a22 217->223 224 695a33 217->224 228 695a3c-695a41 218->228 229 695a52-695a5e 218->229 219->215 221->222 227 69597e-695990 call 684f5f call 6951b6 221->227 222->203 223->224 232 695a24-695a32 call 684f5f * 2 223->232 224->218 227->222 236 695a4f 228->236 237 695a43-695a46 228->237 229->214 231 695a60-695a6d call 684f5f 229->231 232->224 236->229 237->236 244 695a48-695a4e call 684f5f 237->244 244->236
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00695924(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t2 = _t74 + 0x88; // 0x20202020
				_t25 =  *_t2;
				if(_t25 != 0 && _t25 != 0x7ba5c8) {
					_t3 = _t74 + 0x7c; // 0x20202020
					_t45 =  *_t3;
					if(_t45 != 0 &&  *_t45 == 0) {
						_t4 = _t74 + 0x84; // 0x20202020
						_t46 =  *_t4;
						if(_t46 != 0 &&  *_t46 == 0) {
							E00684F5F(_t46);
							_t5 = _t74 + 0x88; // 0x20202020
							E00694CFC( *_t5);
						}
						_t6 = _t74 + 0x80; // 0x20202020
						_t47 =  *_t6;
						if(_t47 != 0 &&  *_t47 == 0) {
							E00684F5F(_t47);
							_t7 = _t74 + 0x88; // 0x20202020
							E006951B6( *_t7);
						}
						_t8 = _t74 + 0x7c; // 0x20202020
						E00684F5F( *_t8);
						_t9 = _t74 + 0x88; // 0x20202020
						E00684F5F( *_t9);
					}
				}
				_t10 = _t74 + 0x8c; // 0x20202020
				_t26 =  *_t10;
				if(_t26 != 0 &&  *_t26 == 0) {
					_t11 = _t74 + 0x90; // 0x20202020
					E00684F5F( *_t11 - 0xfe);
					_t12 = _t74 + 0x94; // 0x0
					E00684F5F( *_t12 - 0x80);
					_t13 = _t74 + 0x98; // 0x0
					E00684F5F( *_t13 - 0x80);
					_t14 = _t74 + 0x8c; // 0x20202020
					E00684F5F( *_t14);
				}
				_t15 = _t74 + 0x9c; // 0x0
				E00695A97( *_t15);
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0x7bac80
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x7bac08
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x7ba730) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00684F5F(_t31);
							E00684F5F( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0x0
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E00684F5F(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00684F5F(_t74);
			}















                                                                                                                              0x0069592c
                                                                                                                              0x00695930
                                                                                                                              0x00695930
                                                                                                                              0x00695938
                                                                                                                              0x00695941
                                                                                                                              0x00695941
                                                                                                                              0x00695946
                                                                                                                              0x0069594d
                                                                                                                              0x0069594d
                                                                                                                              0x00695955
                                                                                                                              0x0069595d
                                                                                                                              0x00695962
                                                                                                                              0x00695968
                                                                                                                              0x0069596e
                                                                                                                              0x0069596f
                                                                                                                              0x0069596f
                                                                                                                              0x00695977
                                                                                                                              0x0069597f
                                                                                                                              0x00695984
                                                                                                                              0x0069598a
                                                                                                                              0x00695990
                                                                                                                              0x00695991
                                                                                                                              0x00695994
                                                                                                                              0x00695999
                                                                                                                              0x0069599f
                                                                                                                              0x006959a5
                                                                                                                              0x00695946
                                                                                                                              0x006959a6
                                                                                                                              0x006959a6
                                                                                                                              0x006959ae
                                                                                                                              0x006959b5
                                                                                                                              0x006959c1
                                                                                                                              0x006959c6
                                                                                                                              0x006959d4
                                                                                                                              0x006959d9
                                                                                                                              0x006959e2
                                                                                                                              0x006959e7
                                                                                                                              0x006959ed
                                                                                                                              0x006959f2
                                                                                                                              0x006959f5
                                                                                                                              0x006959fb
                                                                                                                              0x00695a03
                                                                                                                              0x00695a04
                                                                                                                              0x00695a04
                                                                                                                              0x00695a0a
                                                                                                                              0x00695a0d
                                                                                                                              0x00695a0d
                                                                                                                              0x00695a10
                                                                                                                              0x00695a17
                                                                                                                              0x00695a19
                                                                                                                              0x00695a1d
                                                                                                                              0x00695a25
                                                                                                                              0x00695a2c
                                                                                                                              0x00695a32
                                                                                                                              0x00695a33
                                                                                                                              0x00695a33
                                                                                                                              0x00695a3a
                                                                                                                              0x00695a3c
                                                                                                                              0x00695a3c
                                                                                                                              0x00695a41
                                                                                                                              0x00695a49
                                                                                                                              0x00695a4e
                                                                                                                              0x00695a4f
                                                                                                                              0x00695a4f
                                                                                                                              0x00695a52
                                                                                                                              0x00695a55
                                                                                                                              0x00695a58
                                                                                                                              0x00695a5b
                                                                                                                              0x00695a5b
                                                                                                                              0x00695a6d

                                                                                                                              APIs
                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 00695968
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694D19
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694D2B
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694D3D
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694D4F
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694D61
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694D73
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694D85
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694D97
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694DA9
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694DBB
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694DCD
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694DDF
                                                                                                                                • Part of subcall function 00694CFC: _free.LIBCMT ref: 00694DF1
                                                                                                                              • _free.LIBCMT ref: 0069595D
                                                                                                                                • Part of subcall function 00684F5F: RtlFreeHeap.NTDLL(00000000,00000000,?,00695469,007BABE0,00000000,007BABE0,00000000,?,0069570D,007BABE0,00000007,007BABE0,?,00695ABC,007BABE0), ref: 00684F75
                                                                                                                                • Part of subcall function 00684F5F: GetLastError.KERNEL32(007BABE0,?,00695469,007BABE0,00000000,007BABE0,00000000,?,0069570D,007BABE0,00000007,007BABE0,?,00695ABC,007BABE0,007BABE0), ref: 00684F87
                                                                                                                              • _free.LIBCMT ref: 0069597F
                                                                                                                              • _free.LIBCMT ref: 00695994
                                                                                                                              • _free.LIBCMT ref: 0069599F
                                                                                                                              • _free.LIBCMT ref: 006959C1
                                                                                                                              • _free.LIBCMT ref: 006959D4
                                                                                                                              • _free.LIBCMT ref: 006959E2
                                                                                                                              • _free.LIBCMT ref: 006959ED
                                                                                                                              • _free.LIBCMT ref: 00695A25
                                                                                                                              • _free.LIBCMT ref: 00695A2C
                                                                                                                              • _free.LIBCMT ref: 00695A49
                                                                                                                              • _free.LIBCMT ref: 00695A61
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 161543041-0
                                                                                                                              • Opcode ID: 58fcbfa07f8e400c4f6196b7d5118647360d66791251da583e3bf429a67004bd
                                                                                                                              • Instruction ID: 263d12000eb4c23d6f901799fafdc210403204cb626a0c7f534bf42d49f99cf0
                                                                                                                              • Opcode Fuzzy Hash: 58fcbfa07f8e400c4f6196b7d5118647360d66791251da583e3bf429a67004bd
                                                                                                                              • Instruction Fuzzy Hash: 22315D31604A01DFEF62AB38D845B9673EAAF40320F11866DE56AD7662DE71AC44C728
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006956F4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E006956F4(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E0069543B(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x7babfc
					E0069543B(_t2, 7);
					_t3 = _t45 + 0x38; // 0x7bac18
					E0069543B(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x7bac48
					E0069543B(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x7bac78
					E0069543B(_t5, 2);
					_t6 = _t45 + 0xa0; // 0x0
					E00684F5F( *_t6);
					_t7 = _t45 + 0xa4; // 0x0
					E00684F5F( *_t7);
					_t8 = _t45 + 0xa8; // 0x0
					E00684F5F( *_t8);
					_t9 = _t45 + 0xb4; // 0x7bac94
					E0069543B(_t9, 7);
					_t10 = _t45 + 0xd0; // 0x7bacb0
					E0069543B(_t10, 7);
					_t11 = _t45 + 0xec; // 0x7baccc
					E0069543B(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x7bacfc
					E0069543B(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x7bad2c
					E0069543B(_t13, 2);
					_t14 = _t45 + 0x154; // 0x0
					E00684F5F( *_t14);
					_t15 = _t45 + 0x158; // 0x62610000
					E00684F5F( *_t15);
					_t16 = _t45 + 0x15c; // 0x66656463
					E00684F5F( *_t16);
					_t17 = _t45 + 0x160; // 0x6a696867
					return E00684F5F( *_t17);
				}
				return _t18;
			}





                                                                                                                              0x006956fa
                                                                                                                              0x006956ff
                                                                                                                              0x00695708
                                                                                                                              0x0069570d
                                                                                                                              0x00695713
                                                                                                                              0x00695718
                                                                                                                              0x0069571e
                                                                                                                              0x00695723
                                                                                                                              0x00695729
                                                                                                                              0x0069572e
                                                                                                                              0x00695737
                                                                                                                              0x0069573c
                                                                                                                              0x00695742
                                                                                                                              0x00695747
                                                                                                                              0x0069574d
                                                                                                                              0x00695752
                                                                                                                              0x00695758
                                                                                                                              0x0069575d
                                                                                                                              0x00695766
                                                                                                                              0x0069576b
                                                                                                                              0x00695774
                                                                                                                              0x0069577c
                                                                                                                              0x00695785
                                                                                                                              0x0069578a
                                                                                                                              0x00695793
                                                                                                                              0x00695798
                                                                                                                              0x006957a1
                                                                                                                              0x006957a6
                                                                                                                              0x006957ac
                                                                                                                              0x006957b1
                                                                                                                              0x006957b7
                                                                                                                              0x006957bc
                                                                                                                              0x006957c2
                                                                                                                              0x006957c7
                                                                                                                              0x00000000
                                                                                                                              0x006957d2
                                                                                                                              0x006957d7

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0069543B: _free.LIBCMT ref: 00695464
                                                                                                                              • _free.LIBCMT ref: 00695742
                                                                                                                                • Part of subcall function 00684F5F: RtlFreeHeap.NTDLL(00000000,00000000,?,00695469,007BABE0,00000000,007BABE0,00000000,?,0069570D,007BABE0,00000007,007BABE0,?,00695ABC,007BABE0), ref: 00684F75
                                                                                                                                • Part of subcall function 00684F5F: GetLastError.KERNEL32(007BABE0,?,00695469,007BABE0,00000000,007BABE0,00000000,?,0069570D,007BABE0,00000007,007BABE0,?,00695ABC,007BABE0,007BABE0), ref: 00684F87
                                                                                                                              • _free.LIBCMT ref: 0069574D
                                                                                                                              • _free.LIBCMT ref: 00695758
                                                                                                                              • _free.LIBCMT ref: 006957AC
                                                                                                                              • _free.LIBCMT ref: 006957B7
                                                                                                                              • _free.LIBCMT ref: 006957C2
                                                                                                                              • _free.LIBCMT ref: 006957CD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: 999c39bd854ad838319db14029e2213cedee8c008454b1e9442579cffb79a7a8
                                                                                                                              • Instruction ID: e60713be866eb55912a9947ddeec04ae2b2c34e9472c6defa3a0b4671d31d82d
                                                                                                                              • Opcode Fuzzy Hash: 999c39bd854ad838319db14029e2213cedee8c008454b1e9442579cffb79a7a8
                                                                                                                              • Instruction Fuzzy Hash: 25117F31540B04AADAA1F7B0CD07FCB77DE5F44B01F80491DB3AE665A2DA38B5448754
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0063E6DF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E0063E6DF(intOrPtr _a4) {
				intOrPtr _v12;
				char _v16;
				char _v36;
				void* _t17;
				void* _t19;

				_t17 = _t19;
				E0063E530( &_v16, _a4);
				E00669FD4( &_v16, 0x78ebb0);
				asm("int3");
				_push(_t17);
				E0063E575( &_v36, _v12);
				E00669FD4( &_v36, 0x78ec24);
				asm("int3");
				return "bad function call";
			}








                                                                                                                              0x0063e6e0
                                                                                                                              0x0063e6eb
                                                                                                                              0x0063e6f9
                                                                                                                              0x0063e6fe
                                                                                                                              0x0063e6ff
                                                                                                                              0x0063e70b
                                                                                                                              0x0063e719
                                                                                                                              0x0063e71e
                                                                                                                              0x0063e724

                                                                                                                              APIs
                                                                                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0063E6EB
                                                                                                                                • Part of subcall function 0063E530: std::exception::exception.LIBCONCRT ref: 0063E53D
                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 0063E6F9
                                                                                                                                • Part of subcall function 00669FD4: RaiseException.KERNEL32(?,?,0063E6DE,0063FF51,?,00000000,00000000,?,?,?,?,0063E6DE,0063FF51,0078EB74,00000000,0063FF51), ref: 0066A033
                                                                                                                              • std::regex_error::regex_error.LIBCPMT ref: 0063E70B
                                                                                                                                • Part of subcall function 0063E575: std::exception::exception.LIBCONCRT ref: 0063E58D
                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 0063E719
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throwstd::exception::exception$ExceptionRaisestd::invalid_argument::invalid_argumentstd::regex_error::regex_error
                                                                                                                              • String ID: bad function call
                                                                                                                              • API String ID: 3658162845-3612616537
                                                                                                                              • Opcode ID: 6eb5d0c113987be616e5156f7edf083899fc6eaa573e3c3b3ca16f99cfe88573
                                                                                                                              • Instruction ID: 5756e7604dd4389ee1065d24da57582c0104c14cf8d3b7977d1a11a940f661e9
                                                                                                                              • Opcode Fuzzy Hash: 6eb5d0c113987be616e5156f7edf083899fc6eaa573e3c3b3ca16f99cfe88573
                                                                                                                              • Instruction Fuzzy Hash: 01E04F75C0020C77CF00FBE4CC46CAD7B7DAA10700F804868BA20921C2FB76A61887F9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004682AE Relevance: 7.6, APIs: 5, Instructions: 55threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 90%
                                                                                                                              			E004682AE(void* __esi, void* __eflags) {
				void* _t18;
				void* _t20;
				long _t21;
				long _t23;
				void* _t25;
				void* _t26;
				intOrPtr _t33;
				void* _t42;
				void* _t47;

				E00651AF8(0x6b66bc);
				 *0x6cf4a8( *((intOrPtr*)(_t42 + 8)), _t25);
				E00468A88(E0063FE2B(0x7bfd18));
				_t26 = E00469377( *((intOrPtr*)(_t42 + 8)));
				if(_t26 >= 0) {
					_t47 = _t26 -  *0x7bfd78; // 0xd
					if(_t47 < 0) {
						 *((intOrPtr*)(E0049234E(0x7bfd68, _t47, _t26) + 4)) =  *((intOrPtr*)(_t19 + 4)) + 1;
						_t20 = E0049234E(0x7bfd68, _t47, _t26);
						_t33 =  *0x7bfd14; // 0x0
						 *((intOrPtr*)(_t20 + 8)) = _t33;
						_t34 = _t33 + 1;
						 *0x7bfd14 = _t33 + 1;
						_t21 = GetCurrentThreadId();
						 *(E0049234E(0x7bfd68, _t34, _t26) + 0x14) = _t21;
						_t23 = GetCurrentThreadId();
						 *(E0049234E(0x7bfd68, _t34, _t26) + 0x10) = _t23;
					}
				}
				 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
				_t18 = E00468A88(E0063FE50(0x7bfd18));
				 *[fs:0x0] =  *((intOrPtr*)(_t42 - 0xc));
				return _t18;
			}












                                                                                                                              0x004682b3
                                                                                                                              0x004682bc
                                                                                                                              0x004682ce
                                                                                                                              0x004682db
                                                                                                                              0x004682df
                                                                                                                              0x004682e1
                                                                                                                              0x004682e7
                                                                                                                              0x004682fa
                                                                                                                              0x004682fd
                                                                                                                              0x00468302
                                                                                                                              0x00468308
                                                                                                                              0x0046830b
                                                                                                                              0x0046830c
                                                                                                                              0x00468312
                                                                                                                              0x00468325
                                                                                                                              0x00468328
                                                                                                                              0x0046833b
                                                                                                                              0x0046833e
                                                                                                                              0x004682e7
                                                                                                                              0x0046833f
                                                                                                                              0x0046834f
                                                                                                                              0x00468358
                                                                                                                              0x00468362

                                                                                                                              APIs
                                                                                                                              • __EH_prolog.LIBCMT ref: 004682B3
                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 004682BC
                                                                                                                                • Part of subcall function 0063FE2B: mtx_do_lock.LIBCPMT ref: 0063FE33
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00468312
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00468328
                                                                                                                              • __Mtx_unlock.LIBCPMT ref: 00468348
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentThread$CriticalEnterH_prologMtx_unlockSectionmtx_do_lock
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1938589970-0
                                                                                                                              • Opcode ID: c93a2f79aa3994cd24475f11427c708afa724d024f99f7506ad0a25507a30759
                                                                                                                              • Instruction ID: 52e17f48d38ead2d340b3555c3398a84e383abbe68ebf0e2ddf6dc10523adbc3
                                                                                                                              • Opcode Fuzzy Hash: c93a2f79aa3994cd24475f11427c708afa724d024f99f7506ad0a25507a30759
                                                                                                                              • Instruction Fuzzy Hash: 6E11C6B1B00600ABCB18ABB5ED55A6D7B9AEF05B01B10417EF80597222DF7C8D4087A9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006899F9 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 81%
                                                                                                                              			E006899F9(void* __ecx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				long _t16;

				_t11 = __ecx;
				_t16 = GetLastError();
				_t10 = 0;
				_t2 =  *0x7ba630; // 0x6
				_t19 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t15 = E0068471D(_t11, 1, 0x364);
					_pop(_t13);
					if(_t15 != 0) {
						_t4 = E00689F18(_t13, __eflags,  *0x7ba630, _t15);
						__eflags = _t4;
						if(_t4 != 0) {
							E006897E7(_t13, _t15, 0x800398);
							E00684F5F(_t10);
							__eflags = _t15;
							if(_t15 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t15);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E00684F5F();
						L8:
						SetLastError(_t16);
					}
				} else {
					_t15 = E00689EC2(_t11, _t19, _t2);
					if(_t15 != 0) {
						L9:
						SetLastError(_t16);
						_t10 = _t15;
					} else {
						goto L2;
					}
				}
				return _t10;
			}










                                                                                                                              0x006899f9
                                                                                                                              0x00689a04
                                                                                                                              0x00689a06
                                                                                                                              0x00689a08
                                                                                                                              0x00689a0d
                                                                                                                              0x00689a10
                                                                                                                              0x00689a1e
                                                                                                                              0x00689a2a
                                                                                                                              0x00689a2d
                                                                                                                              0x00689a30
                                                                                                                              0x00689a42
                                                                                                                              0x00689a47
                                                                                                                              0x00689a49
                                                                                                                              0x00689a54
                                                                                                                              0x00689a5a
                                                                                                                              0x00689a62
                                                                                                                              0x00689a64
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00689a4b
                                                                                                                              0x00689a4b
                                                                                                                              0x00000000
                                                                                                                              0x00689a4b
                                                                                                                              0x00689a32
                                                                                                                              0x00689a32
                                                                                                                              0x00689a33
                                                                                                                              0x00689a33
                                                                                                                              0x00689a66
                                                                                                                              0x00689a67
                                                                                                                              0x00689a67
                                                                                                                              0x00689a12
                                                                                                                              0x00689a18
                                                                                                                              0x00689a1c
                                                                                                                              0x00689a6f
                                                                                                                              0x00689a70
                                                                                                                              0x00689a76
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00689a1c
                                                                                                                              0x00689a7d

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(0063E6D0,0063E6D0,0063FF53,00677316,00684EEB,0063FF51,?,0066ABDF,0063FF53,0063FF51,00000000,?,?,00420EA1,0063E6D0,0063FF55), ref: 006899FE
                                                                                                                              • _free.LIBCMT ref: 00689A33
                                                                                                                              • _free.LIBCMT ref: 00689A5A
                                                                                                                              • SetLastError.KERNEL32(00000000,?,0063E6D0), ref: 00689A67
                                                                                                                              • SetLastError.KERNEL32(00000000,?,0063E6D0), ref: 00689A70
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3170660625-0
                                                                                                                              • Opcode ID: 86412136f71501f2b940b7bae11e90f7d45888a229f063b0cd7b1f749e546006
                                                                                                                              • Instruction ID: 6f65038de3b56f9b12eeba569f0e7c3107d66eddf3eb8001fe3c4d3d1f9781ae
                                                                                                                              • Opcode Fuzzy Hash: 86412136f71501f2b940b7bae11e90f7d45888a229f063b0cd7b1f749e546006
                                                                                                                              • Instruction Fuzzy Hash: 6401D17664460137C31AB7386C85DBB266F9FC1761B2A832DF615E2392EE24C9068334
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 006951B6 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E006951B6(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x7ba5c8; // 0x7ba5c0
					if(_t23 != 0) {
						E00684F5F(_t7);
					}
					_t2 = _t21 + 4; // 0x0
					_t24 =  *_t2 -  *0x7ba5cc; // 0x7ffdec
					if(_t24 != 0) {
						E00684F5F(_t8);
					}
					_t3 = _t21 + 8; // 0x0
					_t25 =  *_t3 -  *0x7ba5d0; // 0x7ffdec
					if(_t25 != 0) {
						E00684F5F(_t9);
					}
					_t4 = _t21 + 0x30; // 0x0
					_t26 =  *_t4 -  *0x7ba5f8; // 0x7ba5c4
					if(_t26 != 0) {
						E00684F5F(_t10);
					}
					_t5 = _t21 + 0x34; // 0x0
					_t6 =  *_t5;
					_t27 = _t6 -  *0x7ba5fc; // 0x7ffdf0
					if(_t27 != 0) {
						return E00684F5F(_t6);
					}
				}
				return _t6;
			}










                                                                                                                              0x006951bc
                                                                                                                              0x006951c1
                                                                                                                              0x006951c5
                                                                                                                              0x006951cb
                                                                                                                              0x006951ce
                                                                                                                              0x006951d3
                                                                                                                              0x006951d4
                                                                                                                              0x006951d7
                                                                                                                              0x006951dd
                                                                                                                              0x006951e0
                                                                                                                              0x006951e5
                                                                                                                              0x006951e6
                                                                                                                              0x006951e9
                                                                                                                              0x006951ef
                                                                                                                              0x006951f2
                                                                                                                              0x006951f7
                                                                                                                              0x006951f8
                                                                                                                              0x006951fb
                                                                                                                              0x00695201
                                                                                                                              0x00695204
                                                                                                                              0x00695209
                                                                                                                              0x0069520a
                                                                                                                              0x0069520a
                                                                                                                              0x0069520d
                                                                                                                              0x00695213
                                                                                                                              0x00000000
                                                                                                                              0x0069521b
                                                                                                                              0x00695213
                                                                                                                              0x0069521e

                                                                                                                              APIs
                                                                                                                              • _free.LIBCMT ref: 006951CE
                                                                                                                                • Part of subcall function 00684F5F: RtlFreeHeap.NTDLL(00000000,00000000,?,00695469,007BABE0,00000000,007BABE0,00000000,?,0069570D,007BABE0,00000007,007BABE0,?,00695ABC,007BABE0), ref: 00684F75
                                                                                                                                • Part of subcall function 00684F5F: GetLastError.KERNEL32(007BABE0,?,00695469,007BABE0,00000000,007BABE0,00000000,?,0069570D,007BABE0,00000007,007BABE0,?,00695ABC,007BABE0,007BABE0), ref: 00684F87
                                                                                                                              • _free.LIBCMT ref: 006951E0
                                                                                                                              • _free.LIBCMT ref: 006951F2
                                                                                                                              • _free.LIBCMT ref: 00695204
                                                                                                                              • _free.LIBCMT ref: 00695216
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: 36ac23d5ed36a2dfa59f3be77ea3ce5d683a6324ace62e362363d7452e1f3d00
                                                                                                                              • Instruction ID: 1ef5bf37504b8b4f25f28c3bdc0ea63b142f9c1c57e456e966f865c4c72409ec
                                                                                                                              • Opcode Fuzzy Hash: 36ac23d5ed36a2dfa59f3be77ea3ce5d683a6324ace62e362363d7452e1f3d00
                                                                                                                              • Instruction Fuzzy Hash: 09F04F32408601778A61FB54E481D5A77DEAE403107658A0DF01ED7B12CB75FD808B79
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00689C6C Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E00689C6C(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x8000b0 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x74b8d8 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x8e973bfa
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










                                                                                                                              0x00689c71
                                                                                                                              0x00689c75
                                                                                                                              0x00689c7c
                                                                                                                              0x00689c80
                                                                                                                              0x00689c8e
                                                                                                                              0x00689ca4
                                                                                                                              0x00689ca8
                                                                                                                              0x00689cd1
                                                                                                                              0x00689cd3
                                                                                                                              0x00689cd7
                                                                                                                              0x00689cda
                                                                                                                              0x00689cda
                                                                                                                              0x00689ce0
                                                                                                                              0x00689ce2
                                                                                                                              0x00000000
                                                                                                                              0x00689ce3
                                                                                                                              0x00689caa
                                                                                                                              0x00689cb3
                                                                                                                              0x00689cc2
                                                                                                                              0x00689cb5
                                                                                                                              0x00689cb8
                                                                                                                              0x00689cbe
                                                                                                                              0x00689cbe
                                                                                                                              0x00689cc6
                                                                                                                              0x00000000
                                                                                                                              0x00689cc8
                                                                                                                              0x00689ccb
                                                                                                                              0x00689ccd
                                                                                                                              0x00000000
                                                                                                                              0x00689ccd
                                                                                                                              0x00689cc6
                                                                                                                              0x00689c82
                                                                                                                              0x00689c87
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00689C13,00000000,00000000,00000000,00000000,?,00689F3F,00000006,FlsSetValue), ref: 00689C9E
                                                                                                                              • GetLastError.KERNEL32(?,00689C13,00000000,00000000,00000000,00000000,?,00689F3F,00000006,FlsSetValue,0074BDC8,0074BDD0,00000000,00000364,?,00689A47), ref: 00689CAA
                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00689C13,00000000,00000000,00000000,00000000,?,00689F3F,00000006,FlsSetValue,0074BDC8,0074BDD0,00000000), ref: 00689CB8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000007.00000002.773540932.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000007.00000002.773534191.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774023895.0000000000798000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774052183.00000000007C4000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774058688.00000000007CD000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774063009.00000000007CF000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774067714.00000000007D3000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774092917.0000000000803000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774098021.0000000000807000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774118156.000000000082C000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774133762.000000000083B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774161963.0000000000841000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774208163.0000000000879000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774319203.0000000000959000.00000080.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              • Associated: 00000007.00000002.774331026.000000000095B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_7_2_400000_uTorrent.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3177248105-0
                                                                                                                              • Opcode ID: f402b5e3d13204b7ef1cb259403b4cf1fc210ae4441eb1150bbd0e676ff80116
                                                                                                                              • Instruction ID: d545b02b52736fbba5234abb79736b3ff81fdf0e74e7502966175c674c74ae65
                                                                                                                              • Opcode Fuzzy Hash: f402b5e3d13204b7ef1cb259403b4cf1fc210ae4441eb1150bbd0e676ff80116
                                                                                                                              • Instruction Fuzzy Hash: 6801D432641222ABC7216B68DC44EBA3BDABF057A17280320E906D7341D722D801CBF0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%