Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uTorrent.exe

Overview

General Information

Sample name:uTorrent.exe
Analysis ID:1432046
MD5:35238d8e052c7cfdde63e6c11ce852fa
SHA1:8724c59a257e11a4d91c2b891297c16549255221
SHA256:6453d431431ec8ccb8b859e079062750a7f50f0b6f4266ebbed97a36f45013a1
Infos:

Detection

Score:66
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to infect the boot sector
Delayed program exit found
Machine Learning detection for sample
Tries to detect sandboxes / dynamic malware analysis system (registry check)
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • uTorrent.exe (PID: 7264 cmdline: "C:\Users\user\Desktop\uTorrent.exe" MD5: 35238D8E052C7CFDDE63E6C11CE852FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&brAvira URL Cloud: Label: malware
Source: http://67.215.246.206/offers/SMStub-en-20150508.exeAvira URL Cloud: Label: malware
Source: http://config.install-zone.comAvira URL Cloud: Label: malware
Source: http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=instalAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: config.install-zone.comVirustotal: Detection: 8%Perma Link
Source: imp.install-zone.comVirustotal: Detection: 9%Perma Link
Source: http://67.215.246.206/offers/SMStub-en-20150508.exeVirustotal: Detection: 11%Perma Link
Source: http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&brVirustotal: Detection: 11%Perma Link
Source: http://config.install-zone.comVirustotal: Detection: 8%Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dllVirustotal: Detection: 18%Perma Link
Multi AV Scanner detection for submitted file
Source: uTorrent.exeReversingLabs: Detection: 30%
Source: uTorrent.exeVirustotal: Detection: 23%Perma Link
Machine Learning detection for sample
Source: uTorrent.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00522AA9 CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,0_2_00522AA9
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0046F48F PFXImportCertStore,CertEnumCertificatesInStore,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptGenKey,CertOpenStore,CertStrToNameW,CertCloseStore,CertStrToNameW,CertCreateSelfSignCertificate,CertSetCRLContextProperty,CertAddCertificateContextToStore,PFXExportCertStoreEx,PFXExportCertStoreEx,0_2_0046F48F
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004942FF lstrcpynW,CryptQueryObject,GetLastError,CryptMsgGetParam,GetLastError,LocalAlloc,CryptMsgGetParam,CertFindCertificateInStore,GetLastError,0_2_004942FF
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00494519 LocalFree,LocalFree,CertFreeCRLContext,CertCloseStore,CryptMsgClose,0_2_00494519
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0046E8C7 CryptReleaseContext,0_2_0046E8C7
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0046E88C CryptDestroyKey,0_2_0046E88C
Source: uTorrent.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: uTorrent.exeStatic PE information: certificate valid
Source: uTorrent.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: c:\iBryte\Source\DLL\Installer\ADKAppsOfferManagerNoMFC\Release\ADKAppsOfferManager.pdb source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2875822727.000000006CDB1000.00000040.00000001.01000000.00000006.sdmp
Source: Binary string: C:\buildbot\utorrent_slave\utorrent_release\build\Build\uTorrentRelease\utorrent.pdb source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004040F6 FindFirstFileW,CreateFileW,CloseHandle,FindNextFileW,FindClose,0_2_004040F6
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004122AB FindFirstFileW,FindNextFileW,FindClose,0_2_004122AB
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00412341 FindFirstFileW,FindNextFileW,FindClose,0_2_00412341
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00462C59 FindFirstFileW,FindFirstFileW,FindClose,FindClose,FindFirstFileW,FindNextFileW,FindClose,0_2_00462C59
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0045F26D InterlockedIncrement,FindFirstFileW,FindNextFileW,FindClose,0_2_0045F26D
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004118D7 FindFirstFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_004118D7
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00411B84 FindFirstFileW,FindClose,0_2_00411B84
Source: Joe Sandbox ViewIP Address: 67.215.246.203 67.215.246.203
Source: Joe Sandbox ViewIP Address: 193.166.255.171 193.166.255.171
Source: global trafficHTTP traffic detected: GET /impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=setup_run&spsource=68E633381BD14a69BD08A05C22B72D6A&traffic_source=68E633381BD14a69BD08A05C22B72D6A&browser=CR&implementation_id=dll HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imp.install-zone.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0041A6AB WSARecv,WSASetLastError,0_2_0041A6AB
Source: global trafficHTTP traffic detected: GET /installoffer.php?h=gsH3T5oDAGRYQBO2&v=107049414&w=23F00206&l=en&c=CH&w64=1&db=iexplore.exe&cl=uTorrent&svp=4&tsub=1 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerretrievedfromserver&pid=7264&au=0&ServerOfferRetrieved=1&sec_offs=oc%2cadk&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showtbexists&pid=7264&au=0&tbe=0&cd=0&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=setup_run&spsource=68E633381BD14a69BD08A05C22B72D6A&traffic_source=68E633381BD14a69BD08A05C22B72D6A&browser=CR&implementation_id=dll HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imp.install-zone.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=7069859&error=invalid%20URL&dlurl=&svp=4&pid=7264&sz=0&bin=<NULL>bmp HTTP/1.1Host: update.utorrent.comUser-Agent: BTWebClient/3300(29126)Accept-Encoding: gzipConnection: Close
Source: global trafficHTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showwarning&pid=7264&au=0&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showinstall&pid=7264&au=0&au=0&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerapierror&pid=7264&au=0&OfferError=OfferNotReady&OfferProvider=OpenCandy&OfferType=Server&view=win32 HTTP/1.1Accept-Encoding: gzipUser-Agent: uTorrent/3300(29126)Host: update.utorrent.comCache-Control: no-cache
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: 'NScript Error: line=%d char=%d code=%d message=%s url=%serrorUrlerrorMessageerrorCodeerrorCharactererrorLineabout:blankenterleave%c%S%cport=%d&pair=%Hhttp://www.facebook.com/plugins/like.php?.cleverbridge.comcleverbridge.com.utorrent.com.bittorrent.comhttp://featuredcontent.staging.utorrent.comhttp://featuredcontent.utorrent.com/mailto:btresource:// equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: @cancelledhttps://www.facebook.com/dialog/oauthclient_id=%S&redirect_uri=%s&response_type=token&display=popup%s&scope=%Shttp://www.facebook.com/checkpoint/https://www.facebook.com/checkpoint/http://www.facebook.com/dialog/permissions.requesthttps://www.facebook.com/dialog/permissions.requesthttp://www.facebook.com/connect/uiserver.phphttps://www.facebook.com/connect/uiserver.phphttp://www.facebook.com/login.phphttps://www.facebook.com/login.phphttp://www.facebook.com/connect/login_success.htmlhttps://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: Nhttps://www.facebook.com/dialog/apprequestsapp_id=%S&display=popup&message=%s&redirect_uri=%s%s&to=%Shttp://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: uttE086.tmp.new.0.drString found in binary or memory: Recognizing the global nature of the Internet, you agree to comply with all local rules regarding online conduct and acceptable Content. Use of the Yahoo Services and transfer, posting and uploading of software, technology, and other technical data via the Yahoo Services may be subject to the export and import laws of the United States and other countries. You agree to comply with all applicable export and import laws and regulations, including without limitation the Export Administration Regulations (see http://www.access.gpo.gov/bis/ear/ear_data.html) and sanctions control programs of the United States (see http://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx). In particular, you represent and warrant that you: (a) are not a prohibited party identified on any government export exclusion lists (see http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm) or a member of a government of any other export-prohibited countries as identified in applicable export and import laws and regulations; (b) will not transfer software, technology, and other technical data via the Yahoo Services to export-prohibited parties or countries; (c) will not use the Yahoo Services for military, nuclear, missile, chemical or biological weaponry end uses in violation of U.S. export laws; and (d) will not transfer, upload, or post via the Yahoo Services any software, technology or other technical data in violation of U.S. or other applicable export or import laws. equals www.yahoo.com (Yahoo)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: uTorrent.exeString found in binary or memory: http://www.facebook.com/plugins/like.php? equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.facebook.com/dialog/apprequests equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: update.utorrent.com
Source: global trafficDNS traffic detected: DNS query: imp.install-zone.com
Source: global trafficDNS traffic detected: DNS query: config.install-zone.com
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://%s/installstats.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://%s/offers/conduit-default.bmp
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://%s/offers/conduit-default.exe
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://%s/offers/conduit-default.exeimage_urlhttp://%s/offers/conduit-default.bmpadkbunndlesecondary
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://%s/update_event.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://%s/updatestats.php
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://12345.ourtoolbar.com/LearnMore
Source: uTorrent.exeString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%S&file=%d
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%S&file=%d%S#http://localhost:%dfile=%Ubtapp:/select
Source: uTorrent.exeString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%x&file=%d
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%x&file=%dresult
Source: uTorrent.exeString found in binary or memory: http://127.0.0.1:%d/search?q=%%s
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://127.0.0.1:%d/search?q=%%shttp://www.bittorrent.comdlimagecache
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://2851619.ourtoolbar.com/eula
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://2851619.ourtoolbar.com/privacy
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://67.215.246.206/offers/SMStub-en-20150508.exe
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.bittorrent.com
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/Eula/TermsAndPrivacy.html
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: http://apps.bittorrent.com/Eula/TermsAndPrivacy.html11:footer_text314:Set
Source: uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.drString found in binary or memory: http://apps.bittorrent.com/Eula/TermsAndPrivacy.html2:id6:spigot9:image_url0:10:image_hash0:9:image_
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btapp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btappk
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/discoverContent/discoverContent.btapponei
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btappL
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.bittorrent.com/mism/ism.exe
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.bittorrent.com/mism/ism.exedeltree
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/store/store.btapp
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.bittorrent.com/store/store.btapphttp://apps.bittorrent.com/featuredcontent/featuredconte
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.bittorrent.com/torque/pairing/style.%s%scss
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.bittorrent.com/torque/pairing/style.%s%scssstyleiframe/gui/pairimage/x-ms-bmp/gui/pingim
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp?)8
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/plus2.btapp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapp
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/welcome.btapphttp://apps.bittorrent.com/utorrent-onbo
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.bittorrent.comVietnamese
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://bench.utorrent.com
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://bench.utorrent.comeventNamelcic_1lcic_0ltic_1ltic_0lreftectslclh
Source: uTorrent.exeString found in binary or memory: http://bit.ly/HTwxBj
Source: uTorrent.exeString found in binary or memory: http://certificates.godaddy.com/repository/0
Source: uTorrent.exeString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: uTorrent.exeString found in binary or memory: http://certificates.godaddy.com/repository/gdroot.crl0K
Source: uTorrent.exeString found in binary or memory: http://certificates.godaddy.com/repository0
Source: uTorrent.exeString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: uTorrent.exeString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: uTorrent.exeString found in binary or memory: http://certs.starfieldtech.com/repository/1/0-
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://config.install-zone.com
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&br
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-14.crl0S
Source: uTorrent.exeString found in binary or memory: http://crl.godaddy.com/gds5-16.crl0S
Source: uTorrent.exeString found in binary or memory: http://crl.starfieldtech.com/sfsroot.crl0S
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.thawte.com/ThawteServerPremiumCA.crl0
Source: uTorrent.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://download.utorrent.com/help/utorrent-help-3301.zip
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://download.utorrent.com/help/utorrent-help-3301.zip%s
Source: uTorrent.exeString found in binary or memory: http://download.utorrent.com/public/DivXPlayer.html
Source: uTorrent.exeString found in binary or memory: http://download.utorrent.com/public/DivXPlayer.html?url=%1
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://download.utorrent.com/public/DivXPlayer.htmlhttp://download.utorrent.com/public/DivXPlayer.ht
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download3.utorrent.com/offers/SMStub-en-20150508.exe
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download3.utorrent.com/offers/SMStub-en-20150508.exep=4&tsub=1%
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://dslreports.com/speedtest/
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion%
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion(x8j
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion=C:j
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionEb
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionSbb
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionabp
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionb
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionc
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversiond
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionf
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionfbw
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversiong
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionj
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionndows$
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionobN
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversiontbE
Source: uTorrent.exeString found in binary or memory: http://featuredcontent.staging.utorrent.com
Source: uTorrent.exeString found in binary or memory: http://featuredcontent.utorrent.com/
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874527484.0000000000C16000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://forum.utorrent.com.
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://forum.utorrent.com?client=utorrent3300
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://help.bittorrent.com
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://help.utorrent.com/customer/portal/articles/257678
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874527484.0000000000C0B000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=instal
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=setup_
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exe
Source: uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exe62:http://ll.download3.utorrent.com/of
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exeb
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exevk
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/offers/conduit-default.bmp
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/offers/conduit-default.bmpx
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/offers/conduit-default.exe
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/offers/conduit-default.exeats
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/Mbit/skbit/sbit/sok%s%d:%d:%d:%d:%shttp://update.utorrent.c
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/speedtestobjects.txt
Source: uTorrent.exeString found in binary or memory: http://ocsp.godaddy.com/0J
Source: uTorrent.exeString found in binary or memory: http://ocsp.godaddy.com0F
Source: uTorrent.exeString found in binary or memory: http://ocsp.starfieldtech.com/09
Source: uTorrent.exeString found in binary or memory: http://ocsp.thawte.com0
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arj
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arj:a
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjPa
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjUi
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjb
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjf
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjg
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjhttp://events.bittorrent.com/startConversionsettings.datbenchr
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjj
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjstf
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://offers.bittorrent.com/w/1.0/arjt=f
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://portforward.com/
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/share/share.btapp
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://remote.utorrent.com/
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://remote.utorrent.com/send?btih=
Source: uTorrent.exeString found in binary or memory: http://rssfeed.com/rss.xml
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://rssfeed.com/rss.xmlactive_panead_barplus_bgfile=%s
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: uTorrent.exeString found in binary or memory: http://search.conduit.com/Result
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://search.conduit.com/Results.aspx?ctid=CT3083945&amp;searchsource=45&amp;&%s
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://search.utorrent.com/bntop.html
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://svr-ov-crl.thawte.com/ThawteOV.crl0
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://tinyurl.com/api-create.php?url=%U
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://tinyurl.com/api-create.php?url=%U%s%H&dn=%U&message=%U%s%H&dn=%U&message=%U&sid=%s&cid=%Uhttp
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tracker001.legaltorrents.com:7070/announce
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tracker001.legaltorrents.com:7070/announcettix
Source: uTorrent.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: uTorrent.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: uTorrent.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://tshttp://update.bittorrent.com/time.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.bittorrent.com/time.php
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/hang.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/hang.phpunhungmtNA-%ddisknet:%d
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installoffer.php?h=gsH3T5oDAGRYQBO2&v=107049414&w=23F00206&l=en&c=CH&w64=
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/installoffer.phpOfferNotReadyNotProvidedDefaultBunndleonPageInit:DLG_OFFE
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installstats.php
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installstats.phpZ
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installstats.phpe)
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installstats.phpen-20150508.exet
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installstats.phpub-en-20150508.exe
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/speedserverlist.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/speedserverlist.phphttp://ll.www.bittorrent.com/llspeedtest/speedtestobje
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/speedstats.php?result=
Source: uTorrent.exeString found in binary or memory: http://update.utorrent.com/survey
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/survey%s
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://update.utorrent.com/uninstall?type=%s-%U&h=%s&v=%d
Source: uTorrent.exe, 00000000.00000003.1968797599.0000000003D4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=706
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://utorrent.com/download/langpacks/dl.php?build=29126&ref=client&client=utorrent&sys_l=%s&sel_l=
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://utorrent.com/rsstutorial.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://utorrent.com/testport?plain=1
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://utorrent.com/webui-guide.php
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://utorrent.com/webui/version-%s
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://utorrent.com/webui/webui-%s-%s.zip
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://utorrent.com/webui/webui-%s-%s.zip3.3http://utorrent.com/webui/version-%s.gz...gz
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: http://www.access.gpo.gov/bis/ear/ear_data.html)
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.apple.com/itunes
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm)
Source: uTorrent.exeString found in binary or memory: http://www.bittorrent.com
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.bittorrent.com/certified-devices/
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.bittorrent.com/certified-devices/http://www.apple.com/itunesdevice
Source: uTorrent.exeString found in binary or memory: http://www.bittorrent.com/dna/whatisdna/
Source: settings.dat.new.0.drString found in binary or memory: http://www.bittorrent.com/search?client=%v&search=
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mininova.org/search/?cat=0&search=
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.mininova.org/search/?cat=0&search=0
Source: uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, settings.dat.new.0.drString found in binary or memory: http://www.mininova.org/search/?cat=0&search=13:selected_catsle8:selfcert1797:0
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: http://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx).
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com.
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/download.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/download.php%d
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/faq
Source: uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/faq#mlabs
Source: uTorrent.exeString found in binary or memory: http://www.utorrent.com/faq.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/faq.php100
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/faq?client=utorrent3300
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/faq?client=utorrent3300http://forum.utorrent.com?client=utorrent3300http://w
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/legal/eula.
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com/testport.php?port=%d
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.com?client=utorrent3300
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.utorrent.comNoRepairNoModifyMinorVersionVersionMinorMajorVersionVersionMajorDisplayVersio
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://yogi.apps.bittorrent.com/track/?data=%s&ip=1
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://%s/checkupdate.php
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://%s/checkupdate.phphttp://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://activate.utorrent.com
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_av
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_codec
Source: uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_codecc
Source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_player
Source: uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate.utorrent.com/get_playerolumns
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://activate.utorrent.comGetProcessMemoryInfopsapi.dllHTTP
Source: uTorrent.exeString found in binary or memory: https://certs.starfieldtech.com/repository/0
Source: uTorrent.exe, 00000000.00000003.1968797599.0000000003D4A000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: https://info.yahoo.com/legal/us/yahoo/utos/terms/
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: https://info.yahoo.com/legal/us/yahoo/utos/terms/.
Source: uTorrent.exe, 00000000.00000003.1968797599.0000000003D4A000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: https://info.yahoo.com/privacy/us/yahoo/
Source: uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drString found in binary or memory: https://info.yahoo.com/privacy/us/yahoo/.
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000C0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: uTorrent.exeString found in binary or memory: https://remote.utorrent.com
Source: uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://remote.utorrent.comhttp://www.bittorrent.com/dna/whatisdna/http://bit.ly/HTwxBj%Z
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004E8812 IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,_strnicmp,_strnicmp,CloseClipboard,0_2_004E8812
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004E8812 IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,_strnicmp,_strnicmp,CloseClipboard,0_2_004E8812
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004BCAD5 GetAsyncKeyState,0_2_004BCAD5
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00411DC7 NtSetInformationFile,0_2_00411DC7
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00454C91: GetFileAttributesW,DeviceIoControl,SetEndOfFile,SetFileValidData,GetLastError,0_2_00454C91
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0043069F0_2_0043069F
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040C99D0_2_0040C99D
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004740500_2_00474050
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0043E16F0_2_0043E16F
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0048028C0_2_0048028C
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004083060_2_00408306
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004283180_2_00428318
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004983A40_2_004983A4
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0048441E0_2_0048441E
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040A4200_2_0040A420
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004384930_2_00438493
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004447A10_2_004447A1
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004228090_2_00422809
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0044C8380_2_0044C838
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0049A9B10_2_0049A9B1
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004B4A3C0_2_004B4A3C
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00438BD40_2_00438BD4
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00438E8E0_2_00438E8E
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00498EAF0_2_00498EAF
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0051CEBD0_2_0051CEBD
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0043AFD20_2_0043AFD2
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00498F890_2_00498F89
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004370D00_2_004370D0
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0048324C0_2_0048324C
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004FB21A0_2_004FB21A
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004433A80_2_004433A8
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0044552F0_2_0044552F
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0044D5820_2_0044D582
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004FB6A20_2_004FB6A2
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0043F76B0_2_0043F76B
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004417DB0_2_004417DB
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004837BF0_2_004837BF
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004678430_2_00467843
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0044B87F0_2_0044B87F
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0043BA7B0_2_0043BA7B
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00437B2E0_2_00437B2E
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00479CFD0_2_00479CFD
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0044E8F3 appears 52 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 004168D2 appears 35 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0040E828 appears 137 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 00415181 appears 52 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0040E80A appears 116 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0042920D appears 31 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 00427481 appears 79 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 004164F8 appears 33 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 004163D0 appears 44 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0046E196 appears 75 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0040E21C appears 37 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 00413713 appears 32 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0044FD6B appears 53 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 00427DB8 appears 47 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0046C1C2 appears 31 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 00415982 appears 39 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 004151DD appears 136 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 00416449 appears 94 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 00415121 appears 64 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 004327B6 appears 43 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0040E096 appears 32 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 00472875 appears 39 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 004327F2 appears 129 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0041640E appears 42 times
Source: C:\Users\user\Desktop\uTorrent.exeCode function: String function: 0047DC78 appears 58 times
Source: uTorrent.exeStatic PE information: Resource name: RT_DIALOG type: SVR2 pure executable (Amdahl-UTS) - version 1767344497
Source: uTorrent.exeStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
Source: uTorrent.exe, 00000000.00000002.2875912267.000000006CDF9000.00000004.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameADKAppsOfferManager.dll8 vs uTorrent.exe
Source: uTorrent.exeBinary or memory string: OriginalFilenameBunndleOfferManagerL vs uTorrent.exe
Source: uTorrent.exeBinary or memory string: OriginalFilenameADKAppsOfferManager.dll8 vs uTorrent.exe
Source: uTorrent.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: uTorrent.exeStatic PE information: Section: UPX1 ZLIB complexity 0.9983918599656357
Source: ADKAppsOfferManager.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9892021534974094
Source: classification engineClassification label: mal66.evad.winEXE@1/9@3/2
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004296E5 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,GetLastError,0_2_004296E5
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00411A5D GetDiskFreeSpaceExW,0_2_00411A5D
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004A853F FindResourceA,LoadResource,LockResource,SizeofResource,GlobalAlloc,FreeResource,memcpy,FreeResource,0_2_004A853F
Source: C:\Users\user\Desktop\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\1f91d2d17ea675d4c2c3192e241743f9_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ Torrent4823DF041B09
Source: C:\Users\user\Desktop\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\uttB8B8.tmpJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: uTorrent.exeReversingLabs: Detection: 30%
Source: uTorrent.exeVirustotal: Detection: 23%
Source: uTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
Source: uTorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURL %s
Source: uTorrent.exeString found in binary or memory: http://%s/installstats.php
Source: uTorrent.exeString found in binary or memory: utorrent-help.zip
Source: uTorrent.exeString found in binary or memory: %I.in-addr.arpa
Source: uTorrent.exeString found in binary or memory: add-stopped
Source: uTorrent.exeString found in binary or memory: http://download.utorrent.com/help/utorrent-help-3301.zip
Source: uTorrent.exeString found in binary or memory: -show-start-page
Source: uTorrent.exeString found in binary or memory: -open-thank-you-page -open-welcome -pair-key "%1" -launch-app client "%2"
Source: uTorrent.exeString found in binary or memory: http://update.utorrent.com/installoffer.php
Source: uTorrent.exeString found in binary or memory: Not-Installed
Source: C:\Users\user\Desktop\uTorrent.exeFile read: C:\Users\user\Desktop\uTorrent.exeJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: icmp.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: Accept
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: Next >
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: Accept
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: Next >
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: Accept
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: Accept
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: Next >
Source: C:\Users\user\Desktop\uTorrent.exeAutomated click: Accept
Source: uTorrent.exeStatic PE information: certificate valid
Source: uTorrent.exeStatic file information: File size 1051984 > 1048576
Source: uTorrent.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: c:\iBryte\Source\DLL\Installer\ADKAppsOfferManagerNoMFC\Release\ADKAppsOfferManager.pdb source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2875822727.000000006CDB1000.00000040.00000001.01000000.00000006.sdmp
Source: Binary string: C:\buildbot\utorrent_slave\utorrent_release\build\Build\uTorrentRelease\utorrent.pdb source: uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004782BF LoadLibraryA,GetProcAddress,GetLastError,0_2_004782BF
Source: uTorrent.exeStatic PE information: real checksum: 0xff000080 should be: 0x1075b8
Source: ADKAppsOfferManager.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x1e7a9
Source: uTorrent.exeStatic PE information: section name: .bunndle
Source: uTorrent.exeStatic PE information: section name: .adknow
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004A6B70 push eax; ret 0_2_004A6B9E
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004013EF push ecx; ret 0_2_004013FF
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\uTorrent.exeCode function: sprintf,CreateFileA,memset,DeviceIoControl,DeviceIoControl,isalnum,isalnum,memset,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%d0_2_00525793
Source: C:\Users\user\Desktop\uTorrent.exeCode function: sprintf,CreateFileA,DeviceIoControl,memset,CloseHandle, \\.\PhysicalDrive%d0_2_00525AA6
Source: C:\Users\user\Desktop\uTorrent.exeCode function: sprintf,CreateFileA,DeviceIoControl,malloc,DeviceIoControl,??3@YAXPAX@Z,CloseHandle, \\.\PhysicalDrive%d0_2_00525BC0
Source: C:\Users\user\Desktop\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\uTorrent.exeCode function: sprintf,CreateFileA,memset,DeviceIoControl,DeviceIoControl,isalnum,isalnum,memset,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%d0_2_00525793
Source: C:\Users\user\Desktop\uTorrent.exeCode function: sprintf,CreateFileA,DeviceIoControl,memset,CloseHandle, \\.\PhysicalDrive%d0_2_00525AA6
Source: C:\Users\user\Desktop\uTorrent.exeCode function: sprintf,CreateFileA,DeviceIoControl,malloc,DeviceIoControl,??3@YAXPAX@Z,CloseHandle, \\.\PhysicalDrive%d0_2_00525BC0
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00408183 IsIconic,??3@YAXPAX@Z,0_2_00408183
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040A420 GetForegroundWindow,??3@YAXPAX@Z,IsIconic,SetThreadExecutionState,??2@YAPAXI@Z,WaitForInputIdle,CloseHandle,_CIpow,SetWindowTextW,SetWindowTextW,GetWindowRect,??2@YAPAXI@Z,??3@YAXPAX@Z,PostMessageW,0_2_0040A420
Source: C:\Users\user\Desktop\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Delayed program exit found
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004169D0 Sleep,ExitProcess,0_2_004169D0
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\uTorrent.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeWindow / User API: foregroundWindowGot 798Jump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dllJump to dropped file
Source: C:\Users\user\Desktop\uTorrent.exeAPI coverage: 10.0 %
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004040F6 FindFirstFileW,CreateFileW,CloseHandle,FindNextFileW,FindClose,0_2_004040F6
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004122AB FindFirstFileW,FindNextFileW,FindClose,0_2_004122AB
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00412341 FindFirstFileW,FindNextFileW,FindClose,0_2_00412341
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00462C59 FindFirstFileW,FindFirstFileW,FindClose,FindClose,FindFirstFileW,FindNextFileW,FindClose,0_2_00462C59
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0045F26D InterlockedIncrement,FindFirstFileW,FindNextFileW,FindClose,0_2_0045F26D
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004118D7 FindFirstFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_004118D7
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00411B84 FindFirstFileW,FindClose,0_2_00411B84
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0047BB45 GetVersionExW,GetSystemInfo,GetLastError,0_2_0047BB45
Source: uTorrent.exe, 00000000.00000002.2875752408.0000000008B40000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#K!
Source: uTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874527484.0000000000B77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004782BF LoadLibraryA,GetProcAddress,GetLastError,0_2_004782BF
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0040C99D 73535D90,exit,GetCurrentThreadId,_wtoi,ExitProcess,GetProcessHeap,SetErrorMode,_wtoi,??2@YAPAXI@Z,??2@YAPAXI@Z,DeleteFileW,73A1A570,_wtoi,_wtoi,wcsstr,??2@YAPAXI@Z,InterlockedIncrement,InterlockedIncrement,??2@YAPAXI@Z,InterlockedIncrement,??2@YAPAXI@Z,InterlockedIncrement,??2@YAPAXI@Z,SetForegroundWindow,0_2_0040C99D
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00461A4D VirtualAlloc,SetUnhandledExceptionFilter,0_2_00461A4D
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00429348 keybd_event,keybd_event,keybd_event,0_2_00429348
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_004297E5 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_004297E5
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00525260 cpuid 0_2_00525260
Source: C:\Users\user\Desktop\uTorrent.exeCode function: GetLocaleInfoW,0_2_0042A58F
Source: C:\Users\user\Desktop\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_00428F52 GetLocalTime,0_2_00428F52
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0046E375 GetVersionExW,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_0046E375
Source: C:\Users\user\Desktop\uTorrent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: uTorrent.exeBinary or memory string: pg2.exe
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0046C4F6 socket,WSAGetLastError,ioctlsocket,setsockopt,setsockopt,WSAGetLastError,htons,bind,WSAGetLastError,inet_addr,inet_addr,inet_addr,setsockopt,WSAGetLastError,0_2_0046C4F6
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0041CDE4 setsockopt,_errno,_errno,strerror,WSAGetLastError,WSAGetLastError,WSAGetLastError,listen,0_2_0041CDE4
Source: C:\Users\user\Desktop\uTorrent.exeCode function: 0_2_0041B1AE bind,0_2_0041B1AE

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
Bootkit		1
Access Token Manipulation		1
Masquerading		11
Input Capture		1
System Time Discovery		Remote Services11
Input Capture		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Access Token Manipulation		LSASS Memory221
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager11
Application Window Discovery		SMB/Windows Admin Shares2
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook21
Obfuscated Files or Information		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput Capture12
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets36
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
Software Packing		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
uTorrent.exe30%ReversingLabsWin32.Trojan.Generic
uTorrent.exe23%VirustotalBrowse
uTorrent.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dll8%ReversingLabsWin32.PUA.Vigua
C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dll18%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
config.install-zone.com9%VirustotalBrowse
imp.install-zone.com10%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://bench.utorrent.comeventNamelcic_1lcic_0ltic_1ltic_0lreftectslclh0%Avira URL Cloudsafe
http://127.0.0.1:%d/proxy?sid=%S&file=%d%S#http://localhost:%dfile=%Ubtapp:/select0%Avira URL Cloudsafe
http://%s/update_event.php0%Avira URL Cloudsafe
http://127.0.0.1:%d/proxy?sid=%S&file=%d0%Avira URL Cloudsafe
http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&br100%Avira URL Cloudmalware
http://127.0.0.1:%d/proxy?sid=%x&file=%d0%Avira URL Cloudsafe
http://tracker001.legaltorrents.com:7070/announce0%Avira URL Cloudsafe
http://67.215.246.206/offers/SMStub-en-20150508.exe100%Avira URL Cloudmalware
http://127.0.0.1:%d/search?q=%%shttp://www.bittorrent.comdlimagecache0%Avira URL Cloudsafe
http://tracker001.legaltorrents.com:7070/announce0%VirustotalBrowse
https://%s/checkupdate.phphttp://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.0%Avira URL Cloudsafe
http://67.215.246.206/offers/SMStub-en-20150508.exe11%VirustotalBrowse
http://127.0.0.1:%d/search?q=%%s0%Avira URL Cloudsafe
http://config.install-zone.com100%Avira URL Cloudmalware
http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&br11%VirustotalBrowse
http://%s/offers/conduit-default.exe0%Avira URL Cloudsafe
http://apps.bittorrent.comVietnamese0%Avira URL Cloudsafe
http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=instal100%Avira URL Cloudmalware
http://rssfeed.com/rss.xml0%Avira URL Cloudsafe
http://config.install-zone.com9%VirustotalBrowse
http://rssfeed.com/rss.xml0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
update.utorrent.com
67.215.246.203
truefalse
    		high
    config.install-zone.com
    		193.166.255.171
    		truefalseunknown
    imp.install-zone.com
    		193.166.255.171
    		truefalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showtbexists&pid=7264&au=0&tbe=0&cd=0&view=win32false
      		high
      http://update.utorrent.com/updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=7069859&error=invalid%20URL&dlurl=&svp=4&pid=7264&sz=0&bin=<NULL>bmpfalse
        		high
        http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerretrievedfromserver&pid=7264&au=0&ServerOfferRetrieved=1&sec_offs=oc%2cadk&view=win32false
          		high
          http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerapierror&pid=7264&au=0&OfferError=OfferNotReady&OfferProvider=OpenCandy&OfferType=Server&view=win32false
            		high
            http://update.utorrent.com/installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showwarning&pid=7264&au=0&view=win32false
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://apps.bittorrent.com/utorrent-onboarding/welcome.btappuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://apps.bittorrent.com/discoverContent/discoverContent.btappuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://www.utorrent.com/faquTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpfalse
                    		high
                    http://certs.starfieldtech.com/repository/1/0-uTorrent.exefalse
                      		high
                      http://forum.utorrent.com.uTorrent.exe, uTorrent.exe, 00000000.00000002.2874527484.0000000000C16000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                        		high
                        http://utorrent.com/download/langpacks/dl.php?build=29126&ref=client&client=utorrent&sys_l=%s&sel_l=uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://utorrent.com/webui/webui-%s-%s.zipuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                            		high
                            http://2851619.ourtoolbar.com/privacyuTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://ocsp.starfieldtech.com/09uTorrent.exefalse
                                		high
                                http://bench.utorrent.comeventNamelcic_1lcic_0ltic_1ltic_0lreftectslclhuTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://dslreports.com/speedtest/uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpfalse
                                  		high
                                  http://events.bittorrent.com/startConversionSbbuTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://update.utorrent.comuTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.bittorrent.com/certified-devices/uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                        		high
                                        http://www.utorrent.com/faq.phpuTorrent.exefalse
                                          		high
                                          http://apps.bittorrent.com/utorrent-onboarding/welcome.btapphttp://apps.bittorrent.com/utorrent-onbouTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                            		high
                                            https://activate.utorrent.com/get_codeccuTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://offers.bittorrent.com/w/1.0/arjuTorrent.exe, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://update.utorrent.com/speedstats.php?result=uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                  		high
                                                  http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btappuTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://offers.bittorrent.com/w/1.0/arjPauTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://127.0.0.1:%d/proxy?sid=%S&file=%d%S#http://localhost:%dfile=%Ubtapp:/selectuTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://www.mininova.org/search/?cat=0&search=0uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                        		high
                                                        http://apps.bittorrent.com/discoverContent/discoverContent.btapponeiuTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://apps.bittorrent.com/utorrent-onboarding/player.btappuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://config.install-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?version=1.1&pid=2&ts=&bruTorrent.exe, 00000000.00000002.2874527484.0000000000BAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • 11%, Virustotal, Browse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://12345.ourtoolbar.com/LearnMoreuTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://utorrent.com/testport?plain=1uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                		high
                                                                http://update.utorrent.com/uninstall?type=%s-%U&h=%s&v=%duTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                  		high
                                                                  http://certificates.godaddy.com/repository/gd_intermediate.crt0uTorrent.exefalse
                                                                    		high
                                                                    http://events.bittorrent.com/startConversiontbEuTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://utorrent.com/webui/webui-%s-%s.zip3.3http://utorrent.com/webui/version-%s.gz...gzuTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                        		high
                                                                        http://crl.starfieldtech.com/sfsroot.crl0SuTorrent.exefalse
                                                                          		high
                                                                          http://offers.bittorrent.com/w/1.0/arjbuTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://update.utorrent.com/speedserverlist.phpuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                              		high
                                                                              http://%s/update_event.phpuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		low
                                                                              http://offers.bittorrent.com/w/1.0/arjguTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://127.0.0.1:%d/proxy?sid=%S&file=%duTorrent.exefalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                http://offers.bittorrent.com/w/1.0/arjfuTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://ll.download3.utorrent.com/offers/SMStub-en-20150508.exebuTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://offers.bittorrent.com/w/1.0/arjjuTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.utorrent.com?client=utorrent3300uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                        		high
                                                                                        http://utorrent.com/webui-guide.phpuTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                          		high
                                                                                          https://info.yahoo.com/privacy/us/yahoo/uTorrent.exe, 00000000.00000003.1968797599.0000000003D4A000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drfalse
                                                                                            		high
                                                                                            http://127.0.0.1:%d/proxy?sid=%x&file=%duTorrent.exefalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		low
                                                                                            http://tracker001.legaltorrents.com:7070/announceuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://offers.bittorrent.com/w/1.0/arjstfuTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://featuredcontent.staging.utorrent.comuTorrent.exefalse
                                                                                                		high
                                                                                                http://update.utorrent.com/updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=706uTorrent.exe, 00000000.00000003.1968797599.0000000003D4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://certs.starfieldtech.com/repository/0uTorrent.exefalse
                                                                                                    		high
                                                                                                    http://67.215.246.206/offers/SMStub-en-20150508.exeuTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • 11%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    http://certificates.godaddy.com/repository/0uTorrent.exefalse
                                                                                                      		high
                                                                                                      http://download3.utorrent.com/offers/SMStub-en-20150508.exeuTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://offers.bittorrent.com/w/1.0/arjhttp://events.bittorrent.com/startConversionsettings.datbenchruTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                          		high
                                                                                                          http://events.bittorrent.com/startConversion(x8juTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://forum.utorrent.com?client=utorrent3300uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                              		high
                                                                                                              http://update.utorrent.com/survey%suTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                		high
                                                                                                                http://offers.bittorrent.com/w/1.0/arjUiuTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://127.0.0.1:%d/search?q=%%shttp://www.bittorrent.comdlimagecacheuTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		low
                                                                                                                  https://%s/checkupdate.phphttp://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		low
                                                                                                                  http://apps.bittorrent.com/store/store.btapphttp://apps.bittorrent.com/featuredcontent/featuredconteuTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://update.bittorrent.com/time.phpuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0uTorrent.exefalse
                                                                                                                        		high
                                                                                                                        http://www.utorrent.com/testport.php?port=%duTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://remote.utorrent.com/send?btih=uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://127.0.0.1:%d/search?q=%%suTorrent.exefalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		low
                                                                                                                            http://config.install-zone.comuTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • 9%, Virustotal, Browse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            http://help.bittorrent.comuTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.mininova.org/search/?cat=0&search=uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003CF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://update.utorrent.com/installoffer.phpOfferNotReadyNotProvidedDefaultBunndleonPageInit:DLG_OFFEuTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://%s/offers/conduit-default.exeuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		low
                                                                                                                                  http://imp.install-zone.com/impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=instaluTorrent.exe, 00000000.00000002.2874527484.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874527484.0000000000C0B000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  http://update.utorrent.com/installstats.phpZuTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://2851619.ourtoolbar.com/eulauTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.utorrent.com/faq#mlabsuTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://remote.utorrent.com/uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm)uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drfalse
                                                                                                                                            		high
                                                                                                                                            http://update.utorrent.com/installoffer.php?h=gsH3T5oDAGRYQBO2&v=107049414&w=23F00206&l=en&c=CH&w64=uTorrent.exe, 00000000.00000002.2874527484.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://apps.bittorrent.com/Eula/TermsAndPrivacy.html11:footer_text314:SetuTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875193003.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drfalse
                                                                                                                                                		high
                                                                                                                                                http://certificates.godaddy.com/repository0uTorrent.exefalse
                                                                                                                                                  		high
                                                                                                                                                  https://activate.utorrent.com/get_codecuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2874478771.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tinyurl.com/api-create.php?url=%UuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.utorrent.com/legal/eula.uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://download.utorrent.com/help/utorrent-help-3301.zip%suTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://update.utorrent.com/surveyuTorrent.exefalse
                                                                                                                                                            		high
                                                                                                                                                            http://update.utorrent.com/hang.phpuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://apps.bittorrent.comVietnameseuTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.utorrent.com.uTorrent.exe, 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://bit.ly/HTwxBjuTorrent.exefalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://help.utorrent.com/customer/portal/articles/257678uTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://info.yahoo.com/privacy/us/yahoo/.uTorrent.exe, 00000000.00000003.1729552127.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729528837.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638568204.0000000003D1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1729568038.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000000.00000003.1638552387.0000000003D2F000.00000004.00000020.00020000.00000000.sdmp, toolbar_offer.benc.0.dr, toolbar.benc.new.0.dr, uttE086.tmp.new.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://activate.utorrent.com/get_playeruTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, uTorrent.exe, 00000000.00000002.2875001253.0000000003D12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://pr.apps.bittorrent.com/share/share.btappuTorrent.exe, 00000000.00000002.2874478771.0000000000AF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://rssfeed.com/rss.xmluTorrent.exefalse
                                                                                                                                                                          • 0%, Virustotal, Browse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://activate.utorrent.comuTorrent.exe, uTorrent.exe, 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                            		high

                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                            Public IPs

                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            67.215.246.203
                                                                                                                                                                            		update.utorrent.comUnited States
                                                                                                                                                                            		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                            193.166.255.171
                                                                                                                                                                            		config.install-zone.comFinland
                                                                                                                                                                            		1741FUNETASFIfalse

                                                                                                                                                                            General Information

                                                                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                            Analysis ID:1432046
                                                                                                                                                                            Start date and time:2024-04-26 10:57:49 +02:00
                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 5m 36s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                            Number of analysed new started processes analysed:6
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Sample name:uTorrent.exe
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal66.evad.winEXE@1/9@3/2
                                                                                                                                                                            EGA Information:
                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                            HCA Information:
                                                                                                                                                                            • Successful, ratio: 80%
                                                                                                                                                                            • Number of executed functions: 125
                                                                                                                                                                            • Number of non-executed functions: 251
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                            Warnings

                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                            Simulations

                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                            No simulations

                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                            IPs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            67.215.246.203BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • update.utorrent.com/installoffer.php?h=imQOwx_aMKM8rcmf&v=247556090&w=23F00206&l=en&c=CH&w64=1&db=iexplore.exe&cl=BitTorrent&svp=4
                                                                                                                                                                            BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • update.utorrent.com/installoffer.php?h=LGrCdlzYZ6xdNXqD&v=247556090&w=23F00206&l=en&c=CH&w64=1&db=iexplore.exe&cl=BitTorrent&svp=4
                                                                                                                                                                            SecuriteInfo.com.W32.uTorrent.A.gen.Eldorado.30680.8608.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • update.utorrent.com/featuredcontent.php?w=10.0
                                                                                                                                                                            SecuriteInfo.com.W32.uTorrent.A.gen.Eldorado.30680.8608.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • update.utorrent.com/featuredcontent.php?w=10.0
                                                                                                                                                                            uTorrent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • update.utorrent.com/featuredcontent.php?w=10.0
                                                                                                                                                                            193.166.255.171SecuriteInfo.com.W32.A-7d961ee5.Eldorado.18882.28582.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • imp.install-zone.com/impression.do/?user_id=5DAC5654-F897-4192-A576-955890FF2B03&event=setup_cancelled_dll_unitialized&spsource=&browser=CR&implementation_id=dll
                                                                                                                                                                            a5hbkmGD7N.exeGet hashmaliciousPushdoBrowse
                                                                                                                                                                            • www.synetik.net/
                                                                                                                                                                            SecuriteInfo.com.W32.A-7d961ee5.Eldorado.7374.8622.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • imp.install-zone.com/impression.do/?user_id=A6C92C74-32A2-4D2D-9566-E58C15B28C62&event=setup_cancelled_dll_unitialized&spsource=&browser=CR&implementation_id=dll
                                                                                                                                                                            h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • lousta.net/478/738.html
                                                                                                                                                                            2oivDTuQtl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • lousta.net/994/81.html
                                                                                                                                                                            eQcKjYOV30.exeGet hashmaliciousPushdoBrowse
                                                                                                                                                                            • www.synetik.net/
                                                                                                                                                                            file.exeGet hashmaliciousPushdo, DanaBot, SmokeLoaderBrowse
                                                                                                                                                                            • www.synetik.net/
                                                                                                                                                                            VuDUlvfL3Q.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • tra03.t3ded.com:8080/ra03/d.txt
                                                                                                                                                                            file.exeGet hashmaliciousPushdo, SmokeLoaderBrowse
                                                                                                                                                                            • www.synetik.net/
                                                                                                                                                                            file.exeGet hashmaliciousPushdo, SmokeLoaderBrowse
                                                                                                                                                                            • www.synetik.net/

                                                                                                                                                                            Domains

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            update.utorrent.comBitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 67.215.246.203
                                                                                                                                                                            BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 67.215.246.203
                                                                                                                                                                            SecuriteInfo.com.W32.uTorrent.A.gen.Eldorado.30680.8608.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 67.215.246.203
                                                                                                                                                                            SecuriteInfo.com.W32.uTorrent.A.gen.Eldorado.30680.8608.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 67.215.246.203
                                                                                                                                                                            ubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 67.215.246.203
                                                                                                                                                                            bittorrent_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 67.215.246.203
                                                                                                                                                                            DA362DFF8B39C6B4B92387F48F5BEB91CE55DBDF8BFE6.exeGet hashmaliciousAsyncRAT, RedLineBrowse
                                                                                                                                                                            • 67.215.246.203
                                                                                                                                                                            UvGeBNTPpT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 67.215.246.203
                                                                                                                                                                            config.install-zone.comSecuriteInfo.com.W32.A-7d961ee5.Eldorado.7374.8622.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 193.166.255.171
                                                                                                                                                                            imp.install-zone.comSecuriteInfo.com.W32.A-7d961ee5.Eldorado.18882.28582.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 193.166.255.171
                                                                                                                                                                            SecuriteInfo.com.W32.A-7d961ee5.Eldorado.18882.28582.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 193.166.255.171
                                                                                                                                                                            SecuriteInfo.com.W32.A-7d961ee5.Eldorado.7374.8622.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 193.166.255.171
                                                                                                                                                                            SecuriteInfo.com.W32.A-7d961ee5.Eldorado.7374.8622.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 193.166.255.171

                                                                                                                                                                            ASNs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            FUNETASFIuqGHhft2DO.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 193.166.100.150
                                                                                                                                                                            tajma.x86-20240422-0535.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                            • 157.24.67.225
                                                                                                                                                                            tajma.x86-20240421-1027.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                            • 193.166.235.126
                                                                                                                                                                            jLntRRok3B.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 86.50.103.40
                                                                                                                                                                            zfehGxWbb4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 153.1.190.159
                                                                                                                                                                            bnNLsZqj8B.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 193.166.147.193
                                                                                                                                                                            x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                            • 157.24.67.217
                                                                                                                                                                            ZJgGk9RNIE.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                            • 130.232.65.212
                                                                                                                                                                            ASN-QUADRANET-GLOBALUShttp://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                            • 185.174.102.62
                                                                                                                                                                            http://www.agilgas.com.br/wp-content/uploads/2024/04/tryythgghjhgfj.html#T0RQQ2pCOVhPSTJvNm12WEYvSGFNOUI2Q3J4bElveUFOazNibHR2QWI4SGp2aG4yU2kwVytiSzF6WjZnZXN5YUFpUTM5dmpINHlOM2JXdGVtdUM3c2UyMk1yVXROeVVDVVMzYUdOeHFWdDg9Get hashmaliciousPhisherBrowse
                                                                                                                                                                            • 67.215.237.58
                                                                                                                                                                            1713934625194381993b7036c2f81df0c4f94527f4e7bb43abdf90d09e24f7ee13cf33c8d8678.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                            • 23.226.132.239
                                                                                                                                                                            DHL Express Courier Pickup Confirmation CBJ231025122456.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                            • 64.188.18.137
                                                                                                                                                                            BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 173.254.195.58
                                                                                                                                                                            BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 173.254.195.58
                                                                                                                                                                            https://www.wsj.pm/download.phpGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                            • 185.174.102.62
                                                                                                                                                                            AWB NO. 077-57676135.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                            • 64.188.2.244
                                                                                                                                                                            hesaphareketi-01.pdf.SCR.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                            • 204.44.127.158
                                                                                                                                                                            4XAsw9FSr5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 72.11.146.60

                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                            No context

                                                                                                                                                                            Dropped Files

                                                                                                                                                                            No context

                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ADKAppsOfferManager.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):102400
                                                                                                                                                                            Entropy (8bit):7.953579303473261
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:o/ks+aDSlJWQFZj7ELw1lv4zjFTddZBfT52AiheSoutnz:oqcYpjgLwYddLQFheSoSn
                                                                                                                                                                            MD5:E91CD5BBCF94D8B3455254F7744F738C
                                                                                                                                                                            SHA1:F20AA129B741BF3495F823D47A12BBE1D011ACBA
                                                                                                                                                                            SHA-256:5EDB27F7E830C40BC0C02D1B3EA2933DF286C570FA37821D0E5F3BFB4A292477
                                                                                                                                                                            SHA-512:AF496B86C0B526190881B09020CD47B607E09D72743F72FE4F764829FADC658EBDCE24F7C990AA2CC56FB2DF038A125CFBC349957A33FA1FC08D177BA1991287
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                            • Antivirus: Virustotal, Detection: 18%, Browse
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q..c...c...c.......c......Ic.......c...r..c...d..c...c...c.......c.......c...1...c.......c..Rich.c..........PE..L......P...........!.................u....................................................@.........................@...H...............................................................................H...........................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................................................3.08.UPX!....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\uttE086.tmp (copy)

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):37197
                                                                                                                                                                            Entropy (8bit):4.864304301459863
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:1evyWcwwcuI6A2TtNgJjoUhxauGYvfexp33nMtuckiV6:1eqW/NuTKJ36uLfSpH9diA
                                                                                                                                                                            MD5:5AABF81554493E23D11AB78FB1B33EB0
                                                                                                                                                                            SHA1:ADB064DCB31CB26F1462D6CC3D2922B0566443C5
                                                                                                                                                                            SHA-256:1F268BA7E924567E38DA191BDBB8CE6CEC7D92A48DD1A113B42C5B27C2BFC01E
                                                                                                                                                                            SHA-512:3CA39C0D14BC745DC51A5F1631AA0EBC8D834AB275D74D45508877101FE720913F461C230D0652B25989D959682C5E0926A22FF3B50170FF704F2F8BB3C93100
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:d10:.fileguard40:9D0B6ED0A28C5075732AF17484EE15CE084A9EB63:adki1e1:c2:us4:ctid6:9035782:oci1e16:secondary_offersl2:oc3:adke8:toolbar0d14:base_parameter44:/cnid "903578" /hp /ntp_ie /wait /dsie /dsff9:body_text66:Please read the following information and terms before continuing.7:buttonsld7:defaulti0e5:label12:Accept Offer7:ordinali0e4:type6:accepted7:defaulti1e5:label13:Decline Offer7:ordinali1e4:type7:declineee10:checkboxesle9:eula_text35543:Yahoo Terms of Service..1. Acceptance of Terms..Yahoo! Inc. ("Yahoo") welcomes you. Yahoo provides the Yahoo Services (defined below) to you subject to the following Terms of Service ("TOS"), which may be updated by us from time to time without notice to you. You can review the most current version of the TOS at any time at: https://info.yahoo.com/legal/us/yahoo/utos/terms/. By accessing and using the Yahoo Services, you accept and agree to be bound by the terms and provision of the TOS. In addition, when using particular Yahoo owned or operated s

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\uttE086.tmp.new

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):37197
                                                                                                                                                                            Entropy (8bit):4.864304301459863
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:1evyWcwwcuI6A2TtNgJjoUhxauGYvfexp33nMtuckiV6:1eqW/NuTKJ36uLfSpH9diA
                                                                                                                                                                            MD5:5AABF81554493E23D11AB78FB1B33EB0
                                                                                                                                                                            SHA1:ADB064DCB31CB26F1462D6CC3D2922B0566443C5
                                                                                                                                                                            SHA-256:1F268BA7E924567E38DA191BDBB8CE6CEC7D92A48DD1A113B42C5B27C2BFC01E
                                                                                                                                                                            SHA-512:3CA39C0D14BC745DC51A5F1631AA0EBC8D834AB275D74D45508877101FE720913F461C230D0652B25989D959682C5E0926A22FF3B50170FF704F2F8BB3C93100
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:d10:.fileguard40:9D0B6ED0A28C5075732AF17484EE15CE084A9EB63:adki1e1:c2:us4:ctid6:9035782:oci1e16:secondary_offersl2:oc3:adke8:toolbar0d14:base_parameter44:/cnid "903578" /hp /ntp_ie /wait /dsie /dsff9:body_text66:Please read the following information and terms before continuing.7:buttonsld7:defaulti0e5:label12:Accept Offer7:ordinali0e4:type6:accepted7:defaulti1e5:label13:Decline Offer7:ordinali1e4:type7:declineee10:checkboxesle9:eula_text35543:Yahoo Terms of Service..1. Acceptance of Terms..Yahoo! Inc. ("Yahoo") welcomes you. Yahoo provides the Yahoo Services (defined below) to you subject to the following Terms of Service ("TOS"), which may be updated by us from time to time without notice to you. You can review the most current version of the TOS at any time at: https://info.yahoo.com/legal/us/yahoo/utos/terms/. By accessing and using the Yahoo Services, you accept and agree to be bound by the terms and provision of the TOS. In addition, when using particular Yahoo owned or operated s

                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\1f91d2d17ea675d4c2c3192e241743f9_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:Matlab v4 mat-file (little endian) , sparse, rows 0, columns 64
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1508
                                                                                                                                                                            Entropy (8bit):7.361971812829032
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:yF2kRUebVprpkYf4YTYIW0n1ANu6TtB7BAi39YdITvWDWxkj:yF2kRUip1PTYIW0B6TLBFrvd8
                                                                                                                                                                            MD5:539DADCC68D37934A14EAF8E53406D8C
                                                                                                                                                                            SHA1:F089AB673696A1F6DF0125AB1008E897AC5A1CC1
                                                                                                                                                                            SHA-256:9CF8887EF36BE3A5AAE8B793F1C972C775ED0D83FBC1832369EEC5B5E96A00F3
                                                                                                                                                                            SHA-512:037AE90CB88871AE085BC5F078BB8EA8B6479B7E8B8B463A389321DB00D267F610886D239E0D90FF0A750A995C3CE0F46B3431F3DA32CA0726906D3A7CA71376
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:........@...............................C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent.....................RSA1................Qq..jI.`.d(.x<&....D.N.9.4..>...u....5.>....?...^Z...4H5...b#r...c.r.7..+..G..".E Q......-..-."9?\..j..........1..I.F.....................z..O.......V.XbM.J.M&.EN......,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ...tz.D....C.(5.&.k...@....s.t.Ih,............ .....EQ...(N(.]L..s,.*1.m......v.....".<.;..b../].0AU..TL.mzF..R-GC.....[C.L=v..A%.'mo*ma..q..>~...4-...|I.1.Z._9..6..o.........F_m0..w..../.iQ3.6..)E......;.8|....tS.uw.......JtvO.EG...N^.m2s.. .....M..Y.G.s.8..'../.1|.s@.....=:..Z.{...2.fx. ..C..L.........P...Ai|...R..HA.....>.|........?.....|.u.U........`3.d$......(....P...=.C..^..'R.....\.v.?}....l....&.G2S......\...!.f\...&o..Zw7.0X#.[..rv..F#...z.Y..%n..~N..._.:.k"9....+".d......@...b.b(^...Z....h.w......#~......A.\...ib......6..V...<..-`.....D.#.@I.1L...n...'.kY.&.w.A..);..2...

                                                                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\settings.dat (copy)

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5368
                                                                                                                                                                            Entropy (8bit):6.0567025779933035
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:HpvRGOT09Ju4xOAPFf0fMiz50eeNHwt+qo3oL8:Hp5GOT09OumR1eNHAdw
                                                                                                                                                                            MD5:8FCCCB6A92F7F2614454C8BF8AD06344
                                                                                                                                                                            SHA1:C01F4F315CF4B9F6026EDBC1608A8F92445BAB3D
                                                                                                                                                                            SHA-256:EE3204368C4E8B79CC721F64C5EDED2D396B1FBD61F5D645EBEB28A41A45AA4E
                                                                                                                                                                            SHA-512:BE857E92B06522D5718A998D94DBE37FE4ECB8E185C6E63D5EBD72528E312750A4BF68B00A820C67800180F0F064CA034AA00C1A0B3FAE3D9A8F2EDD8B822D70
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:d10:.fileguard40:71B9D2E641600E3243A2B5F2C9BB2A97FA39F72515:add_dialog_histle9:addpreloc8:........9:addprewnd8:........4:appsd7:applistlee4:asszi0e3:av28:........13:benchrecorderde7:born_oni13358595515e14:born_on_remotei0e30:bt.no_connect_to_services_list23:25,80,110,443,6666,66678:channelsd11:channellistlee17:check_update_betai0e3:cid24:... ...O...dX@.....f...P4:cids28:... ...O...dX@.....f...P.l+f7:ct_histle19:daily_download_hist248:........................................................................................................................................................................................................................................................25:daily_local_download_hist248:........................................................................................................................................................................................................................................................23:daily_local_upload_hist248:....

                                                                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\settings.dat.new

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5368
                                                                                                                                                                            Entropy (8bit):6.0567025779933035
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:HpvRGOT09Ju4xOAPFf0fMiz50eeNHwt+qo3oL8:Hp5GOT09OumR1eNHAdw
                                                                                                                                                                            MD5:8FCCCB6A92F7F2614454C8BF8AD06344
                                                                                                                                                                            SHA1:C01F4F315CF4B9F6026EDBC1608A8F92445BAB3D
                                                                                                                                                                            SHA-256:EE3204368C4E8B79CC721F64C5EDED2D396B1FBD61F5D645EBEB28A41A45AA4E
                                                                                                                                                                            SHA-512:BE857E92B06522D5718A998D94DBE37FE4ECB8E185C6E63D5EBD72528E312750A4BF68B00A820C67800180F0F064CA034AA00C1A0B3FAE3D9A8F2EDD8B822D70
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:d10:.fileguard40:71B9D2E641600E3243A2B5F2C9BB2A97FA39F72515:add_dialog_histle9:addpreloc8:........9:addprewnd8:........4:appsd7:applistlee4:asszi0e3:av28:........13:benchrecorderde7:born_oni13358595515e14:born_on_remotei0e30:bt.no_connect_to_services_list23:25,80,110,443,6666,66678:channelsd11:channellistlee17:check_update_betai0e3:cid24:... ...O...dX@.....f...P4:cids28:... ...O...dX@.....f...P.l+f7:ct_histle19:daily_download_hist248:........................................................................................................................................................................................................................................................25:daily_local_download_hist248:........................................................................................................................................................................................................................................................23:daily_local_upload_hist248:....

                                                                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\toolbar.benc (copy)

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):37197
                                                                                                                                                                            Entropy (8bit):4.864304301459863
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:1evyWcwwcuI6A2TtNgJjoUhxauGYvfexp33nMtuckiV6:1eqW/NuTKJ36uLfSpH9diA
                                                                                                                                                                            MD5:5AABF81554493E23D11AB78FB1B33EB0
                                                                                                                                                                            SHA1:ADB064DCB31CB26F1462D6CC3D2922B0566443C5
                                                                                                                                                                            SHA-256:1F268BA7E924567E38DA191BDBB8CE6CEC7D92A48DD1A113B42C5B27C2BFC01E
                                                                                                                                                                            SHA-512:3CA39C0D14BC745DC51A5F1631AA0EBC8D834AB275D74D45508877101FE720913F461C230D0652B25989D959682C5E0926A22FF3B50170FF704F2F8BB3C93100
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:d10:.fileguard40:9D0B6ED0A28C5075732AF17484EE15CE084A9EB63:adki1e1:c2:us4:ctid6:9035782:oci1e16:secondary_offersl2:oc3:adke8:toolbar0d14:base_parameter44:/cnid "903578" /hp /ntp_ie /wait /dsie /dsff9:body_text66:Please read the following information and terms before continuing.7:buttonsld7:defaulti0e5:label12:Accept Offer7:ordinali0e4:type6:accepted7:defaulti1e5:label13:Decline Offer7:ordinali1e4:type7:declineee10:checkboxesle9:eula_text35543:Yahoo Terms of Service..1. Acceptance of Terms..Yahoo! Inc. ("Yahoo") welcomes you. Yahoo provides the Yahoo Services (defined below) to you subject to the following Terms of Service ("TOS"), which may be updated by us from time to time without notice to you. You can review the most current version of the TOS at any time at: https://info.yahoo.com/legal/us/yahoo/utos/terms/. By accessing and using the Yahoo Services, you accept and agree to be bound by the terms and provision of the TOS. In addition, when using particular Yahoo owned or operated s

                                                                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\toolbar.benc.new

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):37197
                                                                                                                                                                            Entropy (8bit):4.864304301459863
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:1evyWcwwcuI6A2TtNgJjoUhxauGYvfexp33nMtuckiV6:1eqW/NuTKJ36uLfSpH9diA
                                                                                                                                                                            MD5:5AABF81554493E23D11AB78FB1B33EB0
                                                                                                                                                                            SHA1:ADB064DCB31CB26F1462D6CC3D2922B0566443C5
                                                                                                                                                                            SHA-256:1F268BA7E924567E38DA191BDBB8CE6CEC7D92A48DD1A113B42C5B27C2BFC01E
                                                                                                                                                                            SHA-512:3CA39C0D14BC745DC51A5F1631AA0EBC8D834AB275D74D45508877101FE720913F461C230D0652B25989D959682C5E0926A22FF3B50170FF704F2F8BB3C93100
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:d10:.fileguard40:9D0B6ED0A28C5075732AF17484EE15CE084A9EB63:adki1e1:c2:us4:ctid6:9035782:oci1e16:secondary_offersl2:oc3:adke8:toolbar0d14:base_parameter44:/cnid "903578" /hp /ntp_ie /wait /dsie /dsff9:body_text66:Please read the following information and terms before continuing.7:buttonsld7:defaulti0e5:label12:Accept Offer7:ordinali0e4:type6:accepted7:defaulti1e5:label13:Decline Offer7:ordinali1e4:type7:declineee10:checkboxesle9:eula_text35543:Yahoo Terms of Service..1. Acceptance of Terms..Yahoo! Inc. ("Yahoo") welcomes you. Yahoo provides the Yahoo Services (defined below) to you subject to the following Terms of Service ("TOS"), which may be updated by us from time to time without notice to you. You can review the most current version of the TOS at any time at: https://info.yahoo.com/legal/us/yahoo/utos/terms/. By accessing and using the Yahoo Services, you accept and agree to be bound by the terms and provision of the TOS. In addition, when using particular Yahoo owned or operated s

                                                                                                                                                                            C:\Users\user\AppData\Roaming\uTorrent\toolbar_offer.benc

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):37141
                                                                                                                                                                            Entropy (8bit):4.858619842303039
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:+evyWcwwcuI6A2TtNgJjoUhxauGYvfexp33nMtuckicNl:+eqW/NuTKJ36uLfSpH9di6
                                                                                                                                                                            MD5:01049181FAF1DAA42AF11340AAC4B4A5
                                                                                                                                                                            SHA1:E86DD9E559B60BAEA119648C2E26B69CD1E34CF1
                                                                                                                                                                            SHA-256:2CD4CCEC276D9EB2A07D2A312430C96A6962EB927E1BF3C49E882710CDEC26F0
                                                                                                                                                                            SHA-512:C5DC2AB76B09D25F7BF8AF6D6C5CA01BE3B1FE78778632819BCFA05D41E5E422248B960945EFABC081B40875CF404027B6865D506D2738E24DFCEB0A9E0B9AE3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:d16:secondary_offersl2:oc3:adke2:oci1e3:adki1e8:toolbar0d5:title12:Search Offer8:subtitle0:9:body_text66:Please read the following information and terms before continuing.11:footer_text314:Set my homepage, default search && new tab to Yahoo! on Internet Explorer, Firefox && Chrome...By clicking "Accept Offer", you have read the <a href="https://info.yahoo.com/legal/us/yahoo/utos/terms/">Terms of Use</a> && <a href="https://info.yahoo.com/privacy/us/yahoo/">Privacy policy</a> and agree to the offer.9:eula_text35543:Yahoo Terms of Service..1. Acceptance of Terms..Yahoo! Inc. ("Yahoo") welcomes you. Yahoo provides the Yahoo Services (defined below) to you subject to the following Terms of Service ("TOS"), which may be updated by us from time to time without notice to you. You can review the most current version of the TOS at any time at: https://info.yahoo.com/legal/us/yahoo/utos/terms/. By accessing and using the Yahoo Services, you accept and agree to be bound by the terms and provision

                                                                                                                                                                            Static File Info

                                                                                                                                                                            General

                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                            Entropy (8bit):7.94349909163898
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.39%
                                                                                                                                                                            • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                                                                            • Win32 EXE Yoda's Crypter (26571/9) 0.26%
                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                            File name:uTorrent.exe
                                                                                                                                                                            File size:1'051'984 bytes
                                                                                                                                                                            MD5:35238d8e052c7cfdde63e6c11ce852fa
                                                                                                                                                                            SHA1:8724c59a257e11a4d91c2b891297c16549255221
                                                                                                                                                                            SHA256:6453d431431ec8ccb8b859e079062750a7f50f0b6f4266ebbed97a36f45013a1
                                                                                                                                                                            SHA512:05c30e8e1762818a29621b64de11d227f8e3b8fa6630b85b199cf2cf275ca3bc6ca543666d5f1a5c1145d392a069682038ed40ddbac02cf752a3159b85fc641c
                                                                                                                                                                            SSDEEP:24576:5FLq6TL3Sz7KBkfrh6wdJKue3xsRSviq1p5V20qeb:5FLq6fiPKBcrhvzuBs6pD20qeb
                                                                                                                                                                            TLSH:F625238B76A08C52C5E8C1300D63B43D08B67D256F8927BAB388777FAEF371199556B0
                                                                                                                                                                            File Content Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$............y...y...y...f...y.......y.......y..,q...y...y...y...f...y...y...{...f...y...e...y..,e...y...f...y....}..y...+k..y....z.Ry.

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:cc866d4d4d399af8

                                                                                                                                                                            Static PE Info

                                                                                                                                                                            General

                                                                                                                                                                            Entrypoint:0x63f0d0
                                                                                                                                                                            Entrypoint Section:UPX1
                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                            Time Stamp:0x511D48F5 [Thu Feb 14 20:28:37 2013 UTC]
                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                            File Version Major:5
                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                            Import Hash:38c31b023733037fc43acaec2428fde4

                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                            Signature Valid:true
                                                                                                                                                                            Signature Issuer:CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                                                            Error Number:0
                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                            • 21/06/2010 01:00:00 27/07/2013 00:59:59
                                                                                                                                                                            Subject Chain
                                                                                                                                                                            • CN=BitTorrent Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BitTorrent Inc, L=San Francisco, S=California, C=US
                                                                                                                                                                            Version:3
                                                                                                                                                                            Thumbprint MD5:4A2AD1F358F2CC92E9365EEA9D7E827E
                                                                                                                                                                            Thumbprint SHA-1:1D132064BA317AC022DF309CCC750DA6E6A7A144
                                                                                                                                                                            Thumbprint SHA-256:2A5B779C89DE4A7F2A8F07153A699EF37EC6D057022F6F279AD5DB415511F2F3
                                                                                                                                                                            Serial:36BC30562A650AFAA5AD101ECD643AB4

                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                            Instruction
                                                                                                                                                                            pushad
                                                                                                                                                                            mov esi, 0058A000h
                                                                                                                                                                            lea edi, dword ptr [esi-00189000h]
                                                                                                                                                                            push edi
                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                            lea ebx, dword ptr [esp-00003E80h]
                                                                                                                                                                            xor eax, eax
                                                                                                                                                                            push eax
                                                                                                                                                                            cmp esp, ebx
                                                                                                                                                                            jne 00007F3B24C5DA9Dh
                                                                                                                                                                            inc esi
                                                                                                                                                                            inc esi
                                                                                                                                                                            push ebx
                                                                                                                                                                            push 0023D64Bh
                                                                                                                                                                            push edi
                                                                                                                                                                            add ebx, 04h
                                                                                                                                                                            push ebx
                                                                                                                                                                            push 000B50C0h
                                                                                                                                                                            push esi
                                                                                                                                                                            add ebx, 04h
                                                                                                                                                                            push ebx
                                                                                                                                                                            push eax
                                                                                                                                                                            mov dword ptr [ebx], 00020003h
                                                                                                                                                                            nop
                                                                                                                                                                            nop
                                                                                                                                                                            nop
                                                                                                                                                                            nop
                                                                                                                                                                            nop
                                                                                                                                                                            push ebp
                                                                                                                                                                            push edi
                                                                                                                                                                            push esi
                                                                                                                                                                            push ebx
                                                                                                                                                                            sub esp, 7Ch
                                                                                                                                                                            mov edx, dword ptr [esp+00000090h]
                                                                                                                                                                            mov dword ptr [esp+74h], 00000000h
                                                                                                                                                                            mov byte ptr [esp+73h], 00000000h
                                                                                                                                                                            mov ebp, dword ptr [esp+0000009Ch]
                                                                                                                                                                            lea eax, dword ptr [edx+04h]
                                                                                                                                                                            mov dword ptr [esp+78h], eax
                                                                                                                                                                            mov eax, 00000001h
                                                                                                                                                                            movzx ecx, byte ptr [edx+02h]
                                                                                                                                                                            mov ebx, eax
                                                                                                                                                                            shl ebx, cl
                                                                                                                                                                            mov ecx, ebx
                                                                                                                                                                            dec ecx
                                                                                                                                                                            mov dword ptr [esp+6Ch], ecx
                                                                                                                                                                            movzx ecx, byte ptr [edx+01h]
                                                                                                                                                                            shl eax, cl
                                                                                                                                                                            dec eax
                                                                                                                                                                            mov dword ptr [esp+68h], eax
                                                                                                                                                                            mov eax, dword ptr [esp+000000A8h]
                                                                                                                                                                            movzx esi, byte ptr [edx]
                                                                                                                                                                            mov dword ptr [ebp+00h], 00000000h
                                                                                                                                                                            mov dword ptr [esp+60h], 00000000h
                                                                                                                                                                            mov dword ptr [eax], 00000000h
                                                                                                                                                                            mov eax, 00000300h
                                                                                                                                                                            mov dword ptr [esp+64h], esi
                                                                                                                                                                            mov dword ptr [esp+5Ch], 00000001h
                                                                                                                                                                            mov dword ptr [esp+58h], 00000001h
                                                                                                                                                                            mov dword ptr [esp+54h], 00000001h

                                                                                                                                                                            Rich Headers

                                                                                                                                                                            Programming Language:
                                                                                                                                                                            • [C++] VS2005 build 50727
                                                                                                                                                                            • [IMP] VS2005 build 50727
                                                                                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                            • [ASM] VS2008 build 21022
                                                                                                                                                                            • [C++] VS2008 SP1 build 30729
                                                                                                                                                                            • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                            Data Directories

                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x24af000x3dc.rsrc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2400000xaf00.rsrc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0xff6000x1750UPX0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                            Sections

                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                            UPX00x10000x1890000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            UPX10x18a0000xb60000xb5e00bb0ee30c31955a993fc89ed507e812afFalse0.9983918599656357ARC archive data, packed7.999574044933161IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .rsrc0x2400000xc0000xb400fcc32ef70bcce4a3680bb811e2a7034bFalse0.43680555555555556data5.107999520690387IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .bunndle0x24c0000x250000x25000e15030d3e5e3acae6b3588574d161a21False0.8968934755067568PE32 executable (DLL) (console) Intel 80386, for MS Windows, UPX compressed7.872091514858161IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_SHARED
                                                                                                                                                                            .adknow0x2710000x190000x19000e91cd5bbcf94d8b3455254f7744f738cFalse0.9712890625PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed7.953579303473261IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_SHARED

                                                                                                                                                                            Resources

                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                            GIF0x222b000xc88dataSwedishSweden1.003428927680798
                                                                                                                                                                            PNG0x221a880x241dataSwedishSweden1.0190641247833623
                                                                                                                                                                            PNG0x221cd00x3e3dataSwedishSweden1.0110552763819096
                                                                                                                                                                            PNG0x2220b80x560OpenPGP Public KeySwedishSweden1.0079941860465116
                                                                                                                                                                            PNG0x2226180x4e4dataSwedishSweden1.0087859424920127
                                                                                                                                                                            RT_BITMAP0x2237880x4228dataSwedishSweden1.0009447331128956
                                                                                                                                                                            RT_BITMAP0x2279b00x82adataSwedishSweden1.0052631578947369
                                                                                                                                                                            RT_BITMAP0x2281e00x292dataSwedishSweden1.0167173252279635
                                                                                                                                                                            RT_ICON0x1d63d00x10a8SysEx File - FostexEnglishUnited States1.002579737335835
                                                                                                                                                                            RT_ICON0x1d74900x8a8dataEnglishUnited States1.0049638989169676
                                                                                                                                                                            RT_ICON0x1d7d500x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1da3100x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1dc8d00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1dee900x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1e14500x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1e3a100x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1e5fd00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1e85900x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1eab500x10a8dataEnglishUnited States1.002579737335835
                                                                                                                                                                            RT_ICON0x1ebc100x8a8dataEnglishUnited States1.0049638989169676
                                                                                                                                                                            RT_ICON0x1ec4d00x8a8dataEnglishUnited States1.0049638989169676
                                                                                                                                                                            RT_ICON0x1ecd900x8a8dataEnglishUnited States1.0049638989169676
                                                                                                                                                                            RT_ICON0x1ed6500x5e8dataEnglishUnited States1.0072751322751323
                                                                                                                                                                            RT_ICON0x1edc500x8d68dataEnglishUnited States1.0005801104972376
                                                                                                                                                                            RT_ICON0x1f69d00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1f8f900x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x1fb5500xa58dataEnglishUnited States1.0041540785498488
                                                                                                                                                                            RT_ICON0x1fbfc00x1fc8dataEnglishUnited States1.0013520157325466
                                                                                                                                                                            RT_ICON0x1fdfa00xca8dataEnglishUnited States1.003395061728395
                                                                                                                                                                            RT_ICON0x1fec600xca8dataEnglishUnited States1.003395061728395
                                                                                                                                                                            RT_ICON0x1ff9200xca8dataEnglishUnited States1.003395061728395
                                                                                                                                                                            RT_ICON0x2005e00x4768dataEnglishUnited States1.000875273522976
                                                                                                                                                                            RT_ICON0x204d600x4768dataEnglishUnited States1.000875273522976
                                                                                                                                                                            RT_ICON0x2094e00x25a8dataEnglishUnited States1.0011410788381743
                                                                                                                                                                            RT_ICON0x20baa00x2668dataEnglishUnited States1.0011187957689178
                                                                                                                                                                            RT_ICON0x2423d40x528Device independent bitmap graphic, 16 x 32 x 32, image size 1280SwedishSweden0.23257575757575757
                                                                                                                                                                            RT_ICON0x2429000xb68Device independent bitmap graphic, 24 x 48 x 32, image size 2880SwedishSweden0.5030821917808219
                                                                                                                                                                            RT_ICON0x24346c0x1428Device independent bitmap graphic, 32 x 64 x 32, image size 5120SwedishSweden0.11976744186046512
                                                                                                                                                                            RT_ICON0x2448980x2d28Device independent bitmap graphic, 48 x 96 x 32, image size 11520SwedishSweden0.08339100346020761
                                                                                                                                                                            RT_ICON0x2475c40x30ffPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedSwedishSweden0.995854261340987
                                                                                                                                                                            RT_ICON0x2164500x8a8dataSwedishSweden1.0049638989169676
                                                                                                                                                                            RT_ICON0x216d100x568dataSwedishSweden1.0079479768786128
                                                                                                                                                                            RT_ICON0x2172900x128OpenPGP Public KeySwedishSweden1.037162162162162
                                                                                                                                                                            RT_ICON0x2173d00x8a8dataSwedishSweden1.0049638989169676
                                                                                                                                                                            RT_ICON0x217c900x8a8dataSwedishSweden1.0049638989169676
                                                                                                                                                                            RT_ICON0x2185500x468dataSwedishSweden1.0097517730496455
                                                                                                                                                                            RT_ICON0x2189d00x468dataSwedishSweden1.0097517730496455
                                                                                                                                                                            RT_ICON0x218e500x468dataSwedishSweden1.0097517730496455
                                                                                                                                                                            RT_DIALOG0x21e8080xbcdataSwedishSweden1.0585106382978724
                                                                                                                                                                            RT_DIALOG0x21a7680x72dataSwedishSweden1.0964912280701755
                                                                                                                                                                            RT_DIALOG0x21a8580x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                            RT_DIALOG0x21a8d00x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                            RT_DIALOG0x21a9480x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                            RT_DIALOG0x21a9c00xe2SVR2 pure executable (Amdahl-UTS) - version 1767344497SwedishSweden1.0486725663716814
                                                                                                                                                                            RT_DIALOG0x21a7e00x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                            RT_DIALOG0x21aaa80x78dataSwedishSweden1.0916666666666666
                                                                                                                                                                            RT_DIALOG0x21a7280x40dataSwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x21c5300xfcdataSwedishSweden1.0436507936507937
                                                                                                                                                                            RT_DIALOG0x21c6300x35cdataSwedishSweden1.0127906976744185
                                                                                                                                                                            RT_DIALOG0x21c9900x360dataSwedishSweden1.0127314814814814
                                                                                                                                                                            RT_DIALOG0x21cf900x380dataSwedishSweden1.0122767857142858
                                                                                                                                                                            RT_DIALOG0x21d7f00x240dataSwedishSweden1.0190972222222223
                                                                                                                                                                            RT_DIALOG0x21da300x164dataSwedishSweden1.0308988764044944
                                                                                                                                                                            RT_DIALOG0x21ccf00x2a0dataSwedishSweden1.0163690476190477
                                                                                                                                                                            RT_DIALOG0x21ddf80x198dataSwedishSweden1.0269607843137254
                                                                                                                                                                            RT_DIALOG0x21df900x180dataSwedishSweden1.0286458333333333
                                                                                                                                                                            RT_DIALOG0x219d700x80dataSwedishSweden1.0859375
                                                                                                                                                                            RT_DIALOG0x21a3e80x340DOS executable (COM, 0x8C-variant)SwedishSweden1.0132211538461537
                                                                                                                                                                            RT_DIALOG0x21ba380x100dataSwedishSweden1.04296875
                                                                                                                                                                            RT_DIALOG0x21bce80xc0dataSwedishSweden1.0572916666666667
                                                                                                                                                                            RT_DIALOG0x21b4400x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                            RT_DIALOG0x21bda80xbcdataSwedishSweden1.0585106382978724
                                                                                                                                                                            RT_DIALOG0x219f900x458dataSwedishSweden1.0098920863309353
                                                                                                                                                                            RT_DIALOG0x21e8c80x300dataSwedishSweden1.0143229166666667
                                                                                                                                                                            RT_DIALOG0x21ebc80x140dataSwedishSweden1.034375
                                                                                                                                                                            RT_DIALOG0x21e4e80x320dataSwedishSweden1.01375
                                                                                                                                                                            RT_DIALOG0x21db980x260dataSwedishSweden1.018092105263158
                                                                                                                                                                            RT_DIALOG0x21ab200x6b0OpenPGP Secret KeySwedishSweden1.0064252336448598
                                                                                                                                                                            RT_DIALOG0x21e1100x1e0dataSwedishSweden1.0229166666666667
                                                                                                                                                                            RT_DIALOG0x21e4680x80dataSwedishSweden1.0859375
                                                                                                                                                                            RT_DIALOG0x21b1d00x1cadataSwedishSweden1.0240174672489082
                                                                                                                                                                            RT_DIALOG0x21ed080x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                            RT_DIALOG0x21bb380x1acdataSwedishSweden1.0257009345794392
                                                                                                                                                                            RT_DIALOG0x21b5000x140OpenPGP Public KeySwedishSweden1.034375
                                                                                                                                                                            RT_DIALOG0x21c2200x98dataSwedishSweden1.0723684210526316
                                                                                                                                                                            RT_DIALOG0x21be680x3b8dataSwedishSweden1.0115546218487395
                                                                                                                                                                            RT_DIALOG0x219df00x1a0dataSwedishSweden1.0264423076923077
                                                                                                                                                                            RT_DIALOG0x21d3100x2c0dataSwedishSweden1.015625
                                                                                                                                                                            RT_DIALOG0x21d5d00x220dataSwedishSweden1.0202205882352942
                                                                                                                                                                            RT_DIALOG0x21e2f00x174dataSwedishSweden1.0295698924731183
                                                                                                                                                                            RT_DIALOG0x21b4a00x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                            RT_DIALOG0x219c500x120dataSwedishSweden1.0381944444444444
                                                                                                                                                                            RT_DIALOG0x21b3a00xa0dataSwedishSweden1.06875
                                                                                                                                                                            RT_DIALOG0x21b6400x160dataSwedishSweden1.03125
                                                                                                                                                                            RT_DIALOG0x21ed680x2e0dataSwedishSweden1.014945652173913
                                                                                                                                                                            RT_DIALOG0x21f0880x220dataSwedishSweden1.0202205882352942
                                                                                                                                                                            RT_DIALOG0x21f5480xc0dataSwedishSweden1.0572916666666667
                                                                                                                                                                            RT_DIALOG0x21fb600x140dataSwedishSweden1.034375
                                                                                                                                                                            RT_DIALOG0x2197280x528dataSwedishSweden1.0083333333333333
                                                                                                                                                                            RT_DIALOG0x21f2a80xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                            RT_DIALOG0x21f6080xc0dataSwedishSweden1.0572916666666667
                                                                                                                                                                            RT_DIALOG0x21f9180x244dataSwedishSweden1.0189655172413794
                                                                                                                                                                            RT_DIALOG0x21f3880xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                            RT_DIALOG0x21f4680xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                            RT_DIALOG0x21b7a00x140OpenPGP Public KeySwedishSweden1.034375
                                                                                                                                                                            RT_DIALOG0x21f6c80x250dataSwedishSweden1.0185810810810811
                                                                                                                                                                            RT_DIALOG0x21fca00xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                            RT_DIALOG0x21fd800x160dataSwedishSweden1.03125
                                                                                                                                                                            RT_DIALOG0x2200380x120dataSwedishSweden1.0381944444444444
                                                                                                                                                                            RT_DIALOG0x21ff800xb8dataSwedishSweden1.059782608695652
                                                                                                                                                                            RT_DIALOG0x2196700xb8dataSwedishSweden1.059782608695652
                                                                                                                                                                            RT_DIALOG0x2203c80x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                            RT_DIALOG0x2204280x80dataSwedishSweden1.0859375
                                                                                                                                                                            RT_DIALOG0x2205080x40dataSwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x2205480x178dataSwedishSweden1.0292553191489362
                                                                                                                                                                            RT_DIALOG0x2195d00xa0dataSwedishSweden1.06875
                                                                                                                                                                            RT_DIALOG0x2201580x270dataSwedishSweden1.017628205128205
                                                                                                                                                                            RT_DIALOG0x2208000xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                            RT_DIALOG0x2207c00x40dataSwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x2208e00x98dataSwedishSweden1.0723684210526316
                                                                                                                                                                            RT_DIALOG0x2195000xccdataSwedishSweden1.053921568627451
                                                                                                                                                                            RT_DIALOG0x2209780x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                            RT_DIALOG0x2194c00x40dataSwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x220a180x160dataSwedishSweden1.03125
                                                                                                                                                                            RT_DIALOG0x2194000xc0dataSwedishSweden1.0572916666666667
                                                                                                                                                                            RT_DIALOG0x220c180x190dataSwedishSweden1.0275
                                                                                                                                                                            RT_DIALOG0x2213d80xe0dataSwedishSweden1.0491071428571428
                                                                                                                                                                            RT_DIALOG0x2193480xb8dataSwedishSweden1.059782608695652
                                                                                                                                                                            RT_DIALOG0x2214b80x158dataSwedishSweden1.0319767441860466
                                                                                                                                                                            RT_DIALOG0x2213980x40dataSwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x220da80x148dataSwedishSweden1.0335365853658536
                                                                                                                                                                            RT_DIALOG0x2216500xc4dataSwedishSweden1.0561224489795917
                                                                                                                                                                            RT_DIALOG0x2216100x40dataSwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x220ef00x238dataSwedishSweden1.0193661971830985
                                                                                                                                                                            RT_DIALOG0x2192d00x74dataSwedishSweden1.0948275862068966
                                                                                                                                                                            RT_DIALOG0x21fee00x40dataSwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x2204a80x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                            RT_DIALOG0x21f0480x40dataSwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x21b8e00x154dataSwedishSweden1.0323529411764707
                                                                                                                                                                            RT_DIALOG0x21c2b80x120dataSwedishSweden1.0381944444444444
                                                                                                                                                                            RT_DIALOG0x21c3d80x158dataSwedishSweden1.0319767441860466
                                                                                                                                                                            RT_DIALOG0x21ff200x60dataSwedishSweden1.1145833333333333
                                                                                                                                                                            RT_DIALOG0x2209d80x40OpenPGP Public KeySwedishSweden1.171875
                                                                                                                                                                            RT_DIALOG0x2206c00x100dataSwedishSweden1.04296875
                                                                                                                                                                            RT_DIALOG0x220b780xa0dataSwedishSweden1.06875
                                                                                                                                                                            RT_DIALOG0x2211280x270dataSwedishSweden1.017628205128205
                                                                                                                                                                            RT_DIALOG0x2217180x1d4dataSwedishSweden1.0235042735042734
                                                                                                                                                                            RT_DIALOG0x2218f00x194dataSwedishSweden1.0272277227722773
                                                                                                                                                                            RT_GROUP_ICON0x24a6c80x4cdataSwedishSweden0.8289473684210527
                                                                                                                                                                            RT_GROUP_ICON0x2173b80x14dataSwedishSweden1.45
                                                                                                                                                                            RT_GROUP_ICON0x2172780x14dataSwedishSweden1.45
                                                                                                                                                                            RT_GROUP_ICON0x1d7d380x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x217c780x14Non-ISO extended-ASCII text, with CR line terminatorsSwedishSweden1.45
                                                                                                                                                                            RT_GROUP_ICON0x2185380x14dataSwedishSweden1.4
                                                                                                                                                                            RT_GROUP_ICON0x2189b80x14ISO-8859 textSwedishSweden1.45
                                                                                                                                                                            RT_GROUP_ICON0x218e380x14dataSwedishSweden1.45
                                                                                                                                                                            RT_GROUP_ICON0x2192b80x14dataSwedishSweden1.45
                                                                                                                                                                            RT_GROUP_ICON0x216cf80x14dataSwedishSweden1.45
                                                                                                                                                                            RT_GROUP_ICON0x1da2f80x14dataEnglishUnited States1.4
                                                                                                                                                                            RT_GROUP_ICON0x1dc8b80x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1dee780x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1e14380x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1e39f80x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1e5fb80x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1e85780x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.55
                                                                                                                                                                            RT_GROUP_ICON0x1eab380x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1ebbf80x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1f69b80x14dataEnglishUnited States1.4
                                                                                                                                                                            RT_GROUP_ICON0x1ec4b80x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1ecd780x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1ed6380x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1edc380x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1f8f780x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1fb5380x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1fbfa80x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1fdf880x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1fec480x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1ff9080x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x2005c80x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x204d480x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x2094c80x14Non-ISO extended-ASCII text, with no line terminatorsEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x20ba880x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x20e1080x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_GROUP_ICON0x1d74780x14dataEnglishUnited States1.45
                                                                                                                                                                            RT_VERSION0x24a7180x2fcdataSwedishSweden0.45157068062827227
                                                                                                                                                                            RT_MANIFEST0x24aa180x4e6XML 1.0 document, ASCII textSwedishSweden0.44577352472089316

                                                                                                                                                                            Imports

                                                                                                                                                                            DLLImport
                                                                                                                                                                            KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                                                                                                                                                                            ADVAPI32.dllFreeSid
                                                                                                                                                                            COMCTL32.dll
                                                                                                                                                                            comdlg32.dllGetSaveFileNameW
                                                                                                                                                                            DNSAPI.dllDnsFree
                                                                                                                                                                            GDI32.dllBitBlt
                                                                                                                                                                            gdiplus.dllGdiplusStartup
                                                                                                                                                                            IPHLPAPI.DLLGetExtendedTcpTable
                                                                                                                                                                            MSIMG32.dllAlphaBlend
                                                                                                                                                                            MSVCRT.dll_iob
                                                                                                                                                                            ole32.dllOleCreate
                                                                                                                                                                            OLEAUT32.dllSysFreeString
                                                                                                                                                                            PSAPI.DLLGetProcessImageFileNameW
                                                                                                                                                                            SETUPAPI.dllSetupDiGetClassDevsW
                                                                                                                                                                            SHELL32.dllDragFinish
                                                                                                                                                                            USER32.dllGetDC
                                                                                                                                                                            WS2_32.dllrecv

                                                                                                                                                                            Possible Origin

                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                            SwedishSweden
                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Apr 26, 2024 10:58:37.043664932 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.231388092 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.231456041 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.231668949 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.419686079 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.423770905 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.423793077 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.423842907 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.423857927 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.423871040 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.423891068 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.423899889 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.423916101 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.423923969 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.423939943 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.423949003 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.423970938 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.424220085 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.424251080 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.424644947 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.424679041 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.424762011 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.424779892 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.424802065 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.424815893 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.611416101 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.611449003 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.611593962 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.611624956 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.611640930 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.611876965 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.611943007 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612001896 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612046957 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612134933 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612175941 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612198114 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612241030 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612310886 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612355947 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612375975 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612422943 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612499952 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612555027 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612585068 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612602949 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612631083 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612638950 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612653971 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612692118 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612744093 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612782955 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612854004 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612896919 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.612937927 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.612981081 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.801496029 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.801522017 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.801577091 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.801590919 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.801609993 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.801626921 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:37.801644087 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.804538012 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.804538012 CEST4973580192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:37.991698027 CEST804973567.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:38.878612995 CEST4973680192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:38.882256031 CEST4973780192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.078743935 CEST804973667.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.078843117 CEST4973680192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.081908941 CEST804973767.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.081964016 CEST4973780192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.095563889 CEST4973780192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.095655918 CEST4973680192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.107595921 CEST4973880192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:58:39.294729948 CEST804973767.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.294780970 CEST804973667.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.294816971 CEST804973667.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.294855118 CEST804973667.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.294867992 CEST4973680192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.294887066 CEST804973767.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.294898987 CEST4973680192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.294924974 CEST804973767.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.294926882 CEST4973780192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.294964075 CEST4973780192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.294992924 CEST4973680192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.295628071 CEST4973780192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:39.386014938 CEST8049738193.166.255.171192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.386102915 CEST4973880192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:58:39.386382103 CEST4973880192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:58:39.488118887 CEST804973667.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.488394022 CEST804973767.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.661668062 CEST8049738193.166.255.171192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.661710978 CEST8049738193.166.255.171192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.829246998 CEST4973980192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:58:40.830935001 CEST4973980192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:58:42.831000090 CEST4973980192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:58:46.846645117 CEST4973980192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:58:47.019644976 CEST4974080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:47.207866907 CEST804974067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:47.207988977 CEST4974080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:47.208740950 CEST4974080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:47.431211948 CEST804974067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:47.431258917 CEST804974067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:47.431488037 CEST804974067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:47.431509018 CEST4974080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:47.431555986 CEST4974080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:47.619468927 CEST804974067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:51.223431110 CEST4974180192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:51.410767078 CEST804974167.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:51.410876036 CEST4974180192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:51.554421902 CEST4974180192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:51.741715908 CEST804974167.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:51.741897106 CEST804974167.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:51.741935015 CEST804974167.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:51.741965055 CEST4974180192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:51.741993904 CEST4974180192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:51.742052078 CEST4974180192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:58:51.929665089 CEST804974167.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:54.846558094 CEST4973980192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:00.864151001 CEST4974880192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:01.877810001 CEST4974880192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:03.458432913 CEST4974980192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:03.646365881 CEST804974967.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:03.646580935 CEST4974980192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:03.646967888 CEST4974980192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:03.834481001 CEST804974967.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:03.835047007 CEST804974967.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:03.835087061 CEST804974967.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:03.835232019 CEST4974980192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:03.835232019 CEST4974980192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:03.835288048 CEST4974980192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:03.893443108 CEST4974880192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:04.023340940 CEST804974967.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:07.909074068 CEST4974880192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:09.062248945 CEST4975080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:09.263788939 CEST804975067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:09.263901949 CEST4975080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:09.268973112 CEST4975080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:09.460076094 CEST804975067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:09.460139036 CEST804975067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:09.460174084 CEST804975067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:09.460196972 CEST4975080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:09.460225105 CEST4975080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:09.954210997 CEST4975080192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:10.142229080 CEST804975067.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:15.068341017 CEST4975180192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:15.069377899 CEST4975280192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:15.256077051 CEST804975167.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:15.256180048 CEST4975180192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:15.256887913 CEST804975267.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:15.256969929 CEST4975280192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:15.909162998 CEST4974880192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:21.909650087 CEST4975380192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:22.924709082 CEST4975380192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:24.942482948 CEST4975380192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:28.956015110 CEST4975380192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:36.955986977 CEST4975380192.168.2.4193.166.255.171
                                                                                                                                                                            Apr 26, 2024 10:59:45.371769905 CEST804975267.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:45.371840954 CEST4975280192.168.2.467.215.246.203
                                                                                                                                                                            Apr 26, 2024 10:59:45.459170103 CEST804975167.215.246.203192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:59:45.459287882 CEST4975180192.168.2.467.215.246.203

                                                                                                                                                                            UDP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Apr 26, 2024 10:58:36.904069901 CEST6506353192.168.2.41.1.1.1
                                                                                                                                                                            Apr 26, 2024 10:58:37.033740044 CEST53650631.1.1.1192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:38.926892996 CEST5273353192.168.2.41.1.1.1
                                                                                                                                                                            Apr 26, 2024 10:58:39.106848955 CEST53527331.1.1.1192.168.2.4
                                                                                                                                                                            Apr 26, 2024 10:58:39.665806055 CEST5528653192.168.2.41.1.1.1
                                                                                                                                                                            Apr 26, 2024 10:58:39.828506947 CEST53552861.1.1.1192.168.2.4

                                                                                                                                                                            DNS Queries

                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Apr 26, 2024 10:58:36.904069901 CEST192.168.2.41.1.1.10xd959Standard query (0)update.utorrent.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Apr 26, 2024 10:58:38.926892996 CEST192.168.2.41.1.1.10xf64fStandard query (0)imp.install-zone.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Apr 26, 2024 10:58:39.665806055 CEST192.168.2.41.1.1.10xa2bbStandard query (0)config.install-zone.comA (IP address)IN (0x0001)false

                                                                                                                                                                            DNS Answers

                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Apr 26, 2024 10:58:37.033740044 CEST1.1.1.1192.168.2.40xd959No error (0)update.utorrent.com67.215.246.203A (IP address)IN (0x0001)false
                                                                                                                                                                            Apr 26, 2024 10:58:39.106848955 CEST1.1.1.1192.168.2.40xf64fNo error (0)imp.install-zone.com193.166.255.171A (IP address)IN (0x0001)false
                                                                                                                                                                            Apr 26, 2024 10:58:39.828506947 CEST1.1.1.1192.168.2.40xa2bbNo error (0)config.install-zone.com193.166.255.171A (IP address)IN (0x0001)false

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • update.utorrent.com
                                                                                                                                                                            • imp.install-zone.com

                                                                                                                                                                            HTTP Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.44973567.215.246.203807264C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Apr 26, 2024 10:58:37.231668949 CEST242OUTGET /installoffer.php?h=gsH3T5oDAGRYQBO2&v=107049414&w=23F00206&l=en&c=CH&w64=1&db=iexplore.exe&cl=uTorrent&svp=4&tsub=1 HTTP/1.1
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: uTorrent/3300(29126)
                                                                                                                                                                            Host: update.utorrent.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Apr 26, 2024 10:58:37.423770905 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.4.7
                                                                                                                                                                            Date: Fri, 26 Apr 2024 08:58:37 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Powered-By: PHP/5.4.30
                                                                                                                                                                            Expires: Thu, 21 Jul 1980 00:00:00 GMT
                                                                                                                                                                            Cache-Control: private
                                                                                                                                                                            Last-Modified: Fri, 26 Apr 2024 08:58:37 GMT
                                                                                                                                                                            Data Raw: 39 31 31 35 0d 0a 64 31 36 3a 73 65 63 6f 6e 64 61 72 79 5f 6f 66 66 65 72 73 6c 32 3a 6f 63 33 3a 61 64 6b 65 32 3a 6f 63 69 31 65 33 3a 61 64 6b 69 31 65 38 3a 74 6f 6f 6c 62 61 72 30 64 35 3a 74 69 74 6c 65 31 32 3a 53 65 61 72 63 68 20 4f 66 66 65 72 38 3a 73 75 62 74 69 74 6c 65 30 3a 39 3a 62 6f 64 79 5f 74 65 78 74 36 36 3a 50 6c 65 61 73 65 20 72 65 61 64 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 6e 64 20 74 65 72 6d 73 20 62 65 66 6f 72 65 20 63 6f 6e 74 69 6e 75 69 6e 67 2e 31 31 3a 66 6f 6f 74 65 72 5f 74 65 78 74 33 31 34 3a 53 65 74 20 6d 79 20 68 6f 6d 65 70 61 67 65 2c 20 64 65 66 61 75 6c 74 20 73 65 61 72 63 68 20 26 26 20 6e 65 77 20 74 61 62 20 74 6f 20 59 61 68 6f 6f 21 20 6f 6e 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2c 20 46 69 72 65 66 6f 78 20 26 26 20 43 68 72 6f 6d 65 2e 0d 0a 42 79 20 63 6c 69 63 6b 69 6e 67 20 22 41 63 63 65 70 74 20 4f 66 66 65 72 22 2c 20 79 6f 75 20 68 61 76 65 20 72 65 61 64 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 66 6f 2e 79 61 68 6f 6f 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 75 73 2f 79 61 68 6f 6f 2f 75 74 6f 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 55 73 65 3c 2f 61 3e 20 26 26 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 66 6f 2e 79 61 68 6f 6f 2e 63 6f 6d 2f 70 72 69 76 61 63 79 2f 75 73 2f 79 61 68 6f 6f 2f 22 3e 50 72 69 76 61 63 79 20 70 6f 6c 69 63 79 3c 2f 61 3e 20 61 6e 64 20 61 67 72 65 65 20 74 6f 20 74 68 65 20 6f 66 66 65 72 2e 39 3a 65 75 6c 61 5f 74 65 78 74 33 35 35 34 33 3a 59 61 68 6f 6f 20 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 0d 0a 31 2e 20 41 63 63 65 70 74 61 6e 63 65 20 6f 66 20 54 65 72 6d 73 0d 0a 59 61 68 6f 6f 21 20 49 6e 63 2e 20 28 22 59 61 68 6f 6f 22 29 20 77 65 6c 63 6f 6d 65 73 20 79 6f 75 2e 20 59 61 68 6f 6f 20 70 72 6f 76 69 64 65 73 20 74 68 65 20 59 61 68 6f 6f 20 53 65 72 76 69 63 65 73 20 28 64 65 66 69 6e 65 64 20 62 65 6c 6f 77 29 20 74 6f 20 79 6f 75 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 20 28 22 54 4f 53 22 29 2c 20 77 68 69 63 68 20 6d 61 79 20 62 65 20 75 70 64 61 74 65 64 20 62 79 20 75 73 20 66 72 6f 6d 20 74 69 6d 65 20 74 6f 20 74 69 6d 65 20 77 69 74 68 6f 75 74 20 6e 6f 74 69 63 65 20 74 6f 20 79 6f 75 2e 20 59 6f 75 20 63 61 6e 20 72 65 76 69 65 77 20 74 68 65 20 6d 6f 73 74 20 63 75 72 72 65 6e 74 20 76 65 72 73 69 6f 6e 20 6f 66 20 74 68 65 20 54 4f 53 20 61 74 20 61 6e 79 20 74 69 6d 65 20 61 74 3a 20 68 74 74 70 73 3a 2f 2f 69 6e 66 6f 2e 79 61 68 6f 6f 2e 63 6f 6d 2f 6c 65 67 61 6c 2f 75 73 2f 79 61 68 6f 6f 2f 75 74 6f 73 2f 74 65 72 6d 73 2f 2e 20 42 79 20 61 63 63 65 73 73 69 6e 67 20 61 6e 64 20 75 73 69 6e 67 20 74 68 65 20 59 61 68 6f 6f 20 53 65 72 76 69 63 65 73 2c 20 79 6f 75 20 61 63 63 65 70 74 20 61 6e 64 20 61 67 72 65 65 20 74 6f 20 62 65 20 62 6f 75 6e 64 20 62 79 20 74 68 65 20 74 65 72 6d 73 20 61 6e 64 20 70 72 6f 76 69 73 69
                                                                                                                                                                            Data Ascii: 9115d16:secondary_offersl2:oc3:adke2:oci1e3:adki1e8:toolbar0d5:title12:Search Offer8:subtitle0:9:body_text66:Please read the following information and terms before continuing.11:footer_text314:Set my homepage, default search && new tab to Yahoo! on Internet Explorer, Firefox && Chrome.By clicking "Accept Offer", you have read the <a href="https://info.yahoo.com/legal/us/yahoo/utos/terms/">Terms of Use</a> && <a href="https://info.yahoo.com/privacy/us/yahoo/">Privacy policy</a> and agree to the offer.9:eula_text35543:Yahoo Terms of Service1. Acceptance of TermsYahoo! Inc. ("Yahoo") welcomes you. Yahoo provides the Yahoo Services (defined below) to you subject to the following Terms of Service ("TOS"), which may be updated by us from time to time without notice to you. You can review the most current version of the TOS at any time at: https://info.yahoo.com/legal/us/yahoo/utos/terms/. By accessing and using the Yahoo Services, you accept and agree to be bound by the terms and provisi
                                                                                                                                                                            Apr 26, 2024 10:58:37.423793077 CEST1289INData Raw: 6f 6e 20 6f 66 20 74 68 65 20 54 4f 53 2e 20 49 6e 20 61 64 64 69 74 69 6f 6e 2c 20 77 68 65 6e 20 75 73 69 6e 67 20 70 61 72 74 69 63 75 6c 61 72 20 59 61 68 6f 6f 20 6f 77 6e 65 64 20 6f 72 20 6f 70 65 72 61 74 65 64 20 73 65 72 76 69 63 65 73
                                                                                                                                                                            Data Ascii: on of the TOS. In addition, when using particular Yahoo owned or operated services, you and Yahoo shall be subject to any posted guidelines or rules applicable to such services, which may be posted and modified from time to time. All such guid
                                                                                                                                                                            Apr 26, 2024 10:58:37.423871040 CEST1289INData Raw: 65 72 2c 20 61 6e 64 20 74 68 61 74 20 74 68 65 73 65 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 70 61 72 74 20 6f 66 20 59 61 68 6f 6f 20 6d 65 6d 62 65 72 73 68 69 70 20 61 6e 64 20 79 6f 75 20
                                                                                                                                                                            Data Ascii: er, and that these communications are considered part of Yahoo membership and you will not be able to opt out of receiving them. Unless explicitly stated otherwise, any new features that augment or enhance the current Yahoo Services, including
                                                                                                                                                                            Apr 26, 2024 10:58:37.423891068 CEST1289INData Raw: 65 20 63 6f 6e 74 65 6e 74 2e 20 59 6f 75 20 6d 75 73 74 20 62 65 20 61 74 20 6c 65 61 73 74 20 31 38 20 79 65 61 72 73 20 6f 66 20 61 67 65 20 74 6f 20 61 63 63 65 73 73 20 61 6e 64 20 76 69 65 77 20 73 75 63 68 20 61 72 65 61 73 2e 0d 0a 33 2e
                                                                                                                                                                            Data Ascii: e content. You must be at least 18 years of age to access and view such areas.3. Your registration obligationsIn consideration of your use of the Yahoo Services, you represent that you are of legal age to form a binding contract and are no
                                                                                                                                                                            Apr 26, 2024 10:58:37.423916101 CEST1289INData Raw: 6c 64 2e 0d 0a 34 2e 20 59 61 68 6f 6f 21 20 50 72 69 76 61 63 79 20 50 6f 6c 69 63 79 0d 0a 52 65 67 69 73 74 72 61 74 69 6f 6e 20 44 61 74 61 20 61 6e 64 20 63 65 72 74 61 69 6e 20 6f 74 68 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f
                                                                                                                                                                            Data Ascii: ld.4. Yahoo! Privacy PolicyRegistration Data and certain other information about you are subject to our applicable privacy policy. For more information, see the full Yahoo Privacy Policy at https://info.yahoo.com/privacy/us/yahoo/. You und
                                                                                                                                                                            Apr 26, 2024 10:58:37.423939943 CEST1289INData Raw: 74 6f 67 72 61 70 68 73 2c 20 67 72 61 70 68 69 63 73 2c 20 76 69 64 65 6f 2c 20 6d 65 73 73 61 67 65 73 2c 20 74 61 67 73 2c 20 6f 72 20 6f 74 68 65 72 20 6d 61 74 65 72 69 61 6c 73 20 28 22 43 6f 6e 74 65 6e 74 22 29 2c 20 77 68 65 74 68 65 72
                                                                                                                                                                            Data Ascii: tographs, graphics, video, messages, tags, or other materials ("Content"), whether publicly posted or privately transmitted, are the sole responsibility of the person from whom such Content originated. This means that you, and not Yahoo, are e
                                                                                                                                                                            Apr 26, 2024 10:58:37.424220085 CEST1289INData Raw: 6e 20 61 6e 79 20 77 61 79 3b 0d 0a 63 2e 20 69 6d 70 65 72 73 6f 6e 61 74 65 20 61 6e 79 20 70 65 72 73 6f 6e 20 6f 72 20 65 6e 74 69 74 79 2c 20 69 6e 63 6c 75 64 69 6e 67 2c 20 62 75 74 20 6e 6f 74 20 6c 69 6d 69 74 65 64 20 74 6f 2c 20 61 20
                                                                                                                                                                            Data Ascii: n any way;c. impersonate any person or entity, including, but not limited to, a Yahoo official, forum leader, guide or host, or falsely state or otherwise misrepresent your affiliation with a person or entity;d. forge headers or otherwise
                                                                                                                                                                            Apr 26, 2024 10:58:37.424644947 CEST1289INData Raw: 6c 65 20 61 6e 79 20 6d 61 74 65 72 69 61 6c 20 74 68 61 74 20 63 6f 6e 74 61 69 6e 73 20 73 6f 66 74 77 61 72 65 20 76 69 72 75 73 65 73 20 6f 72 20 61 6e 79 20 6f 74 68 65 72 20 63 6f 6d 70 75 74 65 72 20 63 6f 64 65 2c 20 66 69 6c 65 73 20 6f
                                                                                                                                                                            Data Ascii: le any material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment;i. disrupt the normal
                                                                                                                                                                            Apr 26, 2024 10:58:37.424762011 CEST1289INData Raw: 66 20 6d 61 74 65 72 69 61 6c 20 73 75 70 70 6f 72 74 20 6f 72 20 72 65 73 6f 75 72 63 65 73 29 20 74 6f 20 61 6e 79 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 28 73 29 20 64 65 73 69 67 6e 61 74 65 64 20 62 79 20 74 68 65 20 55 6e 69 74 65 64 20 53
                                                                                                                                                                            Data Ascii: f material support or resources) to any organization(s) designated by the United States government as a foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act;m. "stalk" or otherwise harass another; and
                                                                                                                                                                            Apr 26, 2024 10:58:37.424779892 CEST1289INData Raw: 72 20 61 63 63 6f 75 6e 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 6e 64 20 43 6f 6e 74 65 6e 74 20 69 66 20 72 65 71 75 69 72 65 64 20 74 6f 20 64 6f 20 73 6f 20 62 79 20 6c 61 77 20 6f 72 20 69 6e 20 61 20 67 6f 6f 64 20 66 61 69 74 68 20 62
                                                                                                                                                                            Data Ascii: r account information and Content if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (i) comply with legal process; (ii) enforce the TOS; (iii) respond to claims that a
                                                                                                                                                                            Apr 26, 2024 10:58:37.611416101 CEST1289INData Raw: 47 72 6f 75 70 73 2c 20 75 70 6c 6f 61 64 69 6e 67 20 70 68 6f 74 6f 73 20 61 6e 64 20 66 69 6c 65 73 20 74 6f 20 46 6c 69 63 6b 72 2c 20 61 6e 64 20 6f 74 68 65 72 20 49 6e 74 65 72 6e 65 74 20 61 63 74 69 76 69 74 69 65 73 29 2c 20 79 6f 75 20
                                                                                                                                                                            Data Ascii: Groups, uploading photos and files to Flickr, and other Internet activities), you will be causing communications to be sent through Yahoo's computer networks, portions of which are located in California, Texas, Virginia, and other locations in


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.44973767.215.246.203807264C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Apr 26, 2024 10:58:39.095563889 CEST304OUTGET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerretrievedfromserver&pid=7264&au=0&ServerOfferRetrieved=1&sec_offs=oc%2cadk&view=win32 HTTP/1.1
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: uTorrent/3300(29126)
                                                                                                                                                                            Host: update.utorrent.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Apr 26, 2024 10:58:39.294887066 CEST180INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.4.7
                                                                                                                                                                            Date: Fri, 26 Apr 2024 08:51:52 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Powered-By: PHP/5.4.30
                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            2192.168.2.44973667.215.246.203807264C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Apr 26, 2024 10:58:39.095655918 CEST262OUTGET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showtbexists&pid=7264&au=0&tbe=0&cd=0&view=win32 HTTP/1.1
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: uTorrent/3300(29126)
                                                                                                                                                                            Host: update.utorrent.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Apr 26, 2024 10:58:39.294816971 CEST180INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.4.7
                                                                                                                                                                            Date: Fri, 26 Apr 2024 08:59:02 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Powered-By: PHP/5.4.30
                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            3192.168.2.449738193.166.255.171807264C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Apr 26, 2024 10:58:39.386382103 CEST477OUTGET /impression.do/?user_id=51ECA9F4-E5CD-4D65-AF84-6644D8075A2B&event=setup_run&spsource=68E633381BD14a69BD08A05C22B72D6A&traffic_source=68E633381BD14a69BD08A05C22B72D6A&browser=CR&implementation_id=dll HTTP/1.1
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                            Host: imp.install-zone.com
                                                                                                                                                                            Connection: Keep-Alive


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            4192.168.2.44974067.215.246.203807264C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Apr 26, 2024 10:58:47.208740950 CEST262OUTGET /updatestats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&k=&ip=0&dl=7069859&error=invalid%20URL&dlurl=&svp=4&pid=7264&sz=0&bin=<NULL>bmp HTTP/1.1
                                                                                                                                                                            Host: update.utorrent.com
                                                                                                                                                                            User-Agent: BTWebClient/3300(29126)
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            Connection: Close
                                                                                                                                                                            Apr 26, 2024 10:58:47.431258917 CEST299INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.4.7
                                                                                                                                                                            Date: Fri, 26 Apr 2024 08:59:10 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Powered-By: PHP/5.4.30
                                                                                                                                                                            Expires: Thu, 21 Jul 1980 00:00:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate, private
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            5192.168.2.44974167.215.246.203807264C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Apr 26, 2024 10:58:51.554421902 CEST250OUTGET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showwarning&pid=7264&au=0&view=win32 HTTP/1.1
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: uTorrent/3300(29126)
                                                                                                                                                                            Host: update.utorrent.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Apr 26, 2024 10:58:51.741897106 CEST180INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.4.7
                                                                                                                                                                            Date: Fri, 26 Apr 2024 08:59:14 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Powered-By: PHP/5.4.30
                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            6192.168.2.44974967.215.246.203807264C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Apr 26, 2024 10:59:03.646967888 CEST255OUTGET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&showinstall&pid=7264&au=0&au=0&view=win32 HTTP/1.1
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: uTorrent/3300(29126)
                                                                                                                                                                            Host: update.utorrent.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Apr 26, 2024 10:59:03.835047007 CEST180INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.4.7
                                                                                                                                                                            Date: Fri, 26 Apr 2024 08:59:03 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Powered-By: PHP/5.4.30
                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            7192.168.2.44975067.215.246.203807264C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Apr 26, 2024 10:59:09.268973112 CEST318OUTGET /installstats.php?cl=uTorrent&v=107049414&h=gsH3T5oDAGRYQBO2&w=23F00206&bu=0&pr=0&cmp=0&offerapierror&pid=7264&au=0&OfferError=OfferNotReady&OfferProvider=OpenCandy&OfferType=Server&view=win32 HTTP/1.1
                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                            User-Agent: uTorrent/3300(29126)
                                                                                                                                                                            Host: update.utorrent.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Apr 26, 2024 10:59:09.460139036 CEST180INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx/1.4.7
                                                                                                                                                                            Date: Fri, 26 Apr 2024 08:59:09 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Powered-By: PHP/5.4.30
                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            System Behavior

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:10:58:35
                                                                                                                                                                            Start date:26/04/2024
                                                                                                                                                                            Path:C:\Users\user\Desktop\uTorrent.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\uTorrent.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:1'051'984 bytes
                                                                                                                                                                            MD5 hash:35238D8E052C7CFDDE63E6C11CE852FA
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:5.3%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:13%
                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                              Total number of Limit Nodes:62
                                                                                                                                                                              execution_graph 86276 40a420 86277 40a435 86276->86277 86278 40a43c GetForegroundWindow 86276->86278 86279 40a451 86278->86279 86460 45c904 335 API calls 86279->86460 86281 40a46d 86461 41ab7d 86281->86461 86283 40a472 86283->86277 86464 40ed37 RemovePropW SetPropW GetPropW SetTimer KillTimer 86283->86464 86285 40a4bf 86468 40402b GetForegroundWindow IsWindowEnabled 86285->86468 86287 40a4c6 86288 40a4ce 86287->86288 86289 40a5e8 86287->86289 86288->86287 86469 42e51a 334 API calls 86288->86469 86291 40a5f5 IsIconic 86289->86291 86297 40ac65 86289->86297 86293 40a63c 86291->86293 86295 40a610 86291->86295 86292 40a57c 86470 4168d2 86292->86470 86294 40a685 86293->86294 86293->86295 86517 4178b4 336 API calls 86294->86517 86295->86293 86299 41ab7d GetCurrentThreadId 86295->86299 86301 40ac88 GetWindowRect 86297->86301 86302 40aca3 86297->86302 86305 40a64e 86299->86305 86585 40634d 18 API calls 86301->86585 86304 40ad04 86302->86304 86309 40acb5 86302->86309 86303 40a68a 86310 40a697 86303->86310 86311 40a6ae 86303->86311 86306 40ad02 86304->86306 86312 40ad17 ??3@YAXPAX 86304->86312 86508 429019 86305->86508 86314 41ab7d GetCurrentThreadId 86306->86314 86309->86306 86334 40accd ??2@YAPAXI 86309->86334 86518 417354 522 API calls 86310->86518 86319 40a700 86311->86319 86465 44db53 localtime 86311->86465 86589 4043a0 6 API calls 86312->86589 86331 40ad37 86314->86331 86315 40a596 86474 4055b1 ??2@YAPAXI 86315->86474 86318 40a653 86323 40a675 SetThreadExecutionState 86318->86323 86516 408dd7 InterlockedExchangeAdd 86318->86516 86521 4dc680 10 API calls 86319->86521 86322 40a6a2 86519 403673 PostMessageW 86322->86519 86328 40a680 86323->86328 86325 40a5a0 86475 414623 86325->86475 86326 40a705 86329 429019 9 API calls 86326->86329 86328->86294 86333 40a70a 86329->86333 86336 40ad40 86331->86336 86590 4541aa 357 API calls 86331->86590 86344 40a735 86333->86344 86522 408183 362 API calls 86333->86522 86339 40ace0 86334->86339 86340 40acd9 86334->86340 86335 40a671 86335->86323 86335->86328 86338 40a5bd 86494 419846 ??3@YAXPAX 86338->86494 86587 4af710 ??2@YAPAXI ShowWindow 86339->86587 86586 4afc41 GetCurrentThreadId CreateWindowExW 86340->86586 86341 40a6d2 86520 419cee localtime localtime 86341->86520 86523 4bd500 86344->86523 86346 40a5c6 86350 40a5d8 86346->86350 86495 41529d 86346->86495 86354 41529d 4 API calls 86350->86354 86351 40acf4 86588 4043a0 6 API calls 86351->86588 86358 40a5e0 86354->86358 86355 40a92b 86550 40567c 375 API calls 86355->86550 86356 40a86d 86543 4043a0 6 API calls 86356->86543 86358->86289 86361 40ad5e 86367 40adac PostMessageW 86361->86367 86591 460201 354 API calls 86361->86591 86363 40a877 86544 403673 PostMessageW 86363->86544 86365 40a989 86371 40a9ad _CIpow 86365->86371 86386 40a9c3 86365->86386 86405 40aa08 86365->86405 86367->86336 86368 40a773 86530 4b8500 335 API calls 86368->86530 86370 40a883 86384 40ab45 86370->86384 86394 40a8a9 ??2@YAPAXI 86370->86394 86371->86386 86372 40a930 86372->86365 86374 429019 9 API calls 86372->86374 86373 40aa9f 86376 40aaa8 86373->86376 86377 40ab1c 86373->86377 86378 40a954 86374->86378 86564 404053 GetLastError memset GetLastError htonl WSAAddressToStringA 86376->86564 86379 40ab27 SetWindowTextW 86377->86379 86380 40ab1a 86377->86380 86378->86365 86551 406f19 memset Shell_NotifyIconW 86378->86551 86379->86380 86387 40ab47 86380->86387 86388 40ab3e 86380->86388 86383 40aac5 86565 404053 GetLastError memset GetLastError htonl WSAAddressToStringA 86383->86565 86385 40ab86 86384->86385 86571 4a8f3d 16 API calls 86384->86571 86572 4a8391 WaitForSingleObject FindNextChangeNotification 86385->86572 86396 40aa00 86386->86396 86386->86405 86406 40aa12 86386->86406 86570 40650f 339 API calls 86387->86570 86569 42db26 GetCurrentThreadId 86388->86569 86399 40a8bc 86394->86399 86400 40a8b5 86394->86400 86395 40aadb 86566 40e828 86395->86566 86553 45f4d2 332 API calls 86396->86553 86398 40a781 86531 4b8514 335 API calls 86398->86531 86546 4af710 ??2@YAPAXI ShowWindow 86399->86546 86545 4afc41 GetCurrentThreadId CreateWindowExW 86400->86545 86404 40a97a 86552 406d89 335 API calls 86404->86552 86405->86373 86563 4b613d 380 API calls 86405->86563 86406->86405 86554 4327b6 86406->86554 86408 40ab00 86417 40ab0a SetWindowTextW 86408->86417 86412 40a79d 86415 40a7a6 86412->86415 86532 4bbc33 339 API calls 86412->86532 86413 40a8d0 86547 4ae534 FindWindowW 86413->86547 86414 40ab93 86416 40abcd 86414->86416 86573 4040f6 549 API calls 86414->86573 86533 4b8560 335 API calls 86415->86533 86574 4e416c InvalidateRect 86416->86574 86417->86380 86422 40a8d5 86422->86384 86548 4ae879 337 API calls 86422->86548 86423 40abe7 86426 40abf6 86423->86426 86575 4c46f1 GetCurrentThreadId 86423->86575 86424 40a7ab 86459 40a854 86424->86459 86534 4bb1a0 336 API calls 86424->86534 86426->86297 86430 429019 9 API calls 86426->86430 86429 40a8f4 86429->86384 86433 40a908 WaitForInputIdle 86429->86433 86434 40a91f CloseHandle 86429->86434 86440 40ac08 86430->86440 86432 40a7c8 86435 40a7ec 86432->86435 86535 4bb1b3 336 API calls 86432->86535 86549 4af7c0 347 API calls 86433->86549 86434->86384 86437 40a827 86435->86437 86435->86459 86539 40402b GetForegroundWindow IsWindowEnabled 86435->86539 86437->86459 86541 4b8500 335 API calls 86437->86541 86439 40a7d1 86439->86435 86536 4bb1c7 335 API calls 86439->86536 86440->86297 86576 461444 49 API calls 86440->86576 86443 40a833 86449 4b84ec 335 API calls 86443->86449 86444 40a814 86444->86459 86540 4a8f3d 16 API calls 86444->86540 86447 40a7da 86447->86435 86537 4bb1f1 336 API calls 86447->86537 86456 40a841 86449->86456 86450 40ac3c 86577 429b9d 7 API calls 86450->86577 86453 40a7e3 86453->86435 86538 4bb254 336 API calls 86453->86538 86454 40ac53 86578 4327f2 86454->86578 86456->86459 86459->86355 86459->86356 86460->86281 86462 431eef 86461->86462 86463 41ab87 GetCurrentThreadId 86462->86463 86463->86283 86464->86285 86466 44db62 localtime 86465->86466 86467 44db7b 86465->86467 86466->86467 86467->86341 86468->86287 86469->86292 86471 40e828 332 API calls 86470->86471 86472 40a58b 86471->86472 86473 415721 332 API calls 86472->86473 86473->86315 86474->86325 86476 40e828 332 API calls 86475->86476 86477 41463e 86476->86477 86478 40e828 332 API calls 86477->86478 86479 41464d 86478->86479 86592 413bee 86479->86592 86482 4146e6 86484 4327f2 332 API calls 86482->86484 86483 41466d 86606 4145b3 86483->86606 86489 4146a5 86484->86489 86487 414683 86617 411a52 MoveFileExW 86487->86617 86488 4146cd 86491 4327f2 332 API calls 86488->86491 86489->86338 86491->86489 86492 414694 86618 411a52 MoveFileExW 86492->86618 86494->86346 86496 40a5d1 ??3@YAXPAX 86495->86496 86497 4152a7 86495->86497 86496->86350 86498 4152b7 86497->86498 86499 4152df 86497->86499 86500 4152af 86497->86500 86498->86496 86727 414df6 ??3@YAXPAX 86498->86727 86735 414e79 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 86499->86735 86502 4152b3 86500->86502 86503 4152d8 86500->86503 86502->86498 86505 4152c6 86502->86505 86729 415226 86503->86729 86505->86496 86728 4149cc ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 86505->86728 86509 429028 86508->86509 86510 42904b 86508->86510 86736 428f88 86509->86736 86512 428f88 3 API calls 86510->86512 86514 429061 __aulldiv 86512->86514 86513 429036 __aulldiv 86742 423423 GetSystemTime SystemTimeToFileTime 86513->86742 86514->86318 86516->86335 86517->86303 86518->86322 86519->86311 86520->86319 86521->86326 86522->86344 86524 4bd509 86523->86524 86525 40a73a 86523->86525 86758 4bd10c memset 86524->86758 86525->86459 86527 4b84ec 86525->86527 87026 4b8378 86527->87026 86529 4b84ff 86529->86368 86530->86398 86531->86412 86533->86424 86534->86432 86535->86439 86536->86447 86537->86453 86538->86435 86539->86444 86540->86437 86541->86443 86543->86363 86544->86370 86545->86399 86546->86413 86547->86422 86548->86429 86549->86434 86550->86372 86551->86404 86552->86365 86553->86405 87070 41370a 86554->87070 86557 412438 332 API calls 86558 4327db 86557->86558 87073 43264a 86558->87073 86563->86373 86564->86383 86565->86395 87112 4137c3 86566->87112 86570->86384 86571->86385 86572->86414 86573->86416 86574->86423 86576->86450 86577->86454 86579 413770 332 API calls 86578->86579 86580 43280d 86579->86580 86581 43264a 332 API calls 86580->86581 86582 432821 86581->86582 87130 419846 ??3@YAXPAX 86582->87130 86584 43282a 86584->86297 86585->86302 86586->86339 86587->86351 86588->86306 86589->86306 86590->86361 86591->86361 86619 41215b 86592->86619 86594 413c0a 86595 413c11 86594->86595 86596 413c6f 86594->86596 86598 413c1b 86594->86598 86595->86482 86595->86483 86597 428e8c 2 API calls 86596->86597 86604 413c63 86597->86604 86636 413713 86598->86636 86599 413c7d CloseHandle 86599->86595 86604->86599 86605 428e8c 2 API calls 86605->86604 86723 411b56 GetFileAttributesW 86606->86723 86609 4145c7 86611 4327f2 332 API calls 86609->86611 86610 4145d8 86725 414213 340 API calls 86610->86725 86613 4145d2 86611->86613 86613->86487 86613->86488 86614 4145e8 86616 4145ee 86614->86616 86726 419846 ??3@YAXPAX 86614->86726 86616->86613 86617->86492 86618->86489 86642 40e1f6 86619->86642 86621 412171 86622 412184 86621->86622 86628 4121b7 86621->86628 86646 4292df GetModuleFileNameW wcschr 86622->86646 86624 412194 86625 40e828 330 API calls 86624->86625 86627 4121b2 86625->86627 86626 4121f3 86630 412224 CreateFileW 86626->86630 86629 4121e6 86627->86629 86628->86626 86631 40e828 330 API calls 86628->86631 86647 40e241 332 API calls 86629->86647 86633 412232 86630->86633 86634 412244 86630->86634 86631->86629 86633->86634 86635 412237 SetFilePointer 86633->86635 86634->86594 86635->86634 86664 41367a 86636->86664 86639 428e8c WriteFile 86640 428ea5 GetLastError 86639->86640 86641 413c4e 86639->86641 86640->86641 86641->86604 86641->86605 86643 40e204 86642->86643 86644 40e209 86642->86644 86648 419597 86643->86648 86644->86621 86646->86624 86647->86626 86649 41959b 86648->86649 86650 41959e 86648->86650 86649->86644 86651 45982c 86650->86651 86655 41984e 86650->86655 86651->86644 86653 459837 86653->86651 86654 45983b memcpy 86653->86654 86654->86651 86657 41985a 86655->86657 86656 419865 86656->86653 86657->86656 86658 41986c malloc 86657->86658 86659 419877 86658->86659 86660 419896 86658->86660 86659->86658 86662 419884 GetLastError 86659->86662 86663 413cfe 332 API calls 86659->86663 86660->86653 86662->86660 86663->86659 86667 4133f0 86664->86667 86670 413400 86667->86670 86668 413529 86668->86639 86670->86668 86673 413158 86670->86673 86705 412991 GetLastError memset 86670->86705 86706 4129e1 86670->86706 86674 413171 86673->86674 86675 4132de 86673->86675 86676 4132a7 86674->86676 86679 413180 86674->86679 86680 413296 86674->86680 86677 413373 86675->86677 86678 4132e7 86675->86678 86690 4131dd 86676->86690 86720 412a31 GetLastError memset __aulldvrm 86676->86720 86677->86676 86689 4132b8 86677->86689 86678->86676 86683 413351 86678->86683 86684 4132f2 86678->86684 86681 413272 86679->86681 86682 413186 86679->86682 86680->86676 86688 4132a2 86680->86688 86680->86689 86716 412e29 GetLastError memset WSAAddressToStringA 86681->86716 86682->86690 86691 413198 86682->86691 86694 41323c 86682->86694 86719 412bbb GetLastError memset 86683->86719 86687 4132fa 86684->86687 86693 413208 86684->86693 86687->86676 86699 4132fd 86687->86699 86688->86676 86688->86694 86689->86690 86717 412f57 GetLastError memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 86689->86717 86690->86670 86691->86693 86695 41319d 86691->86695 86693->86690 86714 412a31 GetLastError memset __aulldvrm 86693->86714 86715 412e65 GetLastError memset htonl WSAAddressToStringA 86694->86715 86698 4131e2 86695->86698 86703 4131a0 86695->86703 86713 412ced GetLastError memset 86698->86713 86699->86690 86718 412991 GetLastError memset 86699->86718 86703->86690 86703->86703 86712 41281e GetLastError 86703->86712 86705->86670 86707 4129f2 86706->86707 86708 412a2c 86707->86708 86710 412a0f 86707->86710 86721 4127c2 GetLastError memset 86707->86721 86708->86670 86710->86708 86722 4127c2 GetLastError memset 86710->86722 86712->86690 86713->86690 86714->86693 86715->86690 86716->86690 86717->86690 86718->86690 86719->86690 86720->86690 86721->86710 86722->86708 86724 411b62 86723->86724 86724->86609 86724->86610 86725->86614 86726->86616 86727->86496 86728->86496 86730 41528e 86729->86730 86731 415235 86729->86731 86730->86496 86732 41529d 3 API calls 86731->86732 86733 415279 86731->86733 86732->86731 86733->86730 86734 415287 ??3@YAXPAX 86733->86734 86734->86730 86735->86496 86737 428f93 RtlEnterCriticalSection 86736->86737 86738 428f91 86736->86738 86739 428fc8 GetTickCount 86737->86739 86741 428fab RtlLeaveCriticalSection 86737->86741 86738->86737 86739->86741 86741->86513 86745 42337e 86742->86745 86746 423390 86745->86746 86747 4233ac RtlTimeToSecondsSince1970 86745->86747 86751 4782bf 86746->86751 86750 4233a8 86747->86750 86750->86510 86752 4782d1 86751->86752 86753 4782d6 LoadLibraryA 86752->86753 86754 4233a1 86752->86754 86755 4782ef GetProcAddress 86752->86755 86753->86752 86756 47830b GetLastError 86753->86756 86754->86747 86754->86750 86757 4782fb 86755->86757 86756->86754 86757->86752 86759 407e4c 86758->86759 86760 4bd139 GetModuleFileNameW 86759->86760 86824 45a909 86760->86824 86764 4bd172 wcschr 86765 4bd2ae 86764->86765 86766 4bd1a3 wcsrchr 86764->86766 86767 41215b 332 API calls 86765->86767 86768 4bd1b8 wcschr 86766->86768 86769 4bd1b3 86766->86769 86771 4bd2eb 86767->86771 86770 4bd1d1 86768->86770 86776 4bd1df 86768->86776 86769->86768 86826 427cb2 332 API calls 86770->86826 86773 4bd303 86771->86773 86774 4bd2f2 GetLastError 86771->86774 86854 46b6d4 86773->86854 86815 4bd4d1 86774->86815 86827 41247e 86776->86827 86782 4bd228 86786 4bd234 isdigit 86782->86786 86789 4bd251 86782->86789 86783 4bd4db GetLastError 86783->86815 86784 4bd33a 86784->86783 86785 4bd343 86784->86785 86868 4286f2 86785->86868 86786->86782 86786->86789 86789->86765 86834 412438 86789->86834 86796 40e1f6 332 API calls 86798 4bd279 86796->86798 86802 40e1f6 332 API calls 86798->86802 86805 4bd28a 86802->86805 86815->86525 86825 45a90f wcsrchr 86824->86825 86825->86764 86826->86776 86915 42790d 86827->86915 86831 41248c 86927 419846 ??3@YAXPAX 86831->86927 86833 41249a strncat strchr 86833->86782 86928 42797a 86834->86928 86836 41243f 86837 4708fa 3 API calls 86836->86837 86838 412446 86837->86838 86934 419846 ??3@YAXPAX 86838->86934 86840 412454 86840->86796 86939 46b581 86854->86939 86857 46b5f3 86858 46b581 6 API calls 86857->86858 86859 46b610 86858->86859 86860 46b617 FindCloseChangeNotification 86859->86860 86861 46b4b3 5 API calls 86859->86861 86860->86783 86860->86784 86862 46b625 86861->86862 86862->86860 86863 428e58 2 API calls 86862->86863 86864 46b63d 86863->86864 86864->86860 86865 46b4b3 5 API calls 86864->86865 86866 46b68e 86865->86866 86866->86860 86867 428e8c 2 API calls 86866->86867 86867->86860 86964 4198ee 86868->86964 86870 428701 86871 419597 332 API calls 86870->86871 86916 42791e WideCharToMultiByte 86915->86916 86920 412485 86915->86920 86917 427945 86916->86917 86916->86920 86918 41984e 330 API calls 86917->86918 86919 427950 WideCharToMultiByte 86918->86919 86919->86920 86921 4708fa 86920->86921 86922 470903 86921->86922 86923 470941 86921->86923 86922->86923 86924 47090d TlsGetValue 86922->86924 86923->86831 86925 47093d 86924->86925 86926 47091b malloc TlsSetValue 86924->86926 86925->86831 86926->86925 86927->86833 86929 427981 86928->86929 86930 427985 86928->86930 86929->86836 86930->86930 86931 41984e 331 API calls 86930->86931 86932 4279a0 MultiByteToWideChar 86931->86932 86933 4279b7 86932->86933 86933->86836 86934->86840 86944 46b521 86939->86944 86941 46b593 86942 46b599 86941->86942 86951 428e58 ReadFile 86941->86951 86942->86857 86954 46b4b3 SetFilePointer 86944->86954 86947 46b53b 86947->86941 86948 428e58 2 API calls 86949 46b54e 86948->86949 86949->86947 86950 46b55d SetFilePointer 86949->86950 86950->86947 86952 428e71 GetLastError 86951->86952 86953 428e79 86951->86953 86952->86953 86953->86941 86955 46b4d0 86954->86955 86956 46b51a 86954->86956 86957 428e58 2 API calls 86955->86957 86956->86947 86956->86948 86958 46b4dc 86957->86958 86958->86956 86959 46b4ec SetFilePointer 86958->86959 86959->86956 86960 46b4f8 86959->86960 86961 428e58 2 API calls 86960->86961 86962 46b504 86961->86962 86962->86956 86963 46b508 SetFilePointer 86962->86963 86963->86956 86965 41984e 331 API calls 86964->86965 86966 4198fa memset 86965->86966 86966->86870 87027 4b838b 87026->87027 87048 45248c 87027->87048 87030 40e828 332 API calls 87031 4b83cd 87030->87031 87032 45248c 3 API calls 87031->87032 87033 4b83eb 87032->87033 87034 40e828 332 API calls 87033->87034 87037 4b83af 87033->87037 87035 4b8415 87034->87035 87036 45248c 3 API calls 87035->87036 87039 4b8433 87036->87039 87037->86529 87038 4b8465 87040 4b849b wcsrchr 87038->87040 87041 4b8489 wcschr 87038->87041 87046 4b84cc 87038->87046 87039->87037 87039->87038 87039->87039 87043 41984e 332 API calls 87039->87043 87042 4b84a9 87040->87042 87041->87042 87044 411b56 GetFileAttributesW 87042->87044 87043->87038 87045 4b84bb 87044->87045 87045->87046 87058 419846 ??3@YAXPAX 87045->87058 87059 4523c2 87048->87059 87050 4524a5 87051 4524ac 87050->87051 87052 4524b8 87050->87052 87062 452165 87051->87062 87065 4521ff 87052->87065 87056 4524b1 87056->87030 87056->87037 87057 452165 RegCloseKey 87057->87056 87058->87046 87060 452165 RegCloseKey 87059->87060 87061 4523ca RegOpenKeyExW 87060->87061 87061->87050 87063 45216e RegCloseKey 87062->87063 87064 452178 87062->87064 87063->87064 87064->87056 87068 45217a RegQueryValueExW 87065->87068 87069 4521a3 87068->87069 87069->87057 87093 4136b7 87070->87093 87072 413712 87072->86557 87074 43265d 87073->87074 87096 459822 87074->87096 87076 43267d 87102 4291ff GetLocalTime 87076->87102 87078 43268e 87079 432694 87078->87079 87080 4326a8 87078->87080 87081 40e1f6 332 API calls 87079->87081 87104 428f52 GetLocalTime 87080->87104 87084 43269d 87081->87084 87083 4326bc 87085 429019 9 API calls 87083->87085 87103 43257e 332 API calls 87084->87103 87087 4326cb 87085->87087 87105 419846 ??3@YAXPAX 87087->87105 87089 43270c 87106 4325f5 87089->87106 87094 4133f0 5 API calls 87093->87094 87095 4136f3 87094->87095 87095->87072 87097 459830 87096->87097 87098 45982c 87096->87098 87099 41984e 331 API calls 87097->87099 87098->87076 87100 459837 87099->87100 87100->87098 87101 45983b memcpy 87100->87101 87101->87098 87102->87078 87103->87080 87104->87083 87105->87089 87107 432600 InterlockedExchange 87106->87107 87108 432635 87106->87108 87115 413770 87112->87115 87120 41352f 87115->87120 87124 41353f 87120->87124 87121 413674 87126 427e9b 87121->87126 87122 413158 5 API calls 87122->87124 87123 4129e1 2 API calls 87123->87124 87124->87121 87124->87122 87124->87123 87129 412991 GetLastError memset 87124->87129 87127 40e39d 332 API calls 87126->87127 87128 40e83d 87127->87128 87128->86408 87129->87124 87130->86584 87131 484d6a 87132 485018 87131->87132 87133 484d85 87131->87133 87134 485021 87132->87134 87198 485457 87132->87198 87135 484d8b 87133->87135 87136 484ff7 87133->87136 87138 4852e0 87134->87138 87139 485035 87134->87139 87150 4852f2 87134->87150 87143 484e9e 87135->87143 87174 4850b5 87135->87174 87185 484d9b 87135->87185 87136->87143 87288 41d9a6 334 API calls 87136->87288 87137 485a44 87137->87143 87345 41a875 setsockopt 87137->87345 87138->87143 87148 4853b9 87138->87148 87138->87150 87146 485043 87139->87146 87180 485519 87139->87180 87141 484fa1 87141->87143 87160 4855aa 87141->87160 87287 41d9a6 334 API calls 87141->87287 87142 485647 87142->87143 87323 41d9a6 334 API calls 87142->87323 87145 485013 87145->87143 87295 41d9a6 334 API calls 87145->87295 87146->87143 87289 41e0f1 342 API calls 87146->87289 87306 41ac49 7 API calls 87148->87306 87150->87143 87152 4853b2 87150->87152 87156 485408 87150->87156 87151 484e46 87161 484e91 87151->87161 87175 484e64 87151->87175 87308 48176b 335 API calls 87152->87308 87154 484fc0 87159 484fd9 87154->87159 87154->87160 87309 41ac49 7 API calls 87156->87309 87157 48507a 87163 48507e 87157->87163 87157->87174 87158 4853c1 87165 40e828 332 API calls 87158->87165 87301 48176b 335 API calls 87159->87301 87320 47db15 334 API calls 87160->87320 87161->87143 87281 41e646 87161->87281 87290 41adc1 GetLastError memset GetLastError htonl WSAAddressToStringA 87163->87290 87172 4853d0 87165->87172 87167 48540d 87176 40e828 332 API calls 87167->87176 87170 485185 87170->87159 87190 4851bc 87170->87190 87171 4854af 87171->87143 87171->87180 87312 41b78c _strnicmp 87171->87312 87307 48176b 335 API calls 87172->87307 87173 4850fe 87293 47e7fa setsockopt setsockopt 87173->87293 87174->87143 87174->87173 87292 41a875 setsockopt 87174->87292 87285 41e0d9 332 API calls 87175->87285 87182 48541c 87176->87182 87178 485085 87183 40e828 332 API calls 87178->87183 87180->87141 87180->87143 87197 485567 87180->87197 87310 48176b 335 API calls 87182->87310 87188 485094 87183->87188 87184 484e8f 87286 41a84a setsockopt 87184->87286 87185->87151 87284 47dc78 332 API calls 87185->87284 87291 48176b 335 API calls 87188->87291 87296 47db15 334 API calls 87190->87296 87192 4854d6 87200 4854e6 87192->87200 87313 41b78c _strnicmp 87192->87313 87194 485a19 87196 40e828 332 API calls 87194->87196 87205 485a32 87196->87205 87197->87143 87317 481091 8 API calls 87197->87317 87198->87137 87198->87141 87198->87142 87198->87143 87198->87171 87311 492044 333 API calls 87198->87311 87200->87180 87314 41b78c _strnicmp 87200->87314 87201 485123 87212 485155 87201->87212 87213 485280 87201->87213 87204 4851c6 87297 482fb6 335 API calls 87204->87297 87344 48176b 335 API calls 87205->87344 87211 4854f6 87211->87180 87315 4647d0 343 API calls 87211->87315 87294 47da09 GetLastError memset GetLastError htonl WSAAddressToStringA 87212->87294 87302 481091 8 API calls 87213->87302 87214 485666 87214->87143 87324 450f95 7 API calls 87214->87324 87215 4856d0 87325 4277ff 332 API calls 87215->87325 87216 485584 87318 41d9a6 334 API calls 87216->87318 87220 4855c3 87220->87194 87321 482633 338 API calls 87220->87321 87226 4856e1 87326 43d072 339 API calls 87226->87326 87227 48528e 87227->87143 87303 41d9a6 334 API calls 87227->87303 87228 485631 87228->87143 87322 47da09 GetLastError memset GetLastError htonl WSAAddressToStringA 87228->87322 87229 48558d 87319 48112d memcpy memcpy memset memcpy memcpy 87229->87319 87230 485509 87230->87180 87234 48550d 87230->87234 87316 41c017 332 API calls 87234->87316 87235 485710 87241 485717 87235->87241 87242 485748 87235->87242 87243 485733 GetLastError 87235->87243 87236 4852ad 87304 48112d memcpy memcpy memset memcpy memcpy 87236->87304 87238 485239 87246 48524d 87238->87246 87299 482054 341 API calls 87238->87299 87239 4852bc 87342 48176b 335 API calls 87241->87342 87242->87241 87327 482fb6 335 API calls 87242->87327 87243->87242 87245 485209 87245->87143 87245->87238 87298 47dc78 332 API calls 87245->87298 87300 4811e5 333 API calls 87246->87300 87247 4852b5 87305 47f843 7 API calls 87247->87305 87254 485876 87267 485888 87254->87267 87335 41a875 setsockopt 87254->87335 87256 485254 87256->87254 87334 47f9a4 htons 87256->87334 87257 48577c 87257->87143 87328 47e7fa setsockopt setsockopt 87257->87328 87261 485968 87264 485978 87261->87264 87340 47fc1e 334 API calls 87261->87340 87263 485794 87265 4857d5 87263->87265 87273 4857fa 87263->87273 87329 4368e1 6 API calls 87263->87329 87264->87143 87341 480599 31 API calls 87264->87341 87265->87273 87330 48176b 335 API calls 87265->87330 87267->87143 87267->87194 87267->87241 87267->87261 87268 4859b4 87267->87268 87336 41d9a6 334 API calls 87267->87336 87337 47dc78 332 API calls 87267->87337 87338 48441e 368 API calls 87267->87338 87339 482de0 335 API calls 87267->87339 87268->87261 87343 41cb33 memcpy 87268->87343 87271 48584f 87274 485863 87271->87274 87332 482054 341 API calls 87271->87332 87273->87143 87273->87271 87331 47dc78 332 API calls 87273->87331 87333 4811e5 333 API calls 87274->87333 87346 41de7f 87281->87346 87283 41e657 87283->87184 87284->87151 87285->87184 87286->87143 87287->87154 87288->87145 87289->87157 87290->87178 87291->87143 87292->87173 87293->87201 87294->87145 87295->87170 87296->87204 87297->87245 87298->87238 87299->87246 87300->87256 87301->87143 87302->87227 87303->87236 87304->87247 87305->87239 87306->87158 87307->87143 87308->87143 87309->87167 87310->87143 87311->87171 87312->87192 87313->87200 87314->87211 87315->87230 87316->87143 87317->87216 87318->87229 87319->87239 87320->87220 87321->87228 87322->87142 87323->87214 87324->87215 87325->87226 87326->87235 87327->87257 87328->87263 87329->87265 87330->87273 87331->87271 87332->87274 87333->87256 87334->87254 87335->87267 87336->87267 87337->87267 87338->87267 87339->87267 87340->87264 87341->87143 87342->87143 87343->87261 87344->87137 87345->87143 87347 41de97 87346->87347 87348 41df60 87347->87348 87352 41deb5 87347->87352 87354 41df88 87347->87354 87349 41df8a 87348->87349 87350 41df7d 87348->87350 87397 40e9ac 332 API calls 87349->87397 87363 41da60 87350->87363 87352->87354 87388 41aea3 87352->87388 87354->87283 87356 41deee 87395 4776f1 332 API calls 87356->87395 87358 41df01 87359 41df23 87358->87359 87360 41df31 GetTickCount 87359->87360 87396 47793f 332 API calls 87360->87396 87362 41df5e 87362->87354 87398 41b984 87363->87398 87365 41da76 87366 41da8e 87365->87366 87412 47440e htonl 87365->87412 87406 41cd9d socket 87366->87406 87369 41dad6 WSAGetLastError 87387 41dae7 87369->87387 87370 41dace 87370->87369 87371 41db31 setsockopt 87370->87371 87374 41dbbb GetTickCount 87370->87374 87372 41db7b 87371->87372 87373 41db4f _errno _errno strerror 87371->87373 87413 41b1ae htons htons bind 87372->87413 87376 41db73 87373->87376 87375 41aea3 2 API calls 87374->87375 87379 41dbf1 connect 87375->87379 87376->87369 87378 41db86 87378->87374 87380 41db8b _errno _errno strerror 87378->87380 87381 41dc53 GetTickCount 87379->87381 87382 41dc0d WSAGetLastError 87379->87382 87383 41dbb3 87380->87383 87386 41dc64 87381->87386 87384 41dc1a 87382->87384 87383->87369 87384->87387 87414 41bc5b ??2@YAPAXI 87384->87414 87386->87387 87387->87354 87389 41aeb4 87388->87389 87390 41aeb8 htons 87389->87390 87391 41aeed htons 87389->87391 87394 41af25 87390->87394 87391->87394 87394->87356 87395->87358 87396->87362 87397->87354 87399 41b997 87398->87399 87401 41ba4e 87398->87401 87400 41b99d setsockopt 87399->87400 87405 41b9c1 87399->87405 87400->87405 87404 41ba98 87401->87404 87416 478089 332 API calls 87401->87416 87404->87365 87415 41aa94 closesocket 87405->87415 87407 41cdba 87406->87407 87408 41cddf 87406->87408 87409 41cdc0 setsockopt 87407->87409 87410 41cdd8 87407->87410 87408->87370 87409->87410 87417 41b959 87410->87417 87412->87366 87413->87378 87414->87387 87415->87401 87416->87404 87418 41b982 87417->87418 87419 41b962 87417->87419 87418->87408 87421 41a9ec WSAEventSelect 87419->87421 87421->87418 87422 41d5c3 87432 41d5de 87422->87432 87423 41d8d1 87424 41d60d GetLastError 87424->87432 87425 41d669 GetLastError 87425->87432 87426 41d6c6 GetLastError 87426->87432 87428 41d8da WSAGetLastError 87429 41d8eb 87428->87429 87430 41b959 WSAEventSelect 87429->87430 87430->87423 87431 41d747 GetLastError 87431->87432 87432->87423 87432->87424 87432->87425 87432->87426 87432->87428 87432->87429 87432->87431 87433 41d7bd GetLastError 87432->87433 87434 41d7ef GetLastError 87432->87434 87435 41d814 GetLastError 87432->87435 87436 41d383 332 API calls 87432->87436 87437 41a6ab 87432->87437 87433->87432 87434->87432 87435->87432 87436->87432 87443 4a6b70 87437->87443 87439 41a6d4 WSARecv 87440 41a787 87439->87440 87441 41a7c1 87440->87441 87442 41a7a9 WSASetLastError 87440->87442 87441->87432 87442->87441 87444 4a6b7c 87443->87444 87444->87439 87444->87444 87445 4b086f KiUserCallbackDispatcher 87446 4b088c 87445->87446 87447 45e880 87469 488f6b 87447->87469 87449 45e89d 87450 41984e 332 API calls 87449->87450 87451 45e8aa 87450->87451 87475 4b2c58 87451->87475 87453 45e8b4 87454 413713 5 API calls 87453->87454 87455 45e8cf 87454->87455 87456 41247e 332 API calls 87455->87456 87457 45e8eb 87456->87457 87478 4746ee 87457->87478 87459 45e8f5 _getpid 87460 45e93f 87459->87460 87518 489741 87460->87518 87463 413713 5 API calls 87464 45ea40 87463->87464 87465 413713 5 API calls 87464->87465 87466 45ea61 InterlockedExchangeAdd 87465->87466 87523 413e07 87466->87523 87468 45ea85 87470 488f8c 87469->87470 87471 423423 6 API calls 87470->87471 87472 488f97 87471->87472 87528 4799a4 87472->87528 87474 489023 87474->87449 87532 40e80a 87475->87532 87479 474702 87478->87479 87480 474718 87478->87480 87479->87459 87481 474803 strrchr 87480->87481 87482 47472f 87480->87482 87483 474816 87481->87483 87484 47483a strchr 87481->87484 87490 4708fa 3 API calls 87482->87490 87536 44d9db strtoul 87483->87536 87485 4748ba 87484->87485 87486 474848 87484->87486 87539 44da4a WSAStringToAddressA 87485->87539 87488 474860 GetLastError 87486->87488 87493 474857 87486->87493 87488->87493 87491 474745 87490->87491 87492 4708fa 3 API calls 87491->87492 87496 47474d 87492->87496 87494 4708fa 3 API calls 87493->87494 87497 474876 87494->87497 87495 474820 87495->87479 87537 47440e htonl 87495->87537 87499 474757 87496->87499 87500 474768 GetLastError 87496->87500 87501 4708fa 3 API calls 87497->87501 87502 4708fa 3 API calls 87499->87502 87504 47475c 87500->87504 87503 47487e memcpy 87501->87503 87502->87504 87538 44d9db strtoul 87503->87538 87505 4708fa 3 API calls 87504->87505 87507 474780 87505->87507 87509 4708fa 3 API calls 87507->87509 87508 47489d 87508->87479 87510 4748a5 atoi 87508->87510 87511 474788 87509->87511 87510->87495 87512 4708fa 3 API calls 87511->87512 87513 474790 memcpy strrchr 87512->87513 87513->87479 87514 4747b2 87513->87514 87535 44da4a WSAStringToAddressA 87514->87535 87516 4747c5 87516->87479 87517 4747dd atoi 87516->87517 87517->87479 87519 45ea1a 87518->87519 87522 48975f 87518->87522 87519->87463 87520 489781 strncpy 87520->87522 87521 413713 GetLastError memset GetLastError htonl WSAAddressToStringA 87521->87522 87522->87519 87522->87520 87522->87521 87540 432136 87523->87540 87525 413e21 87526 413e28 87525->87526 87527 413e2d CloseHandle 87525->87527 87526->87527 87527->87468 87529 4799bd 87528->87529 87530 41984e 332 API calls 87529->87530 87531 4799f9 87530->87531 87531->87474 87533 41370a 5 API calls 87532->87533 87534 40e81f 87533->87534 87534->87453 87535->87516 87536->87495 87537->87479 87538->87508 87539->87479 87541 432149 87540->87541 87542 43214c CreateThread 87540->87542 87541->87542 87543 43217b 87542->87543 87555 4ba8cb 87542->87555 87567 41e882 GetCurrentThreadId 87542->87567 87570 42bf07 87542->87570 87598 4b6f21 87542->87598 87606 42d30f 87542->87606 87619 45e71a 87542->87619 87546 43202a 87543->87546 87545 43218b 87545->87525 87547 432036 87546->87547 87550 40e95d 87547->87550 87549 43205c 87549->87545 87551 40e974 memmove 87550->87551 87552 40e96c 87550->87552 87551->87549 87554 40e8e0 332 API calls 87552->87554 87554->87551 87556 4ba8d9 87555->87556 87557 41ab7d GetCurrentThreadId 87556->87557 87558 4ba8de 87557->87558 87634 40556a ??2@YAPAXI 87558->87634 87563 4ba90b 87664 419846 ??3@YAXPAX 87563->87664 87566 4ba91a 87846 41e6a3 87567->87846 87569 41e896 87929 42b2c6 87570->87929 87572 42bf15 WaitForSingleObject 87595 42bf2e 87572->87595 87573 42c0f5 GetTickCount 87573->87595 87596 42c105 87573->87596 87578 42c431 GetTickCount 87578->87596 87581 42b7d0 7 API calls 87581->87595 87583 40e0d6 325 API calls 87583->87595 87584 42c238 ??2@YAPAXI 87584->87596 87585 42c18b ??2@YAPAXI 87585->87596 87586 40e80a 5 API calls 87586->87595 87588 40e0d6 325 API calls 87588->87596 87590 42c338 ??2@YAPAXI 87590->87595 87591 42c30d WSAGetLastError 87591->87596 87593 42b4e7 17 API calls 87593->87595 87595->87572 87595->87573 87595->87578 87595->87581 87595->87583 87595->87584 87595->87585 87595->87586 87595->87590 87595->87591 87595->87593 87595->87596 87933 42c9da 87595->87933 87936 42b252 87595->87936 87941 42b9d0 ??3@YAXPAX 87595->87941 87942 42ba35 ??3@YAXPAX 87595->87942 87943 42b969 ??3@YAXPAX 87595->87943 87945 42bc78 332 API calls 87595->87945 87947 40e884 87595->87947 87951 47445f htons htons 87595->87951 87952 42b688 ??3@YAXPAX 87595->87952 87596->87578 87596->87588 87596->87595 87944 42bc78 332 API calls 87596->87944 87946 419846 ??3@YAXPAX 87596->87946 87953 42b288 9 API calls 87596->87953 87599 41ab7d GetCurrentThreadId 87598->87599 87600 4b6f26 87599->87600 87601 4b6f4e 87600->87601 87602 4b6f3d 87600->87602 87604 47b9ec 332 API calls 87601->87604 87966 42154c 332 API calls 87602->87966 87605 4b6f4c 87604->87605 87607 41ab7d GetCurrentThreadId 87606->87607 87608 42d315 87607->87608 87617 42d320 87608->87617 87967 48672a 332 API calls 87608->87967 87610 42d361 87611 42d37b 87610->87611 87613 41ab7d GetCurrentThreadId 87610->87613 87612 41ab7d GetCurrentThreadId 87611->87612 87614 42d380 87612->87614 87616 42d36c 87613->87616 87614->87617 87969 46c162 332 API calls 87614->87969 87968 48607e 332 API calls 87616->87968 87970 493568 87619->87970 87621 45e812 87622 41ab7d GetCurrentThreadId 87621->87622 87623 45e82d 87622->87623 87624 40556a 331 API calls 87623->87624 87625 45e83b 87624->87625 87976 42154c 332 API calls 87625->87976 87627 413713 GetLastError memset GetLastError htonl WSAAddressToStringA 87629 45e743 87627->87629 87628 45e850 87630 45e85c 87628->87630 87977 4033b6 InterlockedDecrement 87628->87977 87629->87621 87629->87627 87978 419846 ??3@YAXPAX 87630->87978 87633 45e86a InterlockedExchangeAdd 87635 405586 87634->87635 87636 40559d 87634->87636 87668 403308 332 API calls 87635->87668 87665 4053b3 87636->87665 87640 47b9ec ??2@YAPAXI 87641 47ba04 87640->87641 87669 47b336 87641->87669 87644 47ba8b 87649 47ba61 87644->87649 87675 41e98a strchr tolower tolower 87644->87675 87645 47ba5d 87645->87644 87648 4782bf 3 API calls 87645->87648 87645->87649 87648->87644 87656 47ba6a 87649->87656 87693 47b39d InterlockedDecrement ??3@YAXPAX 87649->87693 87650 47bad7 87652 47bae1 87650->87652 87653 47baea 87650->87653 87694 4195bc 332 API calls 87652->87694 87695 4197a3 87653->87695 87654 47baa1 87654->87650 87658 47babb InternetSetCookieA strchr 87654->87658 87656->87563 87663 4033b6 InterlockedDecrement 87656->87663 87658->87654 87659 47bae8 87676 47b965 87659->87676 87663->87563 87664->87566 87666 4053c0 InterlockedIncrement 87665->87666 87667 4053ca 87665->87667 87666->87667 87667->87640 87668->87636 87670 47b344 87669->87670 87671 47b35d 87669->87671 87672 47b352 87670->87672 87673 47b348 InterlockedIncrement 87670->87673 87671->87645 87692 47b48a 332 API calls 87671->87692 87672->87671 87703 4033b6 InterlockedDecrement 87672->87703 87673->87672 87675->87654 87704 47b8e3 87676->87704 87692->87645 87693->87656 87694->87659 87696 4197a7 87695->87696 87697 4197aa 87695->87697 87696->87659 87698 45982c 87697->87698 87699 41984e 331 API calls 87697->87699 87698->87659 87700 459837 87699->87700 87700->87698 87701 45983b memcpy 87700->87701 87701->87698 87703->87671 87705 47b8ee 87704->87705 87706 47b8fe 87704->87706 87847 428f88 3 API calls 87846->87847 87851 41e6b5 87847->87851 87848 41e6f4 Sleep 87848->87851 87851->87848 87852 428f88 3 API calls 87851->87852 87853 41ab7d GetCurrentThreadId 87851->87853 87855 41e7b4 87851->87855 87856 42a2fc 9 API calls 87851->87856 87861 41e87d 87851->87861 87863 429cd8 87851->87863 87867 41a9d9 WSAWaitForMultipleEvents 87851->87867 87868 41e65a 87851->87868 87873 448e23 HeapCompact 87851->87873 87874 413d42 87851->87874 87877 41e5fb 87851->87877 87890 41c0db htonl strtoul htons htons 87851->87890 87852->87851 87853->87851 87889 47b1a8 332 API calls 87855->87889 87856->87851 87861->87569 87864 429ce1 87863->87864 87865 429ce6 87863->87865 87891 429c31 87864->87891 87865->87851 87867->87851 87869 41e6a1 87868->87869 87871 41e661 87868->87871 87869->87851 87870 41e689 WSAWaitForMultipleEvents 87870->87869 87870->87871 87871->87870 87903 41e501 87871->87903 87873->87851 87875 413d54 87874->87875 87876 413d4b RtlCompactHeap 87874->87876 87875->87851 87876->87875 87878 41e60a 87877->87878 87888 41e61e 87877->87888 87880 41ab7d GetCurrentThreadId 87878->87880 87882 41e60f 87880->87882 87881 41e635 87883 41ab7d GetCurrentThreadId 87881->87883 87917 42b735 87882->87917 87885 41e63a 87883->87885 87886 41e614 87921 44c50a 87886->87921 87926 420e4d 332 API calls 87888->87926 87889->87851 87890->87851 87892 429c3f 87891->87892 87893 4523c2 2 API calls 87892->87893 87894 429cab 87892->87894 87895 429c64 87893->87895 87894->87865 87899 429c7b 87895->87899 87901 45234f RegQueryInfoKeyW 87895->87901 87897 4523c2 2 API calls 87898 429c94 87897->87898 87898->87894 87902 45234f RegQueryInfoKeyW 87898->87902 87899->87894 87899->87897 87901->87899 87902->87894 87904 41e519 87903->87904 87906 41e52c 87903->87906 87911 41aa09 WSAEnumNetworkEvents 87904->87911 87906->87871 87908 41e5c7 87910 41de7f 332 API calls 87908->87910 87910->87906 87912 41aa2c WSAGetLastError 87911->87912 87915 41aa4c 87911->87915 87913 4327b6 329 API calls 87912->87913 87914 41aa3f WSAGetLastError 87913->87914 87914->87915 87915->87906 87915->87908 87916 41b0e4 ??3@YAXPAX 87915->87916 87916->87908 87918 42b73e 87917->87918 87920 42b776 87917->87920 87918->87920 87927 42b6a7 ??3@YAXPAX 87918->87927 87920->87886 87924 44c4a2 87921->87924 87922 44c506 87922->87888 87923 44c4f2 87923->87924 87928 44b87f 332 API calls 87923->87928 87924->87922 87924->87923 87926->87881 87927->87918 87928->87923 87930 42b2cf 87929->87930 87932 42b2de 87929->87932 87954 4320e8 87930->87954 87932->87572 87959 479954 87933->87959 87935 42c9e8 WSAStringToAddressA 87935->87595 87937 42b266 getaddrinfo WSASetLastError 87936->87937 87938 42b25b 87936->87938 87937->87595 87965 42b0e7 9 API calls 87938->87965 87940 42b261 87940->87937 87941->87595 87942->87595 87943->87595 87944->87596 87945->87595 87946->87596 87948 40e893 87947->87948 87949 4197a3 332 API calls 87948->87949 87950 40e89a 87949->87950 87950->87595 87951->87595 87952->87595 87955 43212a RtlInitializeCriticalSection 87954->87955 87956 4320fe RtlEnterCriticalSection 87954->87956 87955->87932 87957 43210f 87956->87957 87958 432123 RtlLeaveCriticalSection 87957->87958 87958->87955 87960 47996a WSAStartup 87959->87960 87964 479966 87959->87964 87961 4799a0 87960->87961 87962 479980 87960->87962 87961->87935 87963 47999a WSACleanup 87962->87963 87962->87964 87963->87961 87964->87935 87965->87940 87966->87605 87967->87610 87968->87611 87969->87617 87979 4933f5 87970->87979 87972 4935d2 87972->87629 87973 493579 87973->87972 87975 40e39d 332 API calls 87973->87975 87987 493473 87973->87987 87975->87973 87976->87628 87977->87630 87978->87633 87980 49346f 87979->87980 87981 4933ff LoadLibraryW 87979->87981 87980->87973 87982 493413 87981->87982 87983 493417 GetProcAddress 87981->87983 87982->87973 87984 49342e FreeLibrary 87983->87984 87985 493443 GetProcAddress 87983->87985 87984->87982 87985->87984 87986 493459 GetProcAddress 87985->87986 87986->87980 87986->87984 87988 4933f5 5 API calls 87987->87988 87990 493484 87988->87990 87989 493560 87989->87973 87990->87989 87991 4934b3 Icmp6CreateFile 87990->87991 87991->87989 87992 4934c1 87991->87992 87993 4934f9 htonl htonl IcmpSendEcho 87992->87993 87994 49352a SetLastError 87992->87994 87995 493535 87993->87995 87994->87995 87996 49353a GetLastError 87995->87996 87997 493544 87995->87997 87998 493553 IcmpCloseHandle 87996->87998 87997->87998 87998->87989 87999 4a6c62 __set_app_type __p__fmode __p__commode 88000 4a6cd1 87999->88000 88001 4a6cd9 __setusermatherr 88000->88001 88002 4a6ce5 88000->88002 88001->88002 88011 4a6eda _controlfp 88002->88011 88004 4a6cea _initterm __getmainargs _initterm 88005 4a6d3e GetStartupInfoA 88004->88005 88007 4a6d72 GetModuleHandleA 88005->88007 88012 40db1b TlsAlloc GetCommandLineW 88007->88012 88011->88004 88013 419597 332 API calls 88012->88013 88014 40db40 88013->88014 88017 40c99d 88014->88017 88310 42a00e 6 API calls 88017->88310 88019 40c9b6 88313 461a4d VirtualAlloc SetUnhandledExceptionFilter 88019->88313 88021 40c9c5 73535D90 88022 40c9ec 88021->88022 88026 40c9f1 88021->88026 88522 470342 88022->88522 88028 40ca76 exit 88026->88028 88029 40ca8b 88026->88029 88314 432071 RtlInitializeCriticalSection RtlEnterCriticalSection GetCurrentThreadId 88026->88314 88317 51a41c 88026->88317 88323 51a384 88026->88323 88028->88026 88030 4320e8 3 API calls 88029->88030 88031 40ca9a 88030->88031 88327 44d456 88031->88327 88033 40ca9f 88330 4330f5 88033->88330 88035 40caf9 88338 42a2fc 88035->88338 88038 429019 9 API calls 88039 40cb03 88038->88039 88040 423423 6 API calls 88039->88040 88041 40cb1a 88040->88041 88341 42920d GetModuleHandleA 88041->88341 88045 40cb5a 88345 46e01e 88045->88345 88047 40cb9d 88357 416893 88047->88357 88048 40cb68 88048->88047 88525 432902 337 API calls 88048->88525 88311 428f88 3 API calls 88310->88311 88312 42a09d 88311->88312 88312->88019 88313->88021 88315 43202a 332 API calls 88314->88315 88316 4320d0 RtlLeaveCriticalSection 88315->88316 88316->88026 88318 51a426 88317->88318 88319 51a384 4 API calls 88318->88319 88320 51a439 88319->88320 88321 51a440 exit 88320->88321 88322 51a447 88320->88322 88321->88322 88322->88026 88324 51a398 88323->88324 88325 51a3e5 88324->88325 88536 522b11 88324->88536 88325->88026 88545 429097 QueryPerformanceCounter 88327->88545 88329 44d460 88329->88033 88331 48ef10 88330->88331 88548 40e096 88331->88548 88334 40e884 332 API calls 88335 48ef2e 88334->88335 88552 4185ec 88335->88552 88337 48ef43 88337->88035 88339 429019 9 API calls 88338->88339 88340 40cafe 88339->88340 88340->88038 88342 429229 GetProcAddress 88341->88342 88343 42921e LoadLibraryA 88341->88343 88344 40cb38 GetCurrentThreadId 88342->88344 88343->88342 88343->88344 88344->88045 88346 46e02e 88345->88346 88347 46e0c2 88346->88347 88352 41247e 332 API calls 88346->88352 88355 41247e 332 API calls 88346->88355 88558 40e935 332 API calls 88346->88558 88559 4137ea GetLastError memset GetLastError htonl WSAAddressToStringA 88346->88559 88348 46e13b 88347->88348 88350 46e0c7 88347->88350 88351 46e107 ??2@YAPAXI 88347->88351 88349 46e146 ??2@YAPAXI 88348->88349 88348->88350 88349->88350 88350->88048 88351->88347 88354 46e06e _strcmpi 88352->88354 88354->88346 88355->88346 88560 4167a6 GetModuleFileNameW 88357->88560 88523 47034b ??2@YAPAXI 88522->88523 88524 470357 88522->88524 88523->88524 88524->88026 88525->88047 88539 522aa9 CryptAcquireContextW 88536->88539 88540 522ad2 CryptAcquireContextW 88539->88540 88541 522ae9 CryptGenRandom 88539->88541 88540->88541 88542 522ae5 88540->88542 88543 522afe CryptReleaseContext 88541->88543 88544 522b0d 88541->88544 88542->88325 88543->88542 88544->88543 88546 428f88 3 API calls 88545->88546 88547 4290af __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 88546->88547 88547->88329 88549 40e0a4 88548->88549 88550 40e0a9 88548->88550 88551 4197a3 332 API calls 88549->88551 88550->88334 88551->88550 88553 4185ff ??2@YAPAXI 88552->88553 88556 418617 88552->88556 88554 41860d 88553->88554 88553->88556 88557 453251 332 API calls 88554->88557 88556->88337 88557->88556 88558->88346 88559->88346 88575 44d85d wcschr 88560->88575 88576 4167d8 88575->88576 88834 46f48f 88863 46e424 88834->88863 88837 46f4ab 88868 46e8c7 CryptReleaseContext 88837->88868 88839 46f512 88841 46f6ae 88839->88841 88842 46f51e CryptAcquireContextW 88839->88842 88840 46f4b8 88840->88839 88840->88841 88847 46f4df PFXImportCertStore 88840->88847 88871 46e8c7 CryptReleaseContext 88841->88871 88844 46f551 CryptGenKey 88842->88844 88845 46f53d CryptAcquireContextW 88842->88845 88843 46f4b3 88848 46f6a6 88844->88848 88849 46f56d CertOpenStore CertStrToNameW 88844->88849 88845->88844 88845->88848 88847->88842 88850 46f505 CertEnumCertificatesInStore 88847->88850 88870 46e88c CryptDestroyKey 88848->88870 88852 46f5b1 88849->88852 88853 46f59f CertCloseStore 88849->88853 88850->88839 88854 41984e 332 API calls 88852->88854 88853->88848 88855 46f5b9 CertStrToNameW CertCreateSelfSignCertificate 88854->88855 88856 46f64a PFXExportCertStoreEx 88855->88856 88857 46f628 CertSetCRLContextProperty CertAddCertificateContextToStore 88855->88857 88858 46f698 88856->88858 88859 46f669 88856->88859 88857->88856 88858->88848 88869 419846 ??3@YAXPAX 88858->88869 88860 41984e 332 API calls 88859->88860 88862 46f671 PFXExportCertStoreEx 88860->88862 88862->88858 88872 46e375 88863->88872 88866 46e442 88866->88837 88866->88840 88867 4782bf 3 API calls 88867->88866 88868->88843 88869->88848 88870->88841 88871->88843 88873 46e38c GetVersionExW 88872->88873 88875 46e385 88872->88875 88874 46e3ab 88873->88874 88873->88875 88874->88875 88876 46e3e7 LoadLibraryA 88874->88876 88875->88866 88875->88867 88876->88875 88877 46e3fa GetProcAddress 88876->88877 88878 46e412 FreeLibrary 88877->88878 88879 46e40a 88877->88879 88878->88875 88879->88875 88879->88878 88880 4ba762 88881 4ba8be 88880->88881 88882 4ba777 88880->88882 88891 501d30 GetModuleFileNameW 88882->88891 88884 4ba77e 88885 40e828 332 API calls 88884->88885 88889 4ba78f 88885->88889 88887 40e096 332 API calls 88887->88889 88889->88881 88889->88887 88890 40e39d 332 API calls 88889->88890 88903 41584e 88889->88903 88906 501ce9 335 API calls 88889->88906 88890->88889 88892 41215b 332 API calls 88891->88892 88893 501d63 88892->88893 88894 46b6d4 6 API calls 88893->88894 88895 501d75 88894->88895 88896 46b6d4 6 API calls 88895->88896 88897 501d8a 88896->88897 88898 46b6d4 6 API calls 88897->88898 88899 501da1 88898->88899 88900 46b6d4 6 API calls 88899->88900 88901 501db8 FindCloseChangeNotification 88900->88901 88901->88884 88907 4152e6 88903->88907 88905 415857 88905->88889 88906->88889 88908 4152ef 88907->88908 88909 4152fc 88907->88909 88908->88905 88909->88908 88910 41529d 4 API calls 88909->88910 88910->88908 88911 46b88c 88912 46b6d4 6 API calls 88911->88912 88913 46b89e 88912->88913 88914 46b8ae SetFilePointer 88913->88914 88915 46b8aa 88913->88915 88916 46b8c3 GetLastError 88914->88916 88917 46b8cd 88914->88917 88916->88915 88916->88917 88918 40e349 332 API calls 88917->88918 88919 46b8e3 ReadFile 88918->88919 88919->88915 88920 46b910 88919->88920 88921 41215b 332 API calls 88920->88921 88922 46b920 88921->88922 88922->88915 88923 46b93a WriteFile FindCloseChangeNotification 88922->88923 88923->88915 88924 4a7d20 88925 4a7d2c 88924->88925 88927 4a7d5a 88925->88927 88928 4a7af8 88925->88928 88929 4a7b0a 88928->88929 88930 4a7c62 88929->88930 88931 4a7b22 88929->88931 88935 4a7b3b 88929->88935 88930->88935 88947 40ed98 RemovePropW SetPropW GetPropW 88930->88947 88932 4a7bf1 88931->88932 88936 4a7b28 88931->88936 88933 4a7bfe ScreenToClient GetClientRect 88932->88933 88932->88935 88933->88935 88935->88927 88936->88935 88942 4ac3ea 88936->88942 88939 4a7bb9 88946 4ac419 EndPaint 88939->88946 88943 4ac3fb BeginPaint 88942->88943 88944 4a7ba6 88942->88944 88943->88944 88944->88939 88945 4a7341 GetClientRect DrawFrameControl 88944->88945 88945->88939 88946->88935 88947->88935 88948 4b2f80 SetWindowTextW 88962 40eda1 88948->88962 88952 4b2fb5 SendMessageW 88971 4a75c5 CheckDlgButton 88952->88971 88954 4b2fdc 6 API calls 88972 4a7866 GetDlgItem 88954->88972 88958 4b310a 88960 4b312b 88958->88960 88961 4b3113 GetDlgItem SendMessageW 88958->88961 88959 4b30f5 GetDlgItem SetWindowTextW 88959->88958 88961->88960 88963 40edc3 88962->88963 88964 40ee27 88963->88964 88965 40edd6 SetWindowTextW 88963->88965 88966 40ee16 GetWindow 88963->88966 88967 40ee05 SetWindowTextW 88963->88967 88968 4a70a1 88964->88968 88965->88963 88966->88963 88967->88963 88969 4a70bd LoadIconA 88968->88969 88970 4a70a7 LoadImageA 88968->88970 88969->88952 88970->88952 88971->88954 88975 4a8488 GetWindowRect 88972->88975 88978 429aa6 SetLastError MapWindowPoints 88975->88978 88979 429ad7 CreateWindowExW CreateFontIndirectA SendMessageW SetWindowTextW 88978->88979 88980 429acd GetLastError 88978->88980 88979->88958 88979->88959 88980->88979 88981 47b7aa 88982 47b7b5 88981->88982 88983 47b805 88982->88983 88984 47b8ca 88982->88984 88986 47b85d 88982->88986 88987 47b8b1 88983->88987 88988 47b80c 88983->88988 88985 41ab7d GetCurrentThreadId 88984->88985 88985->88986 88987->88986 88991 41ab7d GetCurrentThreadId 88987->88991 88989 47b815 88988->88989 88990 47b8a2 88988->88990 88992 47b887 88989->88992 88993 47b81a 88989->88993 89012 47b2d2 InternetSetOptionA InternetSetOptionA InternetQueryOptionA InternetSetOptionA 88990->89012 88991->88986 88992->88986 89011 47b39d InterlockedDecrement ??3@YAXPAX 88992->89011 88993->88986 88995 41ab7d GetCurrentThreadId 88993->88995 88997 47b82b 88995->88997 88998 47b836 88997->88998 88999 47b85f 88997->88999 89003 47b84c 88998->89003 89009 47b472 11 API calls 88998->89009 89000 47b866 88999->89000 89001 47b86f 88999->89001 89004 47b67a 332 API calls 89000->89004 89001->88986 89005 47b4c6 332 API calls 89001->89005 89003->88986 89010 47b39d InterlockedDecrement ??3@YAXPAX 89003->89010 89004->88986 89007 47b87a 89005->89007 89007->88986 89008 47b637 332 API calls 89007->89008 89008->88986 89009->89003 89010->88986 89011->88986 89012->88986 89013 4bfe1b 89014 488f6b 332 API calls 89013->89014 89015 4bfe30 89014->89015 89016 41984e 332 API calls 89015->89016 89017 4bfe3d strncpy 89016->89017 89067 429cf1 89017->89067 89019 4bfe64 89020 4b70f4 332 API calls 89019->89020 89021 4bfe6c 89020->89021 89022 46e196 332 API calls 89021->89022 89023 4bfe90 89022->89023 89024 46e196 332 API calls 89023->89024 89026 4bfeaf 89024->89026 89025 4bfec5 89095 42a5c5 89025->89095 89026->89025 89029 44d85d wcschr 89026->89029 89028 4bfeec 89032 41247e 332 API calls 89028->89032 89030 4bfed8 89029->89030 89139 4197c2 332 API calls 89030->89139 89033 4bfefa 89032->89033 89034 40e096 332 API calls 89033->89034 89035 4bff03 89034->89035 89098 42a5d4 89035->89098 89037 4bff13 89038 41247e 332 API calls 89037->89038 89039 4bff21 89038->89039 89040 40e096 332 API calls 89039->89040 89041 4bff2a 89040->89041 89101 4b98d3 89041->89101 89044 4b98d3 335 API calls 89045 4bff44 89044->89045 89046 4bff56 GetVersion 89045->89046 89047 4bff99 89046->89047 89117 4b985d 89047->89117 89068 4a6b70 89067->89068 89069 429cfe memset memset memset 89068->89069 89070 429d5b 89069->89070 89071 4523c2 2 API calls 89070->89071 89072 429d7c 89071->89072 89073 429e6b 89072->89073 89075 4521ff RegQueryValueExW 89072->89075 89074 4523c2 2 API calls 89073->89074 89076 429e7a 89074->89076 89077 429d9e 89075->89077 89078 429f2b 89076->89078 89079 4521ff RegQueryValueExW 89076->89079 89077->89073 89082 429da6 89077->89082 89080 40e1f6 332 API calls 89078->89080 89083 429e9d 89079->89083 89081 429e5e 89080->89081 89081->89019 89082->89078 89084 4523c2 2 API calls 89082->89084 89083->89078 89085 4523c2 2 API calls 89083->89085 89087 429e19 89084->89087 89085->89087 89086 4521ff RegQueryValueExW 89088 429e3b 89086->89088 89087->89078 89087->89086 89088->89078 89089 429e43 89088->89089 89090 419597 332 API calls 89089->89090 89091 429e4e 89090->89091 89140 41274a ??3@YAXPAX TlsGetValue malloc TlsSetValue 89091->89140 89093 429e55 89094 40e1f6 332 API calls 89093->89094 89094->89081 89141 42a58f GetLocaleInfoW 89095->89141 89099 42a58f 333 API calls 89098->89099 89100 42a5df 89099->89100 89100->89037 89106 4b99e2 89101->89106 89103 4b9c01 89105 4b70f4 332 API calls 89103->89105 89104 40e828 332 API calls 89104->89106 89107 4b9c09 89105->89107 89106->89103 89106->89104 89113 4b70f4 332 API calls 89106->89113 89114 4524de 333 API calls 89106->89114 89115 4b9aa5 _wcsicmp 89106->89115 89116 46e196 332 API calls 89106->89116 89144 4525ee 89106->89144 89147 452441 RegCloseKey RegQueryValueExW RegOpenKeyExW 89106->89147 89108 46e196 332 API calls 89107->89108 89109 4b9c24 89108->89109 89110 46e196 332 API calls 89109->89110 89111 4b9c57 89110->89111 89111->89044 89113->89106 89114->89106 89115->89106 89116->89106 89118 4525ee 3 API calls 89117->89118 89119 4b9877 89118->89119 89120 4b70f4 332 API calls 89119->89120 89139->89025 89140->89093 89142 40e1f6 332 API calls 89141->89142 89143 42a5bd 89142->89143 89143->89028 89145 45248c 3 API calls 89144->89145 89146 45260b 89145->89146 89146->89106 89147->89106 89148 4a761a GetDlgItem ShowWindow 89149 464535 89150 464548 89149->89150 89164 44fd6b ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 89150->89164 89152 4645b3 89165 44ec23 89152->89165 89153 464561 89153->89152 89155 4645a1 89153->89155 89156 46458d 89153->89156 89159 4197a3 332 API calls 89155->89159 89177 4137ea GetLastError memset GetLastError htonl WSAAddressToStringA 89156->89177 89157 4645bc 89162 4645c8 89157->89162 89179 450b48 333 API calls 89157->89179 89160 46459b 89159->89160 89178 44ebed ??3@YAXPAX 89160->89178 89164->89153 89166 44ec34 89165->89166 89175 44ece3 89165->89175 89167 44ec5d 89166->89167 89191 44ebed ??3@YAXPAX 89166->89191 89180 41d975 7 API calls 89167->89180 89170 44ecad 89171 459822 332 API calls 89170->89171 89172 44ecc0 89171->89172 89181 41ccf0 ??3@YAXPAX ??2@YAPAXI 89172->89181 89174 44ecc8 89174->89175 89182 41c8f7 89174->89182 89175->89157 89177->89160 89178->89152 89179->89162 89180->89170 89181->89174 89190 41c90a 89182->89190 89184 41cae7 WSAGetLastError 89185 41caf4 89184->89185 89187 41cab4 89185->89187 89188 41b959 WSAEventSelect 89185->89188 89187->89175 89188->89187 89189 41ca51 GetLastError 89189->89190 89190->89184 89190->89187 89192 41a591 89190->89192 89198 4a8f3d 16 API calls 89190->89198 89191->89167 89193 4a6b70 89192->89193 89194 41a5ba WSASend 89193->89194 89195 41a668 89194->89195 89196 41a694 89195->89196 89197 41a67c WSASetLastError 89195->89197 89196->89190 89197->89196 89198->89189 89199 4ba49f 89200 40e096 332 API calls 89199->89200 89201 4ba4b2 89200->89201 89212 4b9cf0 89201->89212 89203 4ba4b7 89204 4b985d 333 API calls 89203->89204 89205 4ba4be 89204->89205 89206 4b70f4 332 API calls 89205->89206 89207 4ba4d4 89206->89207 89208 46e196 332 API calls 89207->89208 89209 4ba4f8 89208->89209 89210 46e196 332 API calls 89209->89210 89211 4ba516 89210->89211 89213 4b70f4 332 API calls 89212->89213 89214 4b9d01 89213->89214 89215 46e196 332 API calls 89214->89215 89216 4b9d28 89215->89216 89217 46e196 332 API calls 89216->89217 89218 4b9d47 89217->89218 89219 4b70f4 332 API calls 89218->89219 89220 4b9d66 89219->89220 89221 46e196 332 API calls 89220->89221 89222 4b9d81 89221->89222 89223 46e196 332 API calls 89222->89223 89230 4b9d9a 89223->89230 89224 4b9e02 89225 4b70f4 332 API calls 89224->89225 89226 4b9e0a 89225->89226 89228 46e196 332 API calls 89226->89228 89227 40e80a 5 API calls 89227->89230 89229 4b9e25 89228->89229 89231 46e196 332 API calls 89229->89231 89230->89224 89230->89227 89232 4b9e49 89230->89232 89234 4b9e44 89231->89234 89233 4b70f4 332 API calls 89232->89233 89235 4b9e51 89233->89235 89234->89203 89236 46e196 332 API calls 89235->89236 89237 4b9e6c 89236->89237 89238 46e196 332 API calls 89237->89238 89238->89234 89239 4ba9df 89240 4baa0e GetClientRect 89239->89240 89241 4baa06 89239->89241 89242 4baa2a 89240->89242 89241->89240 89260 4bab1d 89241->89260 89261 4ac217 89242->89261 89246 4baa43 89247 4baa4e MulDiv 89246->89247 89248 4baa71 89247->89248 89249 4a7866 5 API calls 89248->89249 89250 4baa81 89249->89250 89251 4baa9b MulDiv 89250->89251 89266 4ac319 89250->89266 89253 4baab8 89251->89253 89254 4a7866 5 API calls 89253->89254 89255 4baac8 89254->89255 89256 4baae2 89255->89256 89257 4ac319 DrawTextW 89255->89257 89258 4a7866 5 API calls 89256->89258 89256->89260 89257->89256 89259 4bab08 DrawIcon 89258->89259 89259->89260 89262 4ac238 SetBkColor ExtTextOutW SetBkColor 89261->89262 89263 4ac227 FillRect 89261->89263 89264 4ac261 89262->89264 89263->89264 89265 4ac582 SetBkMode 89264->89265 89265->89246 89267 4ac34a 89266->89267 89268 4ac322 89266->89268 89267->89251 89268->89268 89269 4ac333 DrawTextW 89268->89269 89269->89267 89270 420d17 89271 4118d2 FindCloseChangeNotification 89270->89271 89272 420d2d 89271->89272 89273 420df1 89272->89273 89274 420d4a GetTickCount 89272->89274 89276 420d5c 89272->89276 89274->89276 89275 420d6f 89280 41c017 332 API calls 89275->89280 89276->89275 89279 419846 ??3@YAXPAX 89276->89279 89279->89275 89280->89273 89281 4a8050 ??2@YAPAXI 89282 4a8067 89281->89282 89285 4a70e1 89282->89285 89286 4a70f8 89285->89286 89287 4a7131 89286->89287 89290 4a720f 89286->89290 89293 4a71da KiUserCallbackDispatcher 89286->89293 89294 4a7582 89290->89294 89293->89287 89295 4a7595 89294->89295 89296 42920d 3 API calls 89295->89296 89297 4a7240 89296->89297 89297->89287 89298 411a5d GetDiskFreeSpaceExW 89299 411a7a 89298->89299 89300 43069f 89311 4306bb 89300->89311 89334 4307f2 89300->89334 89301 41ab7d GetCurrentThreadId 89307 4307c3 89301->89307 89302 43096e 89305 428f88 3 API calls 89302->89305 89367 43150f 89302->89367 89304 430713 89310 43073d 89304->89310 89458 42d771 332 API calls 89304->89458 89315 430996 89305->89315 89306 4308b7 89309 430946 89306->89309 89461 4892c8 332 API calls 89306->89461 89316 423423 6 API calls 89307->89316 89385 42d3bd 89309->89385 89310->89301 89311->89304 89457 4aca85 334 API calls 89311->89457 89321 470342 ??2@YAPAXI 89315->89321 89319 4307d4 89316->89319 89318 43090d 89462 4894bc 332 API calls 89318->89462 89330 41ab7d GetCurrentThreadId 89319->89330 89319->89334 89325 4309ee 89321->89325 89324 430798 89329 4327f2 332 API calls 89324->89329 89400 47027a 89325->89400 89326 430935 89463 4894bc 332 API calls 89326->89463 89329->89310 89331 4307eb 89330->89331 89333 423423 6 API calls 89331->89333 89332 43082d 89332->89306 89459 40dd50 memcpy 89332->89459 89460 434389 ??3@YAXPAX 89332->89460 89333->89334 89334->89302 89375 455acb 89334->89375 89336 430ac3 89337 430aea 89336->89337 89354 430aef 89336->89354 89468 429348 7 API calls 89337->89468 89341 4309f7 89341->89336 89465 4447a1 538 API calls 89341->89465 89466 44a8a0 333 API calls 89341->89466 89467 42dbee ??3@YAXPAX 89341->89467 89343 430c22 89357 430c69 89343->89357 89374 430cbf 89343->89374 89473 42d4d9 ??3@YAXPAX 89343->89473 89353 431492 89365 4314ad 89353->89365 89477 4669e4 memcpy 89353->89477 89354->89343 89354->89367 89354->89374 89469 442108 350 API calls 89354->89469 89470 40dd50 memcpy 89354->89470 89471 42e61d 333 API calls 89354->89471 89472 42d4d9 ??3@YAXPAX 89354->89472 89355 429019 9 API calls 89358 431447 89355->89358 89357->89374 89474 42e6c0 333 API calls 89357->89474 89450 42a6a5 89358->89450 89363 43145b 89364 41247e 332 API calls 89363->89364 89366 431466 89364->89366 89365->89367 89478 4266a4 343 API calls 89365->89478 89369 40e80a 5 API calls 89366->89369 89371 43147b 89369->89371 89476 42946c GetModuleHandleA LoadLibraryA GetProcAddress 89371->89476 89373 430ce0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 89405 408eb1 89373->89405 89374->89373 89475 42cc77 htonl strtoul 89374->89475 89377 455ae9 89375->89377 89376 455b96 GlobalMemoryStatus 89378 455bbd 89376->89378 89377->89376 89380 455c3f 89378->89380 89479 4491d9 LoadLibraryA GetProcAddress FreeLibrary GetCurrentProcess GetCurrentProcess 89378->89479 89381 455d8d 89380->89381 89382 428f88 3 API calls 89380->89382 89381->89332 89383 455d64 89382->89383 89383->89381 89480 449024 RtlEnterCriticalSection GetTickCount RtlLeaveCriticalSection 89383->89480 89386 42d3c9 89385->89386 89387 42d485 89386->89387 89390 42d430 89386->89390 89526 47440e htonl 89386->89526 89481 46dc39 89387->89481 89392 413e07 333 API calls 89390->89392 89392->89387 89393 42d40a 89394 42d413 89393->89394 89395 42d435 89393->89395 89527 47440e htonl 89394->89527 89397 4327b6 332 API calls 89395->89397 89397->89390 89398 42d41e 89399 4327b6 332 API calls 89398->89399 89399->89390 89401 428f88 3 API calls 89400->89401 89402 470289 89401->89402 89403 4702b6 GetForegroundWindow 89402->89403 89404 4702c4 89402->89404 89403->89404 89404->89341 89406 408ec5 89405->89406 89408 408ed9 89405->89408 89406->89408 89643 408dd7 InterlockedExchangeAdd 89406->89643 89415 409204 89408->89415 89644 408dd7 InterlockedExchangeAdd 89408->89644 89410 409256 89636 4292fe 89410->89636 89412 4091ec 89414 4091f0 PostMessageW 89412->89414 89412->89415 89413 409268 89417 42679b 89413->89417 89414->89415 89415->89410 89416 409233 GetModuleHandleA GetProcAddress 89415->89416 89416->89410 89421 4267ab 89417->89421 89418 426964 89429 43024f 89418->89429 89419 4268cb 89426 426913 89419->89426 89646 426657 333 API calls 89419->89646 89420 426889 89420->89418 89420->89419 89645 4254fa memcpy ??3@YAXPAX 89420->89645 89421->89420 89423 42684c ??3@YAXPAX 89421->89423 89423->89421 89425 426905 89647 426657 333 API calls 89425->89647 89426->89418 89648 426447 343 API calls 89426->89648 89430 430267 89429->89430 89431 4302af GetLastError 89430->89431 89432 4305cd 89430->89432 89433 4302a0 89430->89433 89431->89433 89432->89353 89432->89355 89434 4302dd GetLastError 89433->89434 89435 4302ce 89433->89435 89434->89435 89436 43030b GetLastError 89435->89436 89437 4302fc 89435->89437 89436->89437 89438 430339 GetLastError 89437->89438 89440 43032a 89437->89440 89438->89440 89445 4304ce 89440->89445 89649 43da41 366 API calls 89440->89649 89650 43b3a5 335 API calls 89440->89650 89446 43056a 89445->89446 89651 43b463 339 API calls 89445->89651 89652 43da41 366 API calls 89445->89652 89653 43b3a5 335 API calls 89445->89653 89446->89432 89654 43b463 339 API calls 89446->89654 89655 43da41 366 API calls 89446->89655 89656 43b3a5 335 API calls 89446->89656 89657 42961f 89450->89657 89452 42a6c0 FileTimeToSystemTime GetDateFormatA 89453 42a6f3 GetTimeFormatA 89452->89453 89454 42a6ee 89452->89454 89455 412438 332 API calls 89453->89455 89454->89453 89456 42a715 89455->89456 89456->89363 89457->89311 89458->89324 89459->89332 89460->89332 89461->89318 89462->89326 89463->89309 89464 42d48d 349 API calls 89464->89302 89465->89341 89466->89341 89467->89341 89468->89354 89469->89354 89470->89354 89471->89354 89472->89354 89473->89343 89474->89357 89475->89374 89476->89353 89477->89365 89478->89367 89479->89380 89480->89381 89482 46dc4c CreateEventW CreateThread 89481->89482 89485 46dc79 89481->89485 89482->89485 89623 46d791 InterlockedIncrement WaitForSingleObject InterlockedExchangeAdd 89482->89623 89483 46dcc8 89486 46dd48 89483->89486 89489 46dcf4 89483->89489 89497 42d48a 89483->89497 89485->89483 89535 44d9db strtoul 89485->89535 89536 46c71a 344 API calls 89485->89536 89488 46dd6d 89486->89488 89490 46dee0 89486->89490 89528 46d1b2 346 API calls 89488->89528 89489->89497 89537 46d742 343 API calls 89489->89537 89490->89497 89499 46df2a 89490->89499 89500 46df08 89490->89500 89493 46dd1a 89538 427829 332 API calls 89493->89538 89494 46dd7c 89496 46de2b 89494->89496 89529 42cdf1 333 API calls 89494->89529 89498 46de3b ??2@YAPAXI 89496->89498 89508 46de7c 89496->89508 89497->89464 89542 46c4f6 349 API calls 89498->89542 89502 46df2e 89499->89502 89503 46df49 89499->89503 89545 46c1c2 337 API calls 89500->89545 89546 46c1c2 337 API calls 89502->89546 89547 46c1c2 337 API calls 89503->89547 89505 46dd9c 89523 46ddc1 89505->89523 89530 42cb93 89505->89530 89507 46de4f 89509 46de53 closesocket 89507->89509 89510 46de70 SetEvent 89507->89510 89508->89497 89543 44d9db strtoul 89508->89543 89544 46c71a 344 API calls 89508->89544 89509->89497 89510->89508 89517 46ddcb ??2@YAPAXI 89517->89523 89518 46ddb4 89520 40e39d 332 API calls 89518->89520 89520->89523 89523->89496 89523->89517 89524 40e39d 332 API calls 89523->89524 89525 41b984 332 API calls 89523->89525 89540 41b154 332 API calls 89523->89540 89541 46c63c 344 API calls 89523->89541 89524->89523 89525->89523 89526->89393 89527->89398 89528->89494 89529->89505 89532 42cba5 89530->89532 89531 42cbf0 89539 47440e htonl 89531->89539 89532->89531 89548 42cad5 89532->89548 89534 42cbe2 htonl 89534->89531 89535->89485 89536->89485 89537->89493 89538->89497 89539->89518 89540->89523 89541->89523 89542->89507 89543->89508 89544->89508 89545->89497 89546->89497 89547->89497 89563 42c563 89548->89563 89552 42cb37 gethostname gethostbyname 89554 42cb5a 89552->89554 89562 42cb23 89552->89562 89556 42cb70 htonl 89554->89556 89554->89562 89605 47440e htonl 89556->89605 89558 42cb84 89558->89562 89559 42cb0b 89561 42cb1f 89559->89561 89604 474567 htonl 89559->89604 89561->89552 89561->89562 89562->89534 89564 42c573 LoadLibraryA 89563->89564 89565 42c647 89563->89565 89566 42c587 89564->89566 89567 42c58e GetProcAddress 89564->89567 89565->89561 89574 42ca45 89565->89574 89566->89565 89568 42c5a5 FreeLibrary 89567->89568 89569 42c5b9 GetProcAddress 89567->89569 89568->89566 89569->89568 89570 42c5cf GetProcAddress 89569->89570 89570->89568 89571 42c5e5 GetProcAddress 89570->89571 89571->89568 89572 42c5fb GetProcAddress GetProcAddress 89571->89572 89572->89568 89573 42c623 GetProcAddress GetProcAddress 89572->89573 89573->89565 89575 42ca56 89574->89575 89576 42ca85 89574->89576 89578 42ca76 GetBestInterface 89575->89578 89579 42ca5f inet_addr 89575->89579 89577 42ca8e 89576->89577 89580 42cab9 89576->89580 89581 4746ee 15 API calls 89576->89581 89577->89561 89584 42c879 89577->89584 89578->89577 89579->89578 89582 41aea3 2 API calls 89580->89582 89581->89580 89583 42cac6 GetBestInterfaceEx 89582->89583 89583->89577 89585 42c893 89584->89585 89586 42c8d1 89584->89586 89606 42c85d 89585->89606 89587 42c901 89586->89587 89610 42c836 332 API calls 89586->89610 89587->89559 89591 42c8c8 89609 419846 ??3@YAXPAX 89591->89609 89593 42c8f8 89611 419846 ??3@YAXPAX 89593->89611 89595 42c8db 89595->89593 89597 42c934 htonl 89595->89597 89596 42c913 89612 47445f htons htons 89596->89612 89614 419846 ??3@YAXPAX 89597->89614 89600 42c91e 89613 419846 ??3@YAXPAX 89600->89613 89601 42c94c 89615 47440e htonl 89601->89615 89604->89561 89605->89558 89616 42c7b6 89606->89616 89609->89586 89610->89595 89611->89587 89612->89600 89613->89587 89614->89601 89615->89587 89618 42c7c6 89616->89618 89617 419899 332 API calls 89617->89618 89618->89617 89619 42c7ff 89618->89619 89620 42c7f2 89618->89620 89619->89591 89619->89596 89620->89619 89622 419846 ??3@YAXPAX 89620->89622 89622->89619 89630 46d822 89623->89630 89632 46d7c6 89623->89632 89624 46d852 89625 46d7c9 select 89627 46d819 InterlockedExchangeAdd 89625->89627 89625->89632 89627->89625 89627->89630 89628 41ab7d GetCurrentThreadId 89628->89632 89630->89624 89634 44d9db strtoul 89630->89634 89635 46c71a 344 API calls 89630->89635 89632->89625 89632->89627 89632->89628 89633 46d295 360 API calls 89632->89633 89633->89632 89634->89630 89635->89630 89637 429324 GetLastInputInfo 89636->89637 89638 42930c 89636->89638 89640 429344 89637->89640 89641 429339 GetTickCount 89637->89641 89639 4782bf 3 API calls 89638->89639 89642 42931d 89639->89642 89640->89413 89641->89413 89642->89637 89642->89640 89643->89408 89644->89412 89645->89419 89646->89425 89647->89426 89648->89418 89649->89440 89650->89440 89651->89445 89652->89445 89653->89445 89654->89446 89655->89446 89656->89446 89658 42963a 89657->89658 89658->89452 89659 40927f 89660 4092b4 89659->89660 89661 409295 89659->89661 89663 409314 89660->89663 89665 4092cb 89660->89665 89834 448afe 367 API calls 89661->89834 89836 40430b 8 API calls 89663->89836 89664 40929a 89835 45eaa2 336 API calls 89664->89835 89669 4092d4 89665->89669 89670 409548 89665->89670 89668 40932b 89671 409527 89669->89671 89672 4092da 89669->89672 89673 409551 89670->89673 89674 409665 89670->89674 89872 4030b6 _onexit __dllonexit 89671->89872 89676 4092e3 89672->89676 89677 409436 89672->89677 89678 409652 89673->89678 89679 409557 89673->89679 89680 4096fa 89674->89680 89681 40966e 89674->89681 89684 4092e9 89676->89684 89685 40941e 89676->89685 89686 4094fb 89677->89686 89687 40943f 89677->89687 89884 4030b6 _onexit __dllonexit 89678->89884 89688 409560 89679->89688 89689 4095fd 89679->89689 89890 4030b6 _onexit __dllonexit 89680->89890 89690 409672 89681->89690 89691 4096ee 89681->89691 89682 40952e 89873 418f67 335 API calls 89682->89873 89697 4092f2 89684->89697 89698 4093d7 89684->89698 89849 4030b6 _onexit __dllonexit 89685->89849 89870 4030b6 _onexit __dllonexit 89686->89870 89700 4094d5 89687->89700 89701 409446 89687->89701 89703 4095e1 89688->89703 89704 409562 89688->89704 89699 409635 89689->89699 89739 409605 89689->89739 89705 4096cb 89690->89705 89729 409677 89690->89729 89889 407b6b 332 API calls 89691->89889 89693 409701 89891 418f67 335 API calls 89693->89891 89696 409659 89885 418f67 335 API calls 89696->89885 89717 409381 89697->89717 89718 4092fb 89697->89718 89708 409412 89698->89708 89724 409404 89698->89724 89753 4093e2 89698->89753 89883 407a84 346 API calls 89699->89883 89867 4030b6 _onexit __dllonexit 89700->89867 89719 409449 89701->89719 89720 4094bd 89701->89720 89880 4030b6 _onexit __dllonexit 89703->89880 89721 4095c5 89704->89721 89722 409567 89704->89722 89887 4030b6 _onexit __dllonexit 89705->89887 89848 407690 557 API calls 89708->89848 89712 409502 89871 418f67 335 API calls 89712->89871 89713 409425 89850 418f67 335 API calls 89713->89850 89715 409535 89874 4058b5 336 API calls 89715->89874 89842 4030b6 _onexit __dllonexit 89717->89842 89737 409300 89718->89737 89738 409366 89718->89738 89740 4094a5 89719->89740 89741 40944c 89719->89741 89864 4030b6 _onexit __dllonexit 89720->89864 89878 4030b6 _onexit __dllonexit 89721->89878 89743 4095aa 89722->89743 89744 40956c 89722->89744 89723 409708 89892 40430b 8 API calls 89723->89892 89846 4030b6 _onexit __dllonexit 89724->89846 89725 4094dc 89868 418f67 335 API calls 89725->89868 89728 4096a6 PostMessageW 89728->89668 89729->89728 89757 409680 89729->89757 89734 4095e8 89881 418f67 335 API calls 89734->89881 89736 4096d2 89888 418f67 335 API calls 89736->89888 89760 409305 89737->89760 89761 409349 89737->89761 89839 4030b6 _onexit __dllonexit 89738->89839 89739->89668 89751 409629 89739->89751 89861 4030b6 _onexit __dllonexit 89740->89861 89762 409451 89741->89762 89763 40948d 89741->89763 89877 4e41bc 336 API calls 89743->89877 89744->89668 89779 409580 89744->89779 89747 4095cc 89879 418f67 335 API calls 89747->89879 89748 409388 89843 418f67 335 API calls 89748->89843 89882 4cf2c0 867 API calls 89751->89882 89752 4094c4 89865 418f67 335 API calls 89752->89865 89753->89668 89824 4030b6 _onexit __dllonexit 89753->89824 89756 409509 ShellExecuteA 89756->89668 89757->89668 89886 40430b 8 API calls 89757->89886 89758 40942c 89851 4e8249 SetForegroundWindow ??2@YAPAXI ShowWindow 89758->89851 89760->89668 89837 42fcc0 414 API calls 89760->89837 89761->89668 89838 40861e 346 API calls 89761->89838 89777 409473 89762->89777 89778 409454 89762->89778 89858 4030b6 _onexit __dllonexit 89763->89858 89764 409716 89893 4d8771 339 API calls 89764->89893 89766 4094e3 89869 4b613d 380 API calls 89766->89869 89767 40940b 89847 418f67 335 API calls 89767->89847 89768 40936d 89840 418f67 335 API calls 89768->89840 89773 4094ac 89862 418f67 335 API calls 89773->89862 89855 4030b6 _onexit __dllonexit 89777->89855 89778->89668 89792 40945b 89778->89792 89875 4030b6 _onexit __dllonexit 89779->89875 89784 409494 89859 418f67 335 API calls 89784->89859 89785 40938f 89801 409397 89785->89801 89802 4093bb 89785->89802 89787 4093d2 89787->89668 89788 4094cb 89866 4e54e2 ??2@YAPAXI 89788->89866 89789 4093f0 89825 418f67 335 API calls 89789->89825 89852 4030b6 _onexit __dllonexit 89792->89852 89798 40947a 89856 418f67 335 API calls 89798->89856 89799 409374 89841 4e8812 340 API calls 89799->89841 89844 4a8f3d 16 API calls 89801->89844 89802->89668 89821 4093ca 89802->89821 89803 4094b3 89863 4e5932 548 API calls 89803->89863 89804 409462 89853 418f67 335 API calls 89804->89853 89805 409587 89876 418f67 335 API calls 89805->89876 89809 40949b 89860 4e6c8f SetForegroundWindow ??2@YAPAXI ShowWindow 89809->89860 89812 4093f7 89826 4de1a6 89812->89826 89817 409481 89857 4059be 344 API calls 2 library calls 89817->89857 89819 409469 89854 4e079b 336 API calls 89819->89854 89845 408306 483 API calls 89821->89845 89824->89789 89825->89812 89827 4de1c4 ??2@YAPAXI 89826->89827 89828 4de1b3 SetForegroundWindow 89826->89828 89832 4de1d3 89827->89832 89829 4de1f6 89828->89829 89830 4de203 89829->89830 89894 4da463 89829->89894 89830->89668 89833 4de1eb ShowWindow 89832->89833 89833->89829 89834->89664 89835->89660 89836->89668 89837->89668 89838->89668 89839->89768 89840->89799 89841->89668 89842->89748 89843->89785 89844->89668 89845->89787 89846->89767 89847->89708 89848->89668 89849->89713 89850->89758 89851->89787 89852->89804 89853->89819 89854->89787 89855->89798 89856->89817 89857->89668 89858->89784 89859->89809 89860->89787 89861->89773 89862->89803 89863->89668 89864->89752 89865->89788 89866->89668 89867->89725 89868->89766 89869->89668 89870->89712 89871->89756 89872->89682 89873->89715 89874->89668 89875->89805 89876->89756 89877->89668 89878->89747 89879->89668 89880->89734 89881->89756 89882->89787 89883->89787 89884->89696 89885->89668 89886->89668 89887->89736 89888->89728 89889->89668 89890->89693 89891->89723 89892->89764 89893->89668 89899 4b64c7 GetDlgItem InvalidateRect 89894->89899 89896 4da46e 89900 4da42c 89896->89900 89898 4da47a GetDlgItem SendMessageW 89898->89830 89899->89896 89903 4d6057 89900->89903 89904 4d612a GetDlgItem SetWindowPos 89903->89904 89905 4d606a 89903->89905 89904->89898 89906 4d607d 89905->89906 89907 4d6074 ShowWindow 89905->89907 89908 4d608d ??2@YAPAXI 89906->89908 89909 4d60ea SetWindowPos 89906->89909 89907->89906 89910 4d609c 89908->89910 89909->89904 89912 4d6122 89909->89912 89917 4a86d2 89910->89917 89929 4d49a9 SetFocus 89912->89929 89915 4d60d9 89915->89909 89928 4a7986 GetModuleHandleA LoadLibraryA GetProcAddress 89915->89928 89930 4a85c2 89917->89930 89920 4a86ef GetLastError 89921 4a86fc CreateDialogIndirectParamW 89920->89921 89922 4a874d GlobalFree 89921->89922 89923 4a8715 GetLastError 89921->89923 89922->89915 89924 4a872e 89923->89924 89925 4a8721 GetLastError 89923->89925 89926 4a8733 GetLastError 89924->89926 89927 4a8740 GetLastError 89924->89927 89925->89924 89926->89927 89927->89922 89928->89909 89929->89904 89931 4a85d8 89930->89931 89932 4a868c 89931->89932 89933 4a85e0 memset SystemParametersInfoW 73A1A570 89931->89933 89934 4a853f 8 API calls 89932->89934 89935 4a8626 MulDiv 89933->89935 89941 4a868a 89934->89941 89937 4a864d 89935->89937 89937->89937 89942 4a853f FindResourceA 89937->89942 89941->89920 89941->89921 89943 4a855a LoadResource 89942->89943 89944 4a8598 89942->89944 89943->89944 89945 4a8569 LockResource SizeofResource GlobalAlloc 89943->89945 89944->89941 89949 4a84ab memmove 89944->89949 89946 4a859c memcpy FreeResource 89945->89946 89947 4a8591 FreeResource 89945->89947 89948 4a85b7 89946->89948 89947->89944 89948->89944 89949->89941

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 0040C99D Relevance: 155.3, APIs: 23, Strings: 65, Instructions: 1299memoryfilethreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0042A00E: GetModuleHandleA.KERNEL32(kernel32.dll,?,?,?,?,0040C9B6), ref: 0042A01B
                                                                                                                                                                                • Part of subcall function 0042A00E: GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 0042A02F
                                                                                                                                                                                • Part of subcall function 0042A00E: GetProcAddress.KERNEL32(00000000,GetTickCount), ref: 0042A03C
                                                                                                                                                                                • Part of subcall function 0042A00E: QueryPerformanceCounter.KERNEL32(005C5488,?,?,?,?,0040C9B6), ref: 0042A048
                                                                                                                                                                                • Part of subcall function 0042A00E: QueryPerformanceFrequency.KERNEL32(0040C9B6,?,?,?,?,0040C9B6), ref: 0042A052
                                                                                                                                                                                • Part of subcall function 0042A00E: RtlInitializeCriticalSection.NTDLL(005C5470), ref: 0042A092
                                                                                                                                                                                • Part of subcall function 00429FAE: QueryPerformanceCounter.KERNEL32(?), ref: 00429FBB
                                                                                                                                                                                • Part of subcall function 00429FAE: GetCurrentProcessId.KERNEL32 ref: 00429FC1
                                                                                                                                                                                • Part of subcall function 00429FAE: GetTickCount.KERNEL32 ref: 00429FCA
                                                                                                                                                                                • Part of subcall function 00461A4D: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000004,?,?,?,0040C9C5), ref: 00461A5D
                                                                                                                                                                                • Part of subcall function 00461A4D: SetUnhandledExceptionFilter.KERNEL32(004F8890,?,?,?,0040C9C5), ref: 00461A9A
                                                                                                                                                                              • 73535D90.GDIPLUS(?,?,00000000), ref: 0040C9DF
                                                                                                                                                                              • exit.MSVCRT ref: 0040CA77
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0040CB43
                                                                                                                                                                                • Part of subcall function 00470342: ??2@YAPAXI@Z.MSVCRT ref: 0047034D
                                                                                                                                                                                • Part of subcall function 0040F0FA: memcpy.MSVCRT ref: 0040F163
                                                                                                                                                                              • _wtoi.MSVCRT ref: 0040CC8D
                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040CCB9
                                                                                                                                                                              • GetProcessHeap.KERNEL32(0041AE03,AUTOUPDATE), ref: 0040CD05
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0040CD19
                                                                                                                                                                              • _wtoi.MSVCRT ref: 0040D0DB
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040D162
                                                                                                                                                                                • Part of subcall function 0046DFE1: ??3@YAXPAX@Z.MSVCRT ref: 0046DFF8
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040D223
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,DOWNLOADINSTALL,LAUNCHBUNDLEDURLTYPE,LAUNCHBUNDLEDURL,HIDE,DIRECTORY,PAIR,BIGDUMP,UNINSTALL,NOINSTALL,recover,?,MINIMIZED,AUTOMATION), ref: 0040D2B3
                                                                                                                                                                                • Part of subcall function 00411ED6: GetTempPathW.KERNEL32(00000104,?,?,?), ref: 00411EF4
                                                                                                                                                                                • Part of subcall function 00411ED6: GetTempFileNameW.KERNEL32(00000000,utt,00000000,?,?,?), ref: 00411F0F
                                                                                                                                                                                • Part of subcall function 00411ED6: rand.MSVCRT ref: 00411F19
                                                                                                                                                                                • Part of subcall function 00411ED6: rand.MSVCRT ref: 00411F1F
                                                                                                                                                                              • 73A1A570.USER32(00000000,DOWNLOADINSTALL,LAUNCHBUNDLEDURLTYPE,LAUNCHBUNDLEDURL,HIDE,DIRECTORY,PAIR,BIGDUMP,UNINSTALL,NOINSTALL,recover,?,MINIMIZED,AUTOMATION), ref: 0040D2C2
                                                                                                                                                                              • _wtoi.MSVCRT ref: 0040D31D
                                                                                                                                                                              • _wtoi.MSVCRT ref: 0040D358
                                                                                                                                                                                • Part of subcall function 004169D0: Sleep.KERNEL32(000000C8,00000000,?,?,00000000,?,?,?,?,?,?,?,0041880B), ref: 00416A2A
                                                                                                                                                                                • Part of subcall function 004169D0: ExitProcess.KERNEL32 ref: 00416A6A
                                                                                                                                                                              • wcsstr.MSVCRT ref: 0040D558
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040D760
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(-00000004), ref: 0040D784
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040D793
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(-00000004), ref: 0040D7B1
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040D7C0
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(-00000004), ref: 0040D7DE
                                                                                                                                                                                • Part of subcall function 00407E0F: ??2@YAPAXI@Z.MSVCRT ref: 00407E1E
                                                                                                                                                                                • Part of subcall function 004C2092: CreateDirectoryW.KERNEL32(00000000,00000000,?,http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp,0040D8A0,?,74DEE7E0,00000000,?,0040D8A0,?,?,?,?,?,PERFORMINSTALL), ref: 004C2122
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040D9C0
                                                                                                                                                                                • Part of subcall function 00406021: GetModuleHandleA.KERNEL32(?), ref: 0040605A
                                                                                                                                                                                • Part of subcall function 00406021: GetCurrentProcess.KERNEL32(00000001), ref: 00406089
                                                                                                                                                                                • Part of subcall function 00406021: _strncoll.MSVCRT ref: 004060F5
                                                                                                                                                                                • Part of subcall function 00406021: atoi.MSVCRT ref: 00406105
                                                                                                                                                                                • Part of subcall function 00406021: GetModuleHandleA.KERNEL32(0052C6E8), ref: 00406176
                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 0040DA23
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$Process$_wtoi$CurrentHandleIncrementInterlockedModulePerformanceQuery$AddressCounterExitFileProcTemprand$73535??3@A570AllocCountCreateCriticalDeleteDirectoryErrorExceptionFilterForegroundFrequencyHeapInitializeModeNamePathSectionSleepThreadTickUnhandledVirtualWindow_strncollatoiexitmemcpywcsstr
                                                                                                                                                                              • String ID: [content %s]$(yZ$.btapp$.exe$/get_av$/get_codecs$/get_player$4823DF041B09$@nZ$AUTOMATION$AUTOUPDATE$Ads %s -- GdiPlus.dll %s$BIGDUMP$BRINGTOFRONT$C:\Users\user\AppData\Roaming\uTorrent$DIRECTORY$DOWNLOADINSTALL$DcW$End Args$FORCEUPDATE$Got Teredo Address: %V$HIDE$INSTALLDEBUG: /PERFORMINSTALL with flags [%d] and path [%s]$IPv6 is installed$LANG$LAUNCHBUNDLEDURL$LAUNCHBUNDLEDURLTYPE$LOG$Log file set to path:[%s]$MINIMIZED$NOINSTALL$NORUN$PAIR$PERFORMINSTALL$Process started$REMSETTINGS$STARTAPP$SetDllDirectoryA$Settings path: [%s]$Starting toolbar download (called with /DOWNLOADINSTALL)$TX\$UNINSTALL$Unknown$bitdefender.btinstall$bt.log$dht_feed.dat$disabled$enabled$failed to load$kernel32.dll$loaded$logfile$offer_urls$player.btinstall$prng$recover$share_offer_url$stdout$tcW$tcW$temp$transcode.btinstall$valid plus key, but not activated. Attempting activation...${CF59774A-CE9D-454D-AF29-1556367E1AC7}${E3DC5C2B-082C-4800-8C52-B9F655B94D2C}
                                                                                                                                                                              • API String ID: 1701509833-4219453069
                                                                                                                                                                              • Opcode ID: 354832f101603ec8594bab8fd353ae50014246c9466c0fd2359b50deddd15fd4
                                                                                                                                                                              • Instruction ID: ae6cdfef7a8dc5e35b9797ab0ffff25f65b4460c2633aaefd4aafd00ef298ef5
                                                                                                                                                                              • Opcode Fuzzy Hash: 354832f101603ec8594bab8fd353ae50014246c9466c0fd2359b50deddd15fd4
                                                                                                                                                                              • Instruction Fuzzy Hash: 0FA2E531A002049BDB14FFA6D892AAE37A5AF55308F14453FF806672D2DB7CDC49CB5A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046F48F Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 191encryptionCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1560 46f48f-46f4a9 call 46e424 1563 46f4ab-46f4b3 call 46e8c7 1560->1563 1564 46f4b8-46f4c7 1560->1564 1575 46f6b8-46f6ba 1563->1575 1566 46f512-46f518 1564->1566 1567 46f4c9-46f4d1 1564->1567 1568 46f6ae-46f6b7 call 46e8c7 1566->1568 1569 46f51e-46f53b CryptAcquireContextW 1566->1569 1567->1566 1571 46f4d3-46f4d9 1567->1571 1568->1575 1572 46f551-46f567 CryptGenKey 1569->1572 1573 46f53d-46f54b CryptAcquireContextW 1569->1573 1571->1568 1576 46f4df-46f503 PFXImportCertStore 1571->1576 1577 46f6a6-46f6a9 call 46e88c 1572->1577 1578 46f56d-46f59d CertOpenStore CertStrToNameW 1572->1578 1573->1572 1573->1577 1576->1569 1580 46f505-46f50d CertEnumCertificatesInStore 1576->1580 1577->1568 1582 46f5b1-46f626 call 41984e CertStrToNameW CertCreateSelfSignCertificate 1578->1582 1583 46f59f-46f5ac CertCloseStore 1578->1583 1580->1566 1586 46f64a-46f667 PFXExportCertStoreEx 1582->1586 1587 46f628-46f644 CertSetCRLContextProperty CertAddCertificateContextToStore 1582->1587 1583->1577 1588 46f698-46f69d 1586->1588 1589 46f669-46f693 call 41984e PFXExportCertStoreEx 1586->1589 1587->1586 1588->1577 1591 46f69f-46f6a1 call 419846 1588->1591 1589->1588 1591->1577
                                                                                                                                                                              APIs
                                                                                                                                                                              • PFXImportCertStore.CRYPT32(?,C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent,00001001), ref: 0046F4F6
                                                                                                                                                                              • CertEnumCertificatesInStore.CRYPT32(00000000,00000000), ref: 0046F507
                                                                                                                                                                              • CryptAcquireContextW.ADVAPI32(?,C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent,00000000,0000000C,00000000), ref: 0046F537
                                                                                                                                                                              • CryptAcquireContextW.ADVAPI32(?,C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent,00000000,0000000C,00000008), ref: 0046F547
                                                                                                                                                                              • CryptGenKey.ADVAPI32(?,00000001,00004001,?), ref: 0046F55F
                                                                                                                                                                              • CertOpenStore.CRYPT32(00000002,00010000,00000000,00002000,00000000), ref: 0046F57B
                                                                                                                                                                              • CertStrToNameW.CRYPT32(00000001,C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent,00000002,00000000,00000000,?,?), ref: 0046F595
                                                                                                                                                                              • CertCloseStore.CRYPT32(00000000), ref: 0046F5A6
                                                                                                                                                                                • Part of subcall function 0046E8C7: CryptReleaseContext.ADVAPI32(2E322E31,00000000,C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent,0046F6B6), ref: 0046E8DA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Cert$CryptStore$Context$Acquire$CertificatesCloseEnumImportNameOpenRelease
                                                                                                                                                                              • String ID: 1.2.840.113549.1.1.5$C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent$Microsoft RSA SChannel Cryptographic Provider$F
                                                                                                                                                                              • API String ID: 3751329819-1620403391
                                                                                                                                                                              • Opcode ID: eeabfe426aded59170f2d584459da7ef21f09d4099874c08163fea4ea61f22d1
                                                                                                                                                                              • Instruction ID: 7a112ec66485791d9be58a98b9cf2a69ca98ce87ebe74f8e967bd8bedfe3e699
                                                                                                                                                                              • Opcode Fuzzy Hash: eeabfe426aded59170f2d584459da7ef21f09d4099874c08163fea4ea61f22d1
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B615EB1900209AFEB10DF95ED85EEFBBBDEB58304F100026F602B6191E7755D489B65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043069F Relevance: 22.1, APIs: 6, Strings: 6, Instructions: 1115COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00407E0F: ??2@YAPAXI@Z.MSVCRT ref: 00407E1E
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00430F34
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00430F5F
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00430FA6
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00430FCB
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004313DA
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431402
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$??2@
                                                                                                                                                                              • String ID: Haven't heard from raptor in a long time, reconnecting$TX\$http://localhost$proxy = http://localhost:%d/proxy/0/; expires = %s GMT$X\$l+f
                                                                                                                                                                              • API String ID: 3569419432-2396046269
                                                                                                                                                                              • Opcode ID: ea141ee3865ec2d942c6ffe34f007a0a4515fe0b3660424fc080308ba5c78d8e
                                                                                                                                                                              • Instruction ID: 53ba79b514ad498119ec8a2a736d29cd12ecef0e290772c725086f8ce070e714
                                                                                                                                                                              • Opcode Fuzzy Hash: ea141ee3865ec2d942c6ffe34f007a0a4515fe0b3660424fc080308ba5c78d8e
                                                                                                                                                                              • Instruction Fuzzy Hash: BAA2BD70A00644CFDB14DFA5D8A1BAEB7B5FB68314F10526FE401A72A1D778AD89CF48
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004296E5 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,00455E16,00000000,00000000,?,?,?,?,?,00455E16,?,?,0040CEF2,NOINSTALL,recover,?), ref: 00429704
                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,00455E16,?,?,0040CEF2,NOINSTALL,recover,?,MINIMIZED,AUTOMATION), ref: 0042970B
                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeManageVolumePrivilege,?), ref: 0042971D
                                                                                                                                                                              • CloseHandle.KERNEL32(00455E16,?,?,?,?,?,00455E16,?,?,0040CEF2,NOINSTALL,recover,?,MINIMIZED,AUTOMATION), ref: 0042972A
                                                                                                                                                                              • AdjustTokenPrivileges.KERNELBASE(00455E16,00000000,?,00000000,00000000,00000000), ref: 00429747
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00429756
                                                                                                                                                                              • CloseHandle.KERNEL32(00455E16), ref: 0042975B
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00429766
                                                                                                                                                                              Strings
                                                                                                                                                                              • SeManageVolumePrivilege, xrefs: 00429719
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseErrorHandleLastProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                              • String ID: SeManageVolumePrivilege
                                                                                                                                                                              • API String ID: 3403152165-3912090408
                                                                                                                                                                              • Opcode ID: ea9ed5f4377238e4c56fad08022df22549ce407556f750a393d6ef7a838fe789
                                                                                                                                                                              • Instruction ID: 10d6499dad78eb5b8ff3a09072cf7e68199db45ca890f73d050a6dbac06bd57f
                                                                                                                                                                              • Opcode Fuzzy Hash: ea9ed5f4377238e4c56fad08022df22549ce407556f750a393d6ef7a838fe789
                                                                                                                                                                              • Instruction Fuzzy Hash: 99117031A00518EFDF209FA1AC49CAF7FBCEFA1701F500066F802E2110E7799E46EA65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A853F Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindResourceA.KERNEL32(00000009,00000000,00000005), ref: 004A854E
                                                                                                                                                                              • LoadResource.KERNEL32(00000009,00000000,00400000,?,00000009,?,004A869B,00000000,00000000,00400000,005A6D68), ref: 004A855D
                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,00000009,?,004A869B,00000000,00000000,00400000,005A6D68), ref: 004A856A
                                                                                                                                                                              • SizeofResource.KERNEL32(00000009,00000000,?,00000009,?,004A869B,00000000,00000000,00400000,005A6D68), ref: 004A8575
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00400000,?,00000009,?,004A869B,00000000,00000000,00400000,005A6D68), ref: 004A8585
                                                                                                                                                                              • FreeResource.KERNEL32(00000000,?,00000009,?,004A869B,00000000,00000000,00400000,005A6D68), ref: 004A8592
                                                                                                                                                                              • memcpy.MSVCRT ref: 004A85A1
                                                                                                                                                                              • FreeResource.KERNEL32(00000000,00000000,00400000,005A6D68), ref: 004A85AA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Resource$Free$AllocFindGlobalLoadLockSizeofmemcpy
                                                                                                                                                                              • String ID: hmZ
                                                                                                                                                                              • API String ID: 410902540-3798527626
                                                                                                                                                                              • Opcode ID: f59ea0f38f5253ac00c114c1c36c733f0ba0efed32bf50f089f6fc2d8badcd59
                                                                                                                                                                              • Instruction ID: d42af97b9ee860c9cf70553902afd14b3b7a68be67b00ae109e2226480cfcecf
                                                                                                                                                                              • Opcode Fuzzy Hash: f59ea0f38f5253ac00c114c1c36c733f0ba0efed32bf50f089f6fc2d8badcd59
                                                                                                                                                                              • Instruction Fuzzy Hash: 74019272600215BBE3115BA59C88D7B3BACDF7B7957040429F905D2311EFB4CD059764
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046E375 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetVersionExW.KERNEL32(?,00000000), ref: 0046E39D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Version
                                                                                                                                                                              • String ID: InitSecurityInterfaceA$Secur32.dll$Security.dll
                                                                                                                                                                              • API String ID: 1889659487-120424522
                                                                                                                                                                              • Opcode ID: 6c130efe1aac195195ced76b694b09264e576cba597f5c27825a459228de902f
                                                                                                                                                                              • Instruction ID: 4fc83b32f4a32393ce5ea039f13d7cfd6162f3990075f6a2f6c5a4344a4a7a40
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c130efe1aac195195ced76b694b09264e576cba597f5c27825a459228de902f
                                                                                                                                                                              • Instruction Fuzzy Hash: 1511EC359006389BDF31CE6658446EB77E95F66705F0000B3D905E7300FB76998A5AA7
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00522AA9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CryptAcquireContextW.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000020,00000000,00577ED0,00000000,?,00522B1E,005D2C80,005D2C80,0051A3E5,005D2C80), ref: 00522ACC
                                                                                                                                                                              • CryptAcquireContextW.ADVAPI32(00000000,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000028,?,00522B1E,005D2C80,005D2C80,0051A3E5,005D2C80), ref: 00522ADF
                                                                                                                                                                              • CryptGenRandom.ADVAPI32(00000000,0051A3E5,005D2C80,?,00522B1E,005D2C80,005D2C80,0051A3E5,005D2C80), ref: 00522AF3
                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00522B1E,005D2C80,005D2C80,0051A3E5,005D2C80), ref: 00522B03
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Crypt$Context$Acquire$RandomRelease
                                                                                                                                                                              • String ID: Microsoft Base Cryptographic Provider v1.0
                                                                                                                                                                              • API String ID: 685801729-291530887
                                                                                                                                                                              • Opcode ID: d0a440b36499202acfa6895660ac89447b14ae1248f327688ca66d526d2a19d2
                                                                                                                                                                              • Instruction ID: d5b387e807b04337c56690ed3eec3209eda65a77d6fddfb997f6116dead4adc8
                                                                                                                                                                              • Opcode Fuzzy Hash: d0a440b36499202acfa6895660ac89447b14ae1248f327688ca66d526d2a19d2
                                                                                                                                                                              • Instruction Fuzzy Hash: D2F0AF3A950228F7EF318A91ED09F8F7F6CFF46710F200021FA00B6090D7B19A05ABA0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004782BF Relevance: 4.5, APIs: 3, Instructions: 43libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(?,00000000,00000000,00000000,?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?), ref: 004782D7
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004782F1
                                                                                                                                                                              • GetLastError.KERNEL32(?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?,?,?,?,?), ref: 0047830B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressErrorLastLibraryLoadProc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3511525774-0
                                                                                                                                                                              • Opcode ID: 9351cdccaa905d6d54a045983d488eda403bfb2c224dc15f7e1d4c111e068ccf
                                                                                                                                                                              • Instruction ID: 6646597bba1181403a480278d86ba72271fb543acbce25abb46107cf1c053dc0
                                                                                                                                                                              • Opcode Fuzzy Hash: 9351cdccaa905d6d54a045983d488eda403bfb2c224dc15f7e1d4c111e068ccf
                                                                                                                                                                              • Instruction Fuzzy Hash: 17F0F9350C56415BDB220F28D80C7E77B989F57755F18844FD88943302CA395847C76D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041A6AB Relevance: 3.1, APIs: 2, Instructions: 56networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSARecv.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 0041A70F
                                                                                                                                                                              • WSASetLastError.WS2_32(0000277B), ref: 0041A7B5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastRecv
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 904507345-0
                                                                                                                                                                              • Opcode ID: 186740367f9124f02f6bc333d3d147697af8e213b45fd81f473c47d24c5b8f94
                                                                                                                                                                              • Instruction ID: 0b47c9a83373dec3ab5f2d15a48eb257141c0005c672be62b79db05e3ab882ab
                                                                                                                                                                              • Opcode Fuzzy Hash: 186740367f9124f02f6bc333d3d147697af8e213b45fd81f473c47d24c5b8f94
                                                                                                                                                                              • Instruction Fuzzy Hash: AF215B75901258EFDB218F58CC09BDEBBB4FB09721F10429AF574A62D0C3B89A90CF65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00461A4D Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000004,?,?,?,0040C9C5), ref: 00461A5D
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(004F8890,?,?,?,0040C9C5), ref: 00461A9A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocExceptionFilterUnhandledVirtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2550930513-0
                                                                                                                                                                              • Opcode ID: d33b11514ad4a4d738373ac5def654a78f10e98f87cd2527a08961ad794ca84e
                                                                                                                                                                              • Instruction ID: b65303b69d1c0922816f0c17e11e73be74e5821dce4d3fe1277d446dfd9ac170
                                                                                                                                                                              • Opcode Fuzzy Hash: d33b11514ad4a4d738373ac5def654a78f10e98f87cd2527a08961ad794ca84e
                                                                                                                                                                              • Instruction Fuzzy Hash: 57F015B9652600EFE3118F64EC4CF563BB8F756361F164025F6098B2A0C7B5A80AEB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00411A5D Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00411A70
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DiskFreeSpace
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1705453755-0
                                                                                                                                                                              • Opcode ID: 57a41578f134598a40cfd9b717acecf7630b8ac03ef1b2d707c93bb5fec73d5a
                                                                                                                                                                              • Instruction ID: f426c13a4408bba5ff27a521e06f41a6bde6d8aaaeb408f4e77b1f13762dd3b5
                                                                                                                                                                              • Opcode Fuzzy Hash: 57a41578f134598a40cfd9b717acecf7630b8ac03ef1b2d707c93bb5fec73d5a
                                                                                                                                                                              • Instruction Fuzzy Hash: 5BE0127560010EAB9B10DBA8DC41CEF77BDAE44258F144356A511E2180E770EA468790
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B98D3 Relevance: 61.8, APIs: 1, Strings: 40, Instructions: 267COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}, xrefs: 004B994E
                                                                                                                                                                              • {88c7f2aa-f93f-432c-8f0e-b7d85967a527}, xrefs: 004B9939
                                                                                                                                                                              • {656461ef-40f6-4115-9ff1-bced9812ccbb}, xrefs: 004B9971
                                                                                                                                                                              • SOFTWARE\AppDataLow\Software\%s\toolbar\IE5, xrefs: 004B9A6A
                                                                                                                                                                              • {49C795C2-604A-4D18-AEB1-B3EBA27E5EA2}, xrefs: 004B98F8
                                                                                                                                                                              • {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}, xrefs: 004B9955
                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\Ext\Settings\%s, xrefs: 004B9B14
                                                                                                                                                                              • {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, xrefs: 004B9985
                                                                                                                                                                              • {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}, xrefs: 004B98FD
                                                                                                                                                                              • {87775fdb-6972-41f9-ae51-8326e38cb206}, xrefs: 004B99AF
                                                                                                                                                                              • {03ea5b10-2efa-4311-ac10-04427b02d663}, xrefs: 004B99BD
                                                                                                                                                                              • default_offer: %d GetActiveToolbarName: %s, xrefs: 004B99D8, 004B9AE6, 004B9B64, 004B9BC4, 004B9C1D
                                                                                                                                                                              • GetConduitInstalledState: Found key: HKEY_CLASSES_ROOT %S, xrefs: 004B9BDF
                                                                                                                                                                              • {c840e246-6b95-475e-9bd7-caa1c7eca9f2}, xrefs: 004B99A1
                                                                                                                                                                              • {e9df9360-97f8-4690-afe6-996c80790da4}, xrefs: 004B99C4
                                                                                                                                                                              • {e0301295-ab3e-4af3-979f-3d453c5f9f48}, xrefs: 004B99A8
                                                                                                                                                                              • {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}, xrefs: 004B999A
                                                                                                                                                                              • {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}, xrefs: 004B9993
                                                                                                                                                                              • {29acf17c-1713-4286-8f40-bfd05f1e70c8}, xrefs: 004B995C
                                                                                                                                                                              • {181f104b-b000-4010-bb18-41b8205f774d}, xrefs: 004B99B6
                                                                                                                                                                              • {ef79f67a-6ad7-4715-a0f8-932fca442023}, xrefs: 004B9947
                                                                                                                                                                              • GetConduitInstalledState: Found key: HKEY_LOCAL_MACHINE %S, xrefs: 004B9B01
                                                                                                                                                                              • {6DA66498-839A-42A7-8324-FF7D2A532835}, xrefs: 004B9912
                                                                                                                                                                              • SOFTWARE\Conduit\Platforms\%s, xrefs: 004B9A23
                                                                                                                                                                              • Flags, xrefs: 004B9B24
                                                                                                                                                                              • {ad06fb5f-fef7-4a84-8c58-dca34f8e3d36}, xrefs: 004B9940
                                                                                                                                                                              • Visible, xrefs: 004B9A7C
                                                                                                                                                                              • {7b6de06c-7013-4a87-957e-d27d7b977d21}, xrefs: 004B9963
                                                                                                                                                                              • {1fd59ce2-6236-467c-9539-3d8c93fea5e0}, xrefs: 004B9978
                                                                                                                                                                              • Name, xrefs: 004B9A35
                                                                                                                                                                              • CLSID\%s, xrefs: 004B99E7
                                                                                                                                                                              • {4E871705-D1F3-49D9-814F-1E46E85986B0}, xrefs: 004B98DE
                                                                                                                                                                              • GetConduitInstalledState: HKEY_LOCAL_MACHINE %S = %d, xrefs: 004B9B82
                                                                                                                                                                              • toolbar.log, xrefs: 004B99DD, 004B9AE7, 004B9B06, 004B9B65, 004B9B87, 004B9BC5, 004B9BE4, 004B9C1E, 004B9C51
                                                                                                                                                                              • {2d8d9acc-f6d7-4362-8876-a275ca929591}, xrefs: 004B996A
                                                                                                                                                                              • GetConduitInstalledState: installed=%d visible=%d enabled=%d, xrefs: 004B9C4C
                                                                                                                                                                              • {5BA8E555-8C08-4CC8-80E6-1F8CDD26AE3A}, xrefs: 004B9902
                                                                                                                                                                              • {db131c55-60c8-4adc-84dc-9e76ab06e2dc}, xrefs: 004B998C
                                                                                                                                                                              • true, xrefs: 004B9AA5
                                                                                                                                                                              • {7473B6BD-4691-4744-A82B-7854EB3D70B6}, xrefs: 004B990D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcsicmp
                                                                                                                                                                              • String ID: CLSID\%s$Flags$GetConduitInstalledState: Found key: HKEY_CLASSES_ROOT %S$GetConduitInstalledState: Found key: HKEY_LOCAL_MACHINE %S$GetConduitInstalledState: HKEY_LOCAL_MACHINE %S = %d$GetConduitInstalledState: installed=%d visible=%d enabled=%d$Name$SOFTWARE\AppDataLow\Software\%s\toolbar\IE5$SOFTWARE\Conduit\Platforms\%s$Software\Microsoft\Windows\CurrentVersion\Ext\Settings\%s$Visible$default_offer: %d GetActiveToolbarName: %s$toolbar.log$true${03ea5b10-2efa-4311-ac10-04427b02d663}${05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}${181f104b-b000-4010-bb18-41b8205f774d}${1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}${1fd59ce2-6236-467c-9539-3d8c93fea5e0}${29acf17c-1713-4286-8f40-bfd05f1e70c8}${2d8d9acc-f6d7-4362-8876-a275ca929591}${49C795C2-604A-4D18-AEB1-B3EBA27E5EA2}${4E871705-D1F3-49D9-814F-1E46E85986B0}${4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}${5BA8E555-8C08-4CC8-80E6-1F8CDD26AE3A}${64ead72b-ffd4-4e01-aa3a-4c71665d73e4}${656461ef-40f6-4115-9ff1-bced9812ccbb}${6DA66498-839A-42A7-8324-FF7D2A532835}${7473B6BD-4691-4744-A82B-7854EB3D70B6}${7b6de06c-7013-4a87-957e-d27d7b977d21}${87775fdb-6972-41f9-ae51-8326e38cb206}${88c7f2aa-f93f-432c-8f0e-b7d85967a527}${B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}${ad06fb5f-fef7-4a84-8c58-dca34f8e3d36}${bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}${c840e246-6b95-475e-9bd7-caa1c7eca9f2}${db131c55-60c8-4adc-84dc-9e76ab06e2dc}${e0301295-ab3e-4af3-979f-3d453c5f9f48}${e9df9360-97f8-4690-afe6-996c80790da4}${ef79f67a-6ad7-4715-a0f8-932fca442023}
                                                                                                                                                                              • API String ID: 2081463915-2336398388
                                                                                                                                                                              • Opcode ID: 807ed0771f9ce5904274916dbf4dd0153db91152db32c2ab2543f99d959b2794
                                                                                                                                                                              • Instruction ID: 8e56e3f626325eb58cfdffc819ef5bd34254b0e6994732cd169077aa64331a75
                                                                                                                                                                              • Opcode Fuzzy Hash: 807ed0771f9ce5904274916dbf4dd0153db91152db32c2ab2543f99d959b2794
                                                                                                                                                                              • Instruction Fuzzy Hash: 07A1A47190424CABDB04EFA5DC469DE3FE8BF15308F40446EFC14A7292EB799A08C7A5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004C26AA Relevance: 58.3, APIs: 13, Strings: 20, Instructions: 559synchronizationwindowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 846 4c26aa-4c26eb call 40307b call 4b80b4 851 4c26ed-4c26f0 call 4bc389 846->851 852 4c271a-4c2726 call 45a909 846->852 855 4c26f5-4c2718 call 40e21c call 405483 call 40dea5 851->855 858 4c272b-4c2732 852->858 855->858 859 4c2748-4c2793 call 40e828 call 40e21c call 472875 call 40e21c GetModuleFileNameW 858->859 860 4c2734-4c2745 call 41529d 858->860 876 4c2796-4c279e 859->876 876->876 877 4c27a0-4c27bf _wcsnicmp 876->877 878 4c27dd-4c27f3 _wcsicmp 877->878 879 4c27c1-4c27d7 _wcsicmp 877->879 880 4c27f9-4c2859 call 472dce GetVolumeInformationW call 40e828 call 40e21c call 40dea5 878->880 881 4c27f5 878->881 879->878 882 4c27d9 879->882 891 4c285b-4c285d 880->891 892 4c2863-4c2884 call 4b8aa7 call 40e216 call 4b6900 880->892 881->880 882->878 891->892 893 4c285f 891->893 900 4c28c9-4c28d3 892->900 901 4c2886-4c288e 892->901 893->892 902 4c290d-4c2936 call 40e828 call 40e21c call 40dea5 900->902 903 4c28d5 call 4b68a1 900->903 901->900 904 4c2890-4c28a0 call 40e828 901->904 927 4c293c call 429775 902->927 928 4c2b11-4c2b18 902->928 909 4c28da-4c28dc 903->909 914 4c28a3-4c28c2 call 40e21c call 40dea5 call 4523bd call 40dea5 904->914 912 4c28de 909->912 913 4c28f0-4c28fa 909->913 916 4c28e3-4c28ee call 40e828 912->916 913->902 918 4c28fc-4c28ff 913->918 914->900 916->914 918->902 922 4c2901-4c2904 918->922 922->902 926 4c2906-4c290b 922->926 926->916 934 4c2941-4c2943 927->934 931 4c2b1a-4c2b5d PostMessageW call 416487 928->931 932 4c2b62-4c2b67 928->932 931->932 936 4c2b69-4c2b70 call 448c17 932->936 937 4c2bb4 call 4b68a1 932->937 934->928 939 4c2949-4c2953 934->939 947 4c2ba8-4c2baf 936->947 948 4c2b72-4c2b76 936->948 945 4c2bb9-4c2bbb 937->945 939->928 944 4c2959-4c2960 939->944 949 4c2975-4c29c5 GetModuleFileNameW call 4b6939 call 40e828 944->949 950 4c2962-4c296f ReleaseMutex CloseHandle 944->950 951 4c2c79-4c2c7c 945->951 952 4c2bc1-4c2bc8 call 403653 945->952 954 4c2c93-4c2ccb call 40e828 call 40e21c call 40dea5 call 4c24ee 947->954 953 4c2b78-4c2b8a call 4c1f2b 948->953 974 4c29c7-4c29d1 949->974 975 4c29d3-4c29d5 949->975 950->949 951->954 955 4c2c7e-4c2c85 951->955 967 4c2bce-4c2bd1 952->967 968 4c2c51-4c2c77 call 40e828 call 40e21c call 40dea5 952->968 953->954 970 4c2b90-4c2ba3 call 4bd56b 953->970 1004 4c2cd0-4c2cf4 call 4bd56b 954->1004 955->954 959 4c2c87-4c2c8a 955->959 959->954 965 4c2c8c 959->965 965->954 967->968 973 4c2bd3-4c2bdd 967->973 968->954 993 4c2afc-4c2b0c call 4523bd call 40dea5 970->993 976 4c2bed-4c2c36 call 40e828 call 40e241 call 40dea5 call 40e21c call 472875 call 40e21c 973->976 977 4c2bdf-4c2be2 973->977 974->975 981 4c29d7-4c29df call 40e21c 974->981 983 4c29e1-4c29e6 975->983 1041 4c2c38-4c2c3b 976->1041 1042 4c2c47-4c2c4c 976->1042 977->976 982 4c2be4-4c2be7 977->982 981->983 982->954 982->976 991 4c29e8-4c29f2 983->991 992 4c29f4-4c29f6 983->992 991->992 999 4c29f8-4c29fb call 40e21c 991->999 1000 4c2a00-4c2a78 call 40e828 call 40e21c call 40e828 call 40e21c call 40dea5 call 40e21c call 4bbe6c call 4bd56b 992->1000 993->928 999->1000 1067 4c2a7a-4c2abe call 416893 call 40e21c call 45a909 call 40dea5 call 4187c1 call 417fc1 1000->1067 1068 4c2ac3-4c2af7 call 40e828 call 40e21c call 40dea5 * 4 1000->1068 1017 4c2d09-4c2d0c 1004->1017 1018 4c2cf6-4c2d03 ReleaseMutex CloseHandle 1004->1018 1021 4c2d0e-4c2d14 1017->1021 1022 4c2d16-4c2d34 GetModuleFileNameW call 44d8e1 1017->1022 1018->1017 1021->1022 1026 4c2d39-4c2d40 call 429775 1021->1026 1022->1026 1034 4c2da8-4c2de7 call 4277ff call 472dce GetVolumeInformationW call 417fc1 1026->1034 1035 4c2d42-4c2d4c 1026->1035 1059 4c2dec call 4b80e2 1034->1059 1035->1034 1038 4c2d4e-4c2d55 1035->1038 1038->1034 1045 4c2d57-4c2d5e 1038->1045 1043 4c2c3d-4c2c40 1041->1043 1044 4c2c42-4c2c45 1041->1044 1042->953 1043->1042 1043->1044 1044->965 1044->1042 1049 4c2d6e-4c2da6 call 41640e call 416449 call 4b69da 1045->1049 1050 4c2d60-4c2d69 call 41640e 1045->1050 1049->1059 1050->1049 1065 4c2df1 1059->1065 1065->1065 1067->1068 1068->993
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0040307B: ??2@YAPAXI@Z.MSVCRT ref: 0040308D
                                                                                                                                                                                • Part of subcall function 0040307B: memset.MSVCRT ref: 004030A2
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00000104,?,00000000,00000000,00000000), ref: 004C2787
                                                                                                                                                                              • _wcsnicmp.MSVCRT ref: 004C27B5
                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 004C27CE
                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 004C27EA
                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00000104,00000000,00000000,00000000,00000000,00000000,00000006,?,?,?,00000000,00000000,00000000), ref: 004C2820
                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000524,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004C2963
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004C296F
                                                                                                                                                                              • PostMessageW.USER32(00008004,00000134,00000100), ref: 004C2B43
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004C2982
                                                                                                                                                                                • Part of subcall function 004B68A1: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 004B68B9
                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000524,00000000,00000000,00000000,00000000,00000000,?,0040D538), ref: 004C2CF7
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004C2D03
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00000104,00000000,00000000,00000000,00000000,00000000,?,0040D538), ref: 004C2D28
                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00000104,005A777C,00000000,00000000,00000000,00000000,00000006), ref: 004C2DE1
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s%s, xrefs: 004C2A05
                                                                                                                                                                              • INSTALLDEBUG: GetSilentInstallMode() || isSilent, xrefs: 004C2C54
                                                                                                                                                                              • \uTorrent.exe, xrefs: 004C27C8
                                                                                                                                                                              • INSTALLDEBUG: RunElevatedInstall(%s, %s), xrefs: 004C2A26
                                                                                                                                                                              • INSTALLDEBUG: FindInstallablePath Chosepath:[%s], xrefs: 004C2752
                                                                                                                                                                              • INSTALLDEBUG: Returning early. Installed version: %d, Our version: %d, xrefs: 004C2895
                                                                                                                                                                              • INSTALLDEBUG: Returning...installResult = (%d), xrefs: 004C2AC7
                                                                                                                                                                              • content_offer_url, xrefs: 004C2D61
                                                                                                                                                                              • /PERFORMINSTALL %d "%s" %u, xrefs: 004C29AD
                                                                                                                                                                              • INSTALLDEBUG: Returning early. Settings file exists in the module path., xrefs: 004C28DE
                                                                                                                                                                              • INSTALLDEBUG: Volume: %s, Drive: %s, xrefs: 004C2834
                                                                                                                                                                              • INSTALLDEBUG: running from installed path = %d running from different drive = %d, xrefs: 004C2BFA
                                                                                                                                                                              • l+f, xrefs: 004C2AA0, 004C2B1A
                                                                                                                                                                              • auto_start, xrefs: 004C2D8A
                                                                                                                                                                              • last_install_time, xrefs: 004C2B58
                                                                                                                                                                              • C:\Users\user\AppData\Roaming\uTorrent, xrefs: 004C2A89
                                                                                                                                                                              • exe_path, xrefs: 004C2D75
                                                                                                                                                                              • INSTALLDEBUG: DoInstall(%d, %s), xrefs: 004C2CA0
                                                                                                                                                                              • INSTALLDEBUG: Returning early. Some crazy set of version/temp/different drive nonsense, xrefs: 004C2906
                                                                                                                                                                              • INSTALLDEBUG: Check if we need to fork., xrefs: 004C2910
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileModuleName$CloseHandleInformationMutexReleaseVolume_wcsicmp$??2@MessagePost_wcsnicmpmemset
                                                                                                                                                                              • String ID: /PERFORMINSTALL %d "%s" %u$%s%s$C:\Users\user\AppData\Roaming\uTorrent$INSTALLDEBUG: Check if we need to fork.$INSTALLDEBUG: DoInstall(%d, %s)$INSTALLDEBUG: FindInstallablePath Chosepath:[%s]$INSTALLDEBUG: GetSilentInstallMode() || isSilent$INSTALLDEBUG: Returning early. Installed version: %d, Our version: %d$INSTALLDEBUG: Returning early. Settings file exists in the module path.$INSTALLDEBUG: Returning early. Some crazy set of version/temp/different drive nonsense$INSTALLDEBUG: Returning...installResult = (%d)$INSTALLDEBUG: RunElevatedInstall(%s, %s)$INSTALLDEBUG: Volume: %s, Drive: %s$INSTALLDEBUG: running from installed path = %d running from different drive = %d$\uTorrent.exe$auto_start$content_offer_url$exe_path$last_install_time$l+f
                                                                                                                                                                              • API String ID: 4027136290-391132582
                                                                                                                                                                              • Opcode ID: 8e5e36a177fddcc57d5a2991937be66b3b23981ee436c821a57fe93d18c5840a
                                                                                                                                                                              • Instruction ID: 849f1d7b55e4c175081b93b2b785aff2607089f415fc33fc2df0407ae3b1260a
                                                                                                                                                                              • Opcode Fuzzy Hash: 8e5e36a177fddcc57d5a2991937be66b3b23981ee436c821a57fe93d18c5840a
                                                                                                                                                                              • Instruction Fuzzy Hash: 3212B375900209AADF14FFA1DD82EEE7778AF24304F04446FF401A7192EBB99E59CB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BD10C Relevance: 49.3, APIs: 20, Strings: 8, Instructions: 332stringCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1092 4bd10c-4bd170 memset call 407e4c GetModuleFileNameW call 45a909 wcsrchr 1097 4bd178-4bd17a 1092->1097 1098 4bd172 1092->1098 1099 4bd18a-4bd18d 1097->1099 1098->1097 1100 4bd18f-4bd19d wcschr 1099->1100 1101 4bd17c-4bd180 1099->1101 1104 4bd2d8-4bd2f0 call 41215b 1100->1104 1105 4bd1a3-4bd1b1 wcsrchr 1100->1105 1102 4bd188-4bd189 1101->1102 1103 4bd182-4bd185 1101->1103 1102->1099 1103->1102 1114 4bd303-4bd334 call 46b6d4 call 46b5f3 FindCloseChangeNotification 1104->1114 1115 4bd2f2-4bd2fe GetLastError 1104->1115 1107 4bd1b8-4bd1cf wcschr 1105->1107 1108 4bd1b3-4bd1b5 1105->1108 1109 4bd1e3 1107->1109 1110 4bd1d1-4bd1e1 call 427cb2 1107->1110 1108->1107 1113 4bd1e5-4bd1eb 1109->1113 1110->1113 1117 4bd1ee-4bd1f3 1113->1117 1131 4bd4db-4bd4e2 GetLastError 1114->1131 1132 4bd33a-4bd33d 1114->1132 1118 4bd4e7-4bd4ec call 472875 1115->1118 1117->1117 1120 4bd1f5-4bd226 call 41247e strncat strchr 1117->1120 1127 4bd4ef-4bd4ff 1118->1127 1129 4bd22a-4bd232 1120->1129 1130 4bd228 1120->1130 1134 4bd251-4bd258 1129->1134 1135 4bd234-4bd245 isdigit 1129->1135 1130->1129 1131->1118 1132->1131 1133 4bd343-4bd356 call 4286f2 1132->1133 1144 4bd369-4bd38b call 412438 call 428994 call 42875e 1133->1144 1145 4bd358-4bd364 GetLastError 1133->1145 1138 4bd25a-4bd2cb call 44d76d call 412438 call 40e1f6 call 427e42 call 40e1f6 call 40e21c call 40e1f6 call 408a62 call 40dea5 * 3 1134->1138 1139 4bd2d0-4bd2d3 call 40dded 1134->1139 1135->1134 1137 4bd247-4bd24f 1135->1137 1137->1134 1137->1135 1138->1139 1139->1104 1159 4bd39e-4bd3d8 call 427c69 call 419846 call 427e22 1144->1159 1160 4bd38d-4bd399 GetLastError 1144->1160 1145->1118 1173 4bd4c0-4bd4cb sscanf 1159->1173 1160->1118 1175 4bd3dd-4bd3ee strchr 1173->1175 1176 4bd4d1-4bd4d9 call 40dded 1173->1176 1175->1176 1180 4bd3f4-4bd400 isspace 1175->1180 1176->1127 1183 4bd402-4bd40f isspace 1180->1183 1184 4bd414-4bd42f _strncoll 1180->1184 1183->1183 1186 4bd411 1183->1186 1187 4bd43a-4bd451 _strncoll 1184->1187 1188 4bd431-4bd437 1184->1188 1186->1184 1190 4bd453 1187->1190 1191 4bd456-4bd4bf call 412438 call 40e1f6 call 412438 call 40e1f6 call 4033f7 call 4bcca8 call 40dea5 * 4 1187->1191 1188->1187 1190->1191 1191->1173
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 004BD127
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 004BD146
                                                                                                                                                                              • wcsrchr.MSVCRT ref: 004BD167
                                                                                                                                                                              • wcschr.MSVCRT ref: 004BD192
                                                                                                                                                                              • wcsrchr.MSVCRT ref: 004BD1A8
                                                                                                                                                                              • wcschr.MSVCRT ref: 004BD1BB
                                                                                                                                                                              • strncat.MSVCRT ref: 004BD20E
                                                                                                                                                                              • strchr.MSVCRT ref: 004BD21C
                                                                                                                                                                              • isdigit.MSVCRT ref: 004BD23D
                                                                                                                                                                              • GetLastError.KERNEL32(00000080,?,?,00000000), ref: 004BD2F2
                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000,000000FF,00000000,00000080,?,?,00000000), ref: 004BD329
                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,00000000), ref: 004BD358
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,00000000), ref: 004BD38D
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 004BD4DB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$wcschrwcsrchr$ChangeCloseFileFindModuleNameNotificationisdigitmemsetstrchrstrncat
                                                                                                                                                                              • String ID: %s %s$GetBundledURL: MyOpenFile failed; GLE:%d$GetBundledURL: mangled zip GLE:%d$GetBundledURL: no bundled url file GLE:%d$GetBundledURL: no bundled zip file GLE:%d$bundled_url$launch:$type:
                                                                                                                                                                              • API String ID: 591622432-2427874313
                                                                                                                                                                              • Opcode ID: cfb70bcf7705d0977401e986e8fc9fe658edd9b75d458ebd8af72611a1b61921
                                                                                                                                                                              • Instruction ID: f1996910b7f7cad8fc84800e7870099525f855d55c3d6bf0449c20ec2ad97cfa
                                                                                                                                                                              • Opcode Fuzzy Hash: cfb70bcf7705d0977401e986e8fc9fe658edd9b75d458ebd8af72611a1b61921
                                                                                                                                                                              • Instruction Fuzzy Hash: 56B10372D00159AADB14FBA5CC829EF77B8EF15304F1045AFF402A7181FE385A49CBA9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BFE1B Relevance: 44.0, APIs: 4, Strings: 21, Instructions: 264sleepstringCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • strncpy.MSVCRT ref: 004BFE4A
                                                                                                                                                                                • Part of subcall function 00429CF1: memset.MSVCRT ref: 00429D1D
                                                                                                                                                                                • Part of subcall function 00429CF1: memset.MSVCRT ref: 00429D34
                                                                                                                                                                                • Part of subcall function 00429CF1: memset.MSVCRT ref: 00429D4B
                                                                                                                                                                                • Part of subcall function 0046E196: fopen.MSVCRT ref: 0046E1CC
                                                                                                                                                                                • Part of subcall function 0046E196: GetCurrentProcessId.KERNEL32(?,toolbar.log,?,toolbar.log,default_offer: %d GetActiveToolbarName: %s,00000000,00000000), ref: 0046E1D5
                                                                                                                                                                                • Part of subcall function 0046E196: GetCurrentThreadId.KERNEL32 ref: 0046E1DD
                                                                                                                                                                                • Part of subcall function 0046E196: fprintf.MSVCRT ref: 0046E209
                                                                                                                                                                                • Part of subcall function 0046E196: vfprintf.MSVCRT ref: 0046E221
                                                                                                                                                                                • Part of subcall function 0046E196: fprintf.MSVCRT ref: 0046E22C
                                                                                                                                                                                • Part of subcall function 0046E196: fflush.MSVCRT ref: 0046E232
                                                                                                                                                                                • Part of subcall function 0046E196: fclose.MSVCRT ref: 0046E238
                                                                                                                                                                              • GetVersion.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00010000,?,00000000), ref: 004BFF7B
                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000,TBRequestThread,00000000,00000000,Function_000BA8CB,00000000,00000000,?,?,?,?,?,?,0000000E,00000001), ref: 004C0138
                                                                                                                                                                              • Sleep.KERNEL32(000007D0,?,?,?,?,?,0000000E,00000001,?,?,?,?,?,?,?,00010000), ref: 004C0143
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memset$Currentfprintf$ChangeCloseFindNotificationProcessSleepThreadVersionfclosefflushfopenstrncpyvfprintf
                                                                                                                                                                              • String ID: RetrieveOffer %s$RetrieveOffer browser %S$TBRequestThread$au=%d$bu=%d$c=%U$cd=%d$cl=%s$db=%U$default_offer: %d GetActiveToolbarName: %s$h=%s$http://update.utorrent.com/installoffer.php$l=%U$svp=%d$tb=%d$toolbar.log$tsub=%d$uTorrent$v=%d$w64=%u$w=%X
                                                                                                                                                                              • API String ID: 1220842097-2147357184
                                                                                                                                                                              • Opcode ID: 0d2fd908f66b710448c39fe779a93b0f00aa7078f45f2ed7e67aa7a017b6cb36
                                                                                                                                                                              • Instruction ID: caed05509e3b0db6ae68f502257c2876348852a8568ef7613524c99c5af01d81
                                                                                                                                                                              • Opcode Fuzzy Hash: 0d2fd908f66b710448c39fe779a93b0f00aa7078f45f2ed7e67aa7a017b6cb36
                                                                                                                                                                              • Instruction Fuzzy Hash: CC91AE71A002089BDF15FFB6C8565EE3BE5BF50308F00482EF905A7292EB79990DCB95
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040C161 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 299windowtimesynchronizationCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1308 40c161-40c1b7 call 4137cc call 41247e CreateMutexA GetLastError 1313 40c535 1308->1313 1314 40c1bd-40c1c4 1308->1314 1316 40c537-40c53e 1313->1316 1314->1313 1315 40c1ca-40c1f9 CreateWindowExW call 4bd500 1314->1315 1319 40c1fc-40c1ff 1315->1319 1320 40c201-40c212 FindWindowW 1319->1320 1321 40c218-40c23f SendMessageTimeoutA 1319->1321 1320->1321 1322 40c474-40c47a 1320->1322 1323 40c241-40c249 GetLastError 1321->1323 1324 40c24b-40c252 1321->1324 1325 40c480-40c487 1322->1325 1326 40c52c-40c52f KiUserCallbackDispatcher 1322->1326 1323->1324 1327 40c27a-40c285 call 40e228 1323->1327 1324->1327 1328 40c254-40c274 call 4a8f3d SendMessageW 1324->1328 1330 40c493-40c494 1325->1330 1331 40c489-40c48d 1325->1331 1326->1313 1339 40c2c1-40c2d1 1327->1339 1340 40c287-40c2bf call 40e21c call 40e228 SendMessageTimeoutA 1327->1340 1328->1327 1335 40c504-40c50a 1330->1335 1336 40c496-40c4cc Sleep CloseHandle call 41247e CreateMutexA GetLastError 1330->1336 1331->1326 1331->1330 1337 40c500-40c502 1335->1337 1338 40c50c-40c52a call 4a8f3d 1335->1338 1336->1319 1337->1316 1338->1337 1345 40c2d7-40c2df 1339->1345 1346 40c379-40c397 call 4c34cf 1339->1346 1340->1339 1350 40c2e1-40c325 call 40e1f6 call 4033f7 call 4bcca8 call 40dea5 * 3 1345->1350 1351 40c327-40c32f 1345->1351 1358 40c4d1-40c4d5 1346->1358 1359 40c39d 1346->1359 1350->1351 1354 40c331-40c373 call 40e1f6 call 403427 call 4bcca8 call 40dea5 * 3 1351->1354 1355 40c375 1351->1355 1354->1355 1355->1346 1362 40c4e0-40c4fb PostMessageW call 407e4c call 40dded 1358->1362 1363 40c4d7-40c4da SetForegroundWindow 1358->1363 1364 40c39f-40c3a8 1359->1364 1362->1337 1363->1362 1367 40c44a-40c456 1364->1367 1368 40c3ae-40c3b4 1364->1368 1367->1364 1376 40c45c-40c45f 1367->1376 1373 40c3b6-40c3ba 1368->1373 1374 40c3ed-40c40d call 40e21c * 2 call 404e3e 1368->1374 1380 40c3c8-40c3eb call 40e21c call 419597 call 40e228 1373->1380 1381 40c3bc-40c3c6 1373->1381 1407 40c412-40c447 SendMessageTimeoutA 1374->1407 1376->1358 1383 40c461-40c46f call 407e4c call 40dded 1376->1383 1380->1407 1381->1374 1381->1380 1383->1322 1407->1367
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 0040C1A0
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000002), ref: 0040C1AB
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,EDIT,00533090,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040C1E3
                                                                                                                                                                              • FindWindowW.USER32(0058E9D0,00000000), ref: 0040C207
                                                                                                                                                                              • SendMessageTimeoutA.USER32(?,00008087,066171C6,00000000,00000001,00000FA0,?), ref: 0040C23B
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000002), ref: 0040C241
                                                                                                                                                                              • SendMessageW.USER32(?,00008087,00000000,00000000), ref: 0040C274
                                                                                                                                                                              • SendMessageTimeoutA.USER32(?,0000004A,?,?,00000001,00001388,?), ref: 0040C2BF
                                                                                                                                                                              • SendMessageTimeoutA.USER32(?,0000004A,?,?,00000001,00001388,?), ref: 0040C432
                                                                                                                                                                              • Sleep.KERNEL32(00000064,?,00000000,00000000,00000002), ref: 0040C498
                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,00000000,00000002), ref: 0040C4A4
                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 0040C4B8
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000002), ref: 0040C4C3
                                                                                                                                                                                • Part of subcall function 00404E3E: memset.MSVCRT ref: 00404EB6
                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 0040C4DA
                                                                                                                                                                              • PostMessageW.USER32(?,0000800C,00000000,00000000), ref: 0040C4EA
                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,00000002), ref: 0040C52F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$Send$CreateErrorLastTimeoutWindow$Mutex$CallbackCloseDispatcherFindForegroundHandlePostSleepUsermemset
                                                                                                                                                                              • String ID: EDIT$Local\%s$btapp
                                                                                                                                                                              • API String ID: 511935851-683778584
                                                                                                                                                                              • Opcode ID: 5cc9ece548efefa88c185f4778c292726d3896762bf79c938a67fd1c21016440
                                                                                                                                                                              • Instruction ID: 1390b5873693cebbe00773f71dd384492aa91c639ff46846c8056f5fe71b9d9c
                                                                                                                                                                              • Opcode Fuzzy Hash: 5cc9ece548efefa88c185f4778c292726d3896762bf79c938a67fd1c21016440
                                                                                                                                                                              • Instruction Fuzzy Hash: 8CB19F71500249EFDB24EFA1DC859EE3BA8FF25304F00453EF905A6291DB78A949DF94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AA4B7 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 288windowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1412 4aa4b7-4aa4d1 1413 4aa598-4aa5bb 1412->1413 1414 4aa4d7-4aa516 call 4168d2 call 40e21c call 4286f2 call 428994 call 4a96db 1412->1414 1416 4aa5bd-4aa5c0 1413->1416 1417 4aa610-4aa613 1413->1417 1476 4aa518-4aa53e call 4aa3cc call 40e21c call 4a9719 call 4a96f5 1414->1476 1477 4aa543-4aa556 call 419846 call 42875e 1414->1477 1416->1417 1421 4aa5c2-4aa5c7 1416->1421 1418 4aa68e-4aa6a2 GetObjectA 1417->1418 1419 4aa615-4aa618 1417->1419 1422 4aa6a8-4aa6ab 1418->1422 1423 4aa76e-4aa771 1418->1423 1424 4aa61a-4aa62e LoadBitmapA 1419->1424 1425 4aa630-4aa633 1419->1425 1421->1419 1427 4aa5c9-4aa5dc GetObjectA 1421->1427 1428 4aa6ad-4aa6b0 1422->1428 1429 4aa6d2-4aa709 GetObjectA SelectObject * 2 1422->1429 1430 4aa798-4aa7b9 1423->1430 1431 4aa773-4aa776 1423->1431 1432 4aa685-4aa688 1424->1432 1425->1418 1433 4aa635-4aa63a 1425->1433 1435 4aa5de-4aa5e0 1427->1435 1436 4aa5e7-4aa5ea 1427->1436 1428->1429 1437 4aa6b2-4aa6c4 call 4a9579 1428->1437 1467 4aa70b 1429->1467 1468 4aa70e-4aa72f 73A24D40 1429->1468 1466 4aa7c0-4aa7cb DeleteObject 1430->1466 1431->1430 1438 4aa778-4aa78a call 4a9579 1431->1438 1432->1418 1439 4aa7cd-4aa7d0 1432->1439 1433->1439 1440 4aa640-4aa670 call 4aa14b call 4a94b8 1433->1440 1435->1436 1442 4aa5e2-4aa5e5 1435->1442 1443 4aa5ec-4aa5f4 1436->1443 1444 4aa5f7-4aa5fd 1436->1444 1437->1429 1461 4aa6c6-4aa6cf DeleteObject 1437->1461 1438->1430 1462 4aa78c-4aa795 DeleteObject 1438->1462 1452 4aa7db 1439->1452 1453 4aa7d2-4aa7d5 DeleteObject 1439->1453 1440->1432 1471 4aa672-4aa680 call 4a94b8 1440->1471 1451 4aa5ff-4aa608 1442->1451 1443->1444 1444->1451 1454 4aa60a 1451->1454 1455 4aa60d 1451->1455 1460 4aa7dd-4aa7e1 1452->1460 1453->1452 1454->1455 1455->1417 1461->1429 1462->1430 1466->1460 1467->1468 1473 4aa731-4aa737 1468->1473 1474 4aa755-4aa768 DeleteDC * 2 DeleteObject 1468->1474 1471->1432 1478 4aa739 1473->1478 1479 4aa73c-4aa753 73A24D40 1473->1479 1474->1423 1476->1477 1489 4aa558-4aa574 call 4168d2 call 40e21c call 4a9719 1477->1489 1490 4aa589 1477->1490 1478->1479 1479->1474 1500 4aa579-4aa587 call 40dea5 1489->1500 1492 4aa590-4aa593 call 40dea5 1490->1492 1492->1413 1500->1490 1500->1492
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetObjectA.GDI32(?,00000018,?), ref: 004AA5D3
                                                                                                                                                                              • LoadBitmapA.USER32(00000000), ref: 004AA625
                                                                                                                                                                              • GetObjectA.GDI32(?,00000018,?), ref: 004AA69D
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004AA6C9
                                                                                                                                                                              • GetObjectA.GDI32(000000FF,00000018,?), ref: 004AA6DB
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004AA6F9
                                                                                                                                                                              • SelectObject.GDI32(000000FF,000000FF), ref: 004AA701
                                                                                                                                                                              • 73A24D40.GDI32(00404D41,00000000,00000000,?,?,000000FF,?,00000000,00CC0020), ref: 004AA72A
                                                                                                                                                                              • 73A24D40.GDI32(00404D41,?,00000000,?,?,000000FF,?,00000000,00CC0020), ref: 004AA753
                                                                                                                                                                              • DeleteDC.GDI32(000000FF), ref: 004AA75E
                                                                                                                                                                              • DeleteDC.GDI32(00404D41), ref: 004AA763
                                                                                                                                                                              • DeleteObject.GDI32(000000FF), ref: 004AA768
                                                                                                                                                                                • Part of subcall function 004AA3CC: fopen.MSVCRT ref: 004AA424
                                                                                                                                                                                • Part of subcall function 004AA3CC: fwrite.MSVCRT ref: 004AA43E
                                                                                                                                                                                • Part of subcall function 004AA3CC: fclose.MSVCRT ref: 004AA450
                                                                                                                                                                                • Part of subcall function 004A9719: LoadImageW.USER32(00000000,00000000,00000000,00000000,00000000,00002050), ref: 004A9736
                                                                                                                                                                                • Part of subcall function 004A96F5: DeleteFileW.KERNEL32(00000000,00000000,004AA543,AM@,00000000,?,?,00000000,00000000), ref: 004A9704
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004AA78F
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004AA7C3
                                                                                                                                                                              • DeleteObject.GDI32(000000FF), ref: 004AA7D5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Object$Delete$LoadSelect$BitmapFileImagefclosefopenfwrite
                                                                                                                                                                              • String ID: AM@$AM@$current.btskin
                                                                                                                                                                              • API String ID: 1206413562-2725758220
                                                                                                                                                                              • Opcode ID: e71e17d13832f5522705f41acb31ee6bbac9d39a448e682070802fa8c6feedec
                                                                                                                                                                              • Instruction ID: 320b7ccfb3a14e1990692152b348f0eb59efc0128e8537fa121df0dddd503ed8
                                                                                                                                                                              • Opcode Fuzzy Hash: e71e17d13832f5522705f41acb31ee6bbac9d39a448e682070802fa8c6feedec
                                                                                                                                                                              • Instruction Fuzzy Hash: 11B16671D00219EBCF11DFA5C8818EEBBB9FF69300F14806AE901A7250DB389E65DF95
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BD56B Relevance: 31.7, APIs: 4, Strings: 14, Instructions: 212COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1503 4bd56b-4bd59b call 4b98d3 * 2 1508 4bd59d 1503->1508 1509 4bd5a2-4bd60b call 488f6b call 4b2c79 call 40e0b6 call 413713 _getpid call 415982 1503->1509 1508->1509 1520 4bd60d-4bd616 call 414880 1509->1520 1521 4bd657-4bd7c5 GetVersion call 4bd500 memset 1509->1521 1520->1521 1528 4bd618-4bd625 call 414880 1520->1528 1526 4bd7c7 1521->1526 1527 4bd7d5-4bd7db 1521->1527 1529 4bd7cd-4bd7d3 1526->1529 1530 4bdbda-4bdc29 call 489741 InterlockedExchangeAdd call 4b6590 1527->1530 1531 4bd7e1 1527->1531 1535 4bd627-4bd652 call 41584e call 427db8 call 414880 1528->1535 1536 4bd654 1528->1536 1529->1527 1529->1529 1541 4bdc2e-4bdc58 call 40556a call 47b9ec 1530->1541 1531->1530 1535->1536 1536->1521 1550 4bdc5a call 4033b6 1541->1550 1551 4bdc5f-4bdc77 call 40dded call 40dea5 1541->1551 1550->1551 1557 4bdc79-4bdc7b call 419846 1551->1557 1558 4bdc80-4bdc81 1551->1558 1557->1558
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B98D3: _wcsicmp.MSVCRT ref: 004B9AAB
                                                                                                                                                                              • _getpid.MSVCRT(?,?,?,00000000), ref: 004BD5DA
                                                                                                                                                                              • GetVersion.KERNEL32(secondary_offers,?,?,?,00000000), ref: 004BD6B8
                                                                                                                                                                              • memset.MSVCRT ref: 004BD7B5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Version_getpid_wcsicmpmemset
                                                                                                                                                                              • String ID: %s,$au=%d$bu=%d$cl=%s$cmp=%d$h=%s$pid=%d$pr=%d$secondary_offers$uTorrent$v=%d$view=%s$w=%X$win32
                                                                                                                                                                              • API String ID: 3047051186-693828691
                                                                                                                                                                              • Opcode ID: 56b37c5512c6692bb8e805a9edf32e9af56af185de9be950a9670d6897f2714c
                                                                                                                                                                              • Instruction ID: 003dd512823d04560b14bdd555694207693bd47b99d79d94d0fc142be1d0e0c5
                                                                                                                                                                              • Opcode Fuzzy Hash: 56b37c5512c6692bb8e805a9edf32e9af56af185de9be950a9670d6897f2714c
                                                                                                                                                                              • Instruction Fuzzy Hash: E5816A71E002189BDF15EF68DC45AEEBBF5BF49304F1044AAE509B3281EB745A88CF95
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042BF07 Relevance: 28.4, APIs: 7, Strings: 9, Instructions: 440synchronizationnetworkCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1594 42bf07-42bf10 call 42b2c6 1596 42bf15-42bf28 WaitForSingleObject 1594->1596 1597 42bf2e-42bf43 call 431eef 1596->1597 1600 42bf55-42bf5a 1597->1600 1601 42bf45-42bf52 1597->1601 1602 42bf6c-42bf71 1600->1602 1603 42bf5c-42bf69 1600->1603 1601->1600 1604 42bf83-42bf85 1602->1604 1605 42bf73-42bf80 1602->1605 1603->1602 1606 42bf87-42bf8e 1604->1606 1607 42bf94-42bf9b 1604->1607 1605->1604 1606->1607 1608 42bfa1-42bfac 1607->1608 1609 42bf9d-42bf9f 1607->1609 1610 42bfb8-42bfc0 1608->1610 1611 42bfae 1608->1611 1609->1610 1612 42c0b1-42c0b7 1610->1612 1613 42bfc6-42bfc9 1610->1613 1611->1610 1615 42c0c7-42c0c9 1612->1615 1616 42c0b9-42c0c2 call 431f6d 1612->1616 1613->1612 1614 42bfcf-42bfd4 1613->1614 1614->1612 1619 42bfda-42bfdc 1614->1619 1617 42c468-42c46c 1615->1617 1618 42c0cf-42c0d2 1615->1618 1616->1615 1617->1596 1621 42c472-42c47c call 431f6d 1617->1621 1622 42c0d4-42c0e0 call 40dedb 1618->1622 1623 42c0f5-42c103 GetTickCount 1618->1623 1624 42c029-42c02e 1619->1624 1625 42bfde-42bfeb call 42b9d0 1619->1625 1621->1596 1622->1597 1642 42c0e6-42c0f0 call 431f6d 1622->1642 1628 42c113-42c115 1623->1628 1629 42c105-42c10e call 42bc78 1623->1629 1630 42c030-42c03d call 40e0b6 call 42ba35 1624->1630 1631 42c04a-42c059 call 40e0b6 call 42b969 1624->1631 1625->1612 1645 42bff1-42bff6 1625->1645 1638 42c1ea-42c1ec 1628->1638 1639 42c11b-42c12a call 42bc78 1628->1639 1654 42c431-42c442 GetTickCount 1629->1654 1630->1612 1680 42c03f-42c048 1630->1680 1631->1612 1674 42c05b-42c05f 1631->1674 1646 42c1f2-42c1f6 1638->1646 1647 42c27f-42c2af call 40e0b6 call 472875 call 42c9da 1638->1647 1661 42c14c-42c163 call 42b7d0 1639->1661 1662 42c12c-42c146 call 40e0b6 call 42b7d0 1639->1662 1642->1597 1649 42bff8-42c001 1645->1649 1650 42c00e-42c011 call 40dedb 1645->1650 1656 42c206-42c21e call 40e884 call 42be00 1646->1656 1657 42c1f8-42c201 call 431f6d 1646->1657 1708 42c2b1-42c2b5 1647->1708 1709 42c2bd 1647->1709 1649->1650 1659 42c003-42c00c call 40e0d6 1649->1659 1677 42c016-42c01c 1650->1677 1668 42c447-42c44c 1654->1668 1669 42c444 1654->1669 1700 42c220-42c229 call 431eef 1656->1700 1701 42c22e-42c232 1656->1701 1657->1656 1659->1677 1695 42c165-42c16d call 40e0d6 1661->1695 1696 42c16f call 40dedb 1661->1696 1662->1661 1705 42c148-42c14a 1662->1705 1678 42c454-42c459 1668->1678 1679 42c44e-42c451 1668->1679 1669->1668 1683 42c061-42c06a call 431f6d 1674->1683 1684 42c06f-42c087 call 42b4e7 1674->1684 1687 42c01f-42c024 1677->1687 1689 42c461 1678->1689 1690 42c45b-42c45e 1678->1690 1679->1678 1680->1687 1683->1684 1711 42c097-42c0ac 1684->1711 1712 42c089-42c092 call 431eef 1684->1712 1687->1604 1689->1617 1690->1689 1713 42c174-42c176 1695->1713 1696->1713 1700->1701 1701->1654 1707 42c238-42c244 ??2@YAPAXI@Z 1701->1707 1705->1695 1717 42c253 1707->1717 1718 42c246-42c251 call 40e216 1707->1718 1708->1709 1714 42c2b7-42c2bb 1708->1714 1715 42c2c4-42c2fb call 40e80a call 40e0b6 * 2 call 42b252 1709->1715 1711->1604 1712->1711 1719 42c182-42c189 1713->1719 1720 42c178-42c17b 1713->1720 1714->1715 1745 42c300-42c30b call 472875 1715->1745 1726 42c257-42c27a call 40e0d6 1717->1726 1718->1726 1722 42c1db-42c1e5 call 419846 1719->1722 1723 42c18b-42c195 ??2@YAPAXI@Z 1719->1723 1720->1719 1721 42c17d 1720->1721 1721->1719 1722->1654 1727 42c1a3 1723->1727 1728 42c197-42c1a1 call 42b328 1723->1728 1726->1654 1735 42c1a7-42c1d8 call 40e0d6 1727->1735 1728->1735 1735->1722 1748 42c338-42c348 ??2@YAPAXI@Z 1745->1748 1749 42c30d-42c318 WSAGetLastError 1745->1749 1752 42c34a-42c356 call 42b83e 1748->1752 1753 42c358 1748->1753 1750 42c321-42c333 call 4743d3 1749->1750 1751 42c31a 1749->1751 1761 42c429-42c42c call 40dea5 1750->1761 1751->1750 1754 42c35b-42c37f call 40deca call 40dedb 1752->1754 1753->1754 1765 42c382-42c386 1754->1765 1761->1654 1766 42c3c1-42c407 call 472875 call 42b4e7 1765->1766 1767 42c388-42c3bf call 47445f call 472875 1765->1767 1776 42c415-42c418 1766->1776 1777 42c409-42c413 call 42b688 1766->1777 1767->1765 1767->1766 1779 42c41b-42c41f 1776->1779 1777->1779 1779->1761 1781 42c421-42c424 call 42b288 1779->1781 1781->1761
                                                                                                                                                                              APIs
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(000000FF), ref: 0042BF28
                                                                                                                                                                                • Part of subcall function 00431EEF: RtlEnterCriticalSection.NTDLL(005C47C8), ref: 00431EFB
                                                                                                                                                                                • Part of subcall function 00431EEF: RtlEnterCriticalSection.NTDLL(005C595C), ref: 00431F07
                                                                                                                                                                                • Part of subcall function 00431EEF: GetCurrentThreadId.KERNEL32 ref: 00431F50
                                                                                                                                                                                • Part of subcall function 00431EEF: GetCurrentThreadId.KERNEL32 ref: 00431F5C
                                                                                                                                                                                • Part of subcall function 00431EEF: RtlLeaveCriticalSection.NTDLL(005C595C), ref: 00431F63
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0042C0F5
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0042C18D
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0042C23A
                                                                                                                                                                                • Part of subcall function 0042C9DA: WSAStringToAddressA.WS2_32(::1,00000017,00000000,?,0042C2AD), ref: 0042CA03
                                                                                                                                                                              • WSAGetLastError.WS2_32(00000000), ref: 0042C30D
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0042C340
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0042C431
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@CriticalSection$CountCurrentEnterThreadTick$AddressErrorLastLeaveObjectSingleStringWait
                                                                                                                                                                              • String ID: 4U\$4U\$4U\$4U\$4U\$4U\$4U\$4U\$l+f
                                                                                                                                                                              • API String ID: 459683583-4032542863
                                                                                                                                                                              • Opcode ID: 912f79b583e376750fbfb0982daa0a2a8b1abd34137ab82887cdcbdee7b37d79
                                                                                                                                                                              • Instruction ID: a8d4b0b2fc4b5675ac98d45a26ac7f06cb294e259897b71527eab6f990a4d488
                                                                                                                                                                              • Opcode Fuzzy Hash: 912f79b583e376750fbfb0982daa0a2a8b1abd34137ab82887cdcbdee7b37d79
                                                                                                                                                                              • Instruction Fuzzy Hash: AF02D271E00624CFCF15DFA5E881AAEBBB1AF58304F54405FE805AB392DB389945CF99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041DA60 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 195networkstringCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1783 41da60-41da8c call 41b984 call 4743d3 call 4123ec 1790 41da9a-41da9b call 47440e 1783->1790 1791 41da8e-41da98 call 474443 1783->1791 1795 41daa0-41dad4 call 4123ec call 41cd9d 1790->1795 1791->1795 1800 41dad6-41dae7 WSAGetLastError 1795->1800 1801 41daec-41daf3 1795->1801 1806 41dc99-41dc9d 1800->1806 1802 41daf5 1801->1802 1803 41daf9-41db0a call 41ae7d 1801->1803 1802->1803 1808 41db1d-41db26 call 41ae7d 1803->1808 1809 41db0c-41db1c 1803->1809 1812 41db31-41db4d setsockopt 1808->1812 1813 41db28-41db2b 1808->1813 1809->1808 1814 41db7b-41db89 call 41b1ae 1812->1814 1815 41db4f-41db76 _errno * 2 strerror call 472875 1812->1815 1813->1812 1816 41dbbb-41dc0b GetTickCount call 41aea3 connect 1813->1816 1814->1816 1823 41db8b-41dbb6 _errno * 2 strerror call 472875 1814->1823 1815->1800 1824 41dc53-41dc62 GetTickCount 1816->1824 1825 41dc0d-41dc18 WSAGetLastError 1816->1825 1823->1800 1826 41dc64 1824->1826 1827 41dc67-41dc6c 1824->1827 1829 41dc37-41dc51 call 41bc5b 1825->1829 1830 41dc1a-41dc1f 1825->1830 1826->1827 1832 41dc70-41dc88 call 41a3d6 call 41a218 1827->1832 1833 41dc6e 1827->1833 1840 41dc8d-41dc94 call 41a218 1829->1840 1830->1829 1834 41dc21-41dc35 1830->1834 1832->1840 1833->1832 1834->1840 1840->1806
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041B984: setsockopt.WS2_32(000000FF,0000FFFF,00000080,00000000,00000004), ref: 0041B9BB
                                                                                                                                                                              • WSAGetLastError.WS2_32(00000001,00000000,?,?,?,?, N\), ref: 0041DADB
                                                                                                                                                                              • setsockopt.WS2_32(000000FF,0000FFFF,00000004,?,00000004), ref: 0041DB44
                                                                                                                                                                              • _errno.MSVCRT ref: 0041DB4F
                                                                                                                                                                              • _errno.MSVCRT ref: 0041DB56
                                                                                                                                                                              • strerror.MSVCRT ref: 0041DB60
                                                                                                                                                                              • _errno.MSVCRT ref: 0041DB8B
                                                                                                                                                                              • _errno.MSVCRT ref: 0041DB92
                                                                                                                                                                              • strerror.MSVCRT ref: 0041DB9C
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0041DBD6
                                                                                                                                                                              • connect.WS2_32(000000FF,?,?), ref: 0041DC02
                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 0041DC0D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$ErrorLastsetsockoptstrerror$CountTickconnect
                                                                                                                                                                              • String ID: N\$8N\$8N\$N\
                                                                                                                                                                              • API String ID: 666995827-1140464666
                                                                                                                                                                              • Opcode ID: 24f8d3a98eeab120544e3d9e7408670c27192da50c5e89fb4b5c54f015854acb
                                                                                                                                                                              • Instruction ID: 8c19c4a1484dc525551c81c5f1b98a383ab9117d73f03c39dab48fd725778342
                                                                                                                                                                              • Opcode Fuzzy Hash: 24f8d3a98eeab120544e3d9e7408670c27192da50c5e89fb4b5c54f015854acb
                                                                                                                                                                              • Instruction Fuzzy Hash: 39612771A00104ABCF20EF75CC81BEE3B65AF55364F14466AF919AF2C1C7788984D7A9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045E880 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 164COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • _getpid.MSVCRT(00000000,?,?,00000000,00000000), ref: 0045E8FF
                                                                                                                                                                              • InterlockedExchangeAdd.KERNEL32(005CB320,00000001), ref: 0045EA71
                                                                                                                                                                                • Part of subcall function 00413E07: CloseHandle.KERNEL32(00000000,dtfun,00000000,00000000,Function_00002AB0,?,00000000,?,Function_00002AB0,?,00402DA7,00000000,00402E78,000006C2,?,00000000), ref: 00413E2E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseExchangeHandleInterlocked_getpid
                                                                                                                                                                              • String ID: &sz=%Lu$cl=%s$con=%u$dl=%u$dlurl=%U$dns=%u$error=%U$h=%s$ip=%s$k=%U$pid=%d$svp=%d$uTorrent$v=%d
                                                                                                                                                                              • API String ID: 2623150685-3432253222
                                                                                                                                                                              • Opcode ID: 85d0f5e06b8d3816a638103058fc0d5332096357d5391213596837b714f4ab40
                                                                                                                                                                              • Instruction ID: 4225282e217e7446ea74ab19d1f7587861de9e0bbc74fbb504a9ef191eb9fc8d
                                                                                                                                                                              • Opcode Fuzzy Hash: 85d0f5e06b8d3816a638103058fc0d5332096357d5391213596837b714f4ab40
                                                                                                                                                                              • Instruction Fuzzy Hash: CD613AB2A00308DFDB15DF68C8865DA7BF5FF48304F01892AF914AB251EB74E949CB90
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00455DB4 Relevance: 26.3, APIs: 4, Strings: 11, Instructions: 71libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1872 455db4-455e07 LoadLibraryW GetProcAddress call 42920d * 2 1877 455e09-455e11 call 4296e5 1872->1877 1878 455e1b-455e77 CreateEventA call 4320e8 * 4 GlobalMemoryStatus 1872->1878 1881 455e16 1877->1881 1889 455e80-455e8d 1878->1889 1890 455e79-455e7e 1878->1890 1881->1878 1891 455e91-455eb0 call 4327b6 call 4933b0 1889->1891 1892 455e8f 1889->1892 1890->1891 1892->1891
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(ntdll,066171C6,?,?,0040CEF2,NOINSTALL,recover,?,MINIMIZED,AUTOMATION), ref: 00455DC0
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NtSetInformationFile), ref: 00455DD1
                                                                                                                                                                                • Part of subcall function 0042920D: GetModuleHandleA.KERNEL32(rpcrt4.dll,?,?,0046C39B,?,?,?,?,?,0046C7D9), ref: 00429214
                                                                                                                                                                                • Part of subcall function 0042920D: LoadLibraryA.KERNEL32(rpcrt4.dll,?,?,?,?,0046C7D9), ref: 0042921F
                                                                                                                                                                                • Part of subcall function 0042920D: GetProcAddress.KERNEL32(00000000,UuidCreateSequential), ref: 0042922B
                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,0040CEF2,NOINSTALL,recover,?,MINIMIZED,AUTOMATION), ref: 00455E1F
                                                                                                                                                                              • GlobalMemoryStatus.KERNEL32(?), ref: 00455E6A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc$CreateEventGlobalHandleMemoryModuleStatus
                                                                                                                                                                              • String ID: NtSetInformationFile$SeManageVolumePrivilege$SetFileValidData$TryEnterCriticalSection$dio$dsm$kernel32$ntdll$total physical memory %Ld max disk cache %Ld$wcm$|\
                                                                                                                                                                              • API String ID: 3342207343-1299947479
                                                                                                                                                                              • Opcode ID: f0778f00a1ea3c1b031c37b80e72a709af603eac32c4cf542cedf641ce62c393
                                                                                                                                                                              • Instruction ID: a980b1daff0b1f58b58f0a8c9bf797f2e62dbeecef68d2caed8f4ba8c692f5ae
                                                                                                                                                                              • Opcode Fuzzy Hash: f0778f00a1ea3c1b031c37b80e72a709af603eac32c4cf542cedf641ce62c393
                                                                                                                                                                              • Instruction Fuzzy Hash: 6521C674A006105FDB1467E66C0AD7F3FAAFF69300F50442EF5029B391CA798849DBAA
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004187C1 Relevance: 24.6, APIs: 1, Strings: 15, Instructions: 575COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                              • memcpy.MSVCRT ref: 00418A77
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentThreadmemcpy
                                                                                                                                                                              • String ID: 0pZ$4pZ$8pZ$<pZ$<qZ$apps$channels$current.btskin$installs$minified$peakrate$sched_table$settings.dat$user_set$W\
                                                                                                                                                                              • API String ID: 2401364159-72956621
                                                                                                                                                                              • Opcode ID: 6be08b9d341e6cd1a4f6c21d1771c711b463dee4557a719652d6363dfff23041
                                                                                                                                                                              • Instruction ID: ae6cd73b79fb245001bbabf7db4f4461c727141ea8c98b394bd609237699ea4a
                                                                                                                                                                              • Opcode Fuzzy Hash: 6be08b9d341e6cd1a4f6c21d1771c711b463dee4557a719652d6363dfff23041
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F12AF716002499BCF24EF66C891AFE37A6AF95308B54042FF90697292DF3C9CC5CB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046DC39 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 236threadCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2665 46dc39-46dc4a 2666 46dc4c-46dc77 CreateEventW CreateThread 2665->2666 2667 46dc89-46dc96 2665->2667 2670 46dc7e-46dc88 call 51a381 2666->2670 2671 46dc79-46dc7c 2666->2671 2668 46dcd2-46dcd8 2667->2668 2669 46dc98-46dca0 2667->2669 2674 46dcde-46dce5 2668->2674 2675 46df5d-46df61 2668->2675 2672 46dca2-46dcc6 call 44d9db call 46c71a 2669->2672 2673 46dcc8 2669->2673 2670->2667 2671->2667 2671->2670 2672->2673 2673->2668 2674->2675 2678 46dceb-46dcf2 2674->2678 2681 46dcf4-46dd00 2678->2681 2682 46dd48-46dd57 2678->2682 2681->2675 2686 46dd06-46dd0d 2681->2686 2684 46dd61-46dd67 2682->2684 2685 46dd59-46dd5b 2682->2685 2687 46dee0-46dee6 2684->2687 2689 46dd6d-46dd8b call 46d1b2 2684->2689 2685->2684 2685->2687 2690 46dd15-46dd43 call 46d742 call 427829 2686->2690 2691 46dd0f 2686->2691 2687->2675 2692 46dee8-46deeb 2687->2692 2700 46de33-46de39 2689->2700 2701 46dd91-46dd9e call 42cdf1 2689->2701 2690->2675 2691->2690 2696 46def1-46def7 2692->2696 2697 46deed-46deef 2692->2697 2702 46df57 2696->2702 2703 46def9-46df06 2696->2703 2697->2675 2697->2696 2705 46de7c-46de82 2700->2705 2706 46de3b-46de51 ??2@YAPAXI@Z call 46c4f6 2700->2706 2723 46dda5-46dda6 call 42cb93 2701->2723 2724 46dda0-46dda3 2701->2724 2702->2675 2707 46df2a-46df2c 2703->2707 2708 46df08-46df0a 2703->2708 2705->2675 2714 46de88-46de90 2705->2714 2728 46de53-46de6b closesocket 2706->2728 2729 46de70-46de76 SetEvent 2706->2729 2710 46df2e-46df47 call 46b961 call 46c1c2 2707->2710 2711 46df49-46df56 call 46c1c2 2707->2711 2715 46df13 2708->2715 2716 46df0c-46df11 2708->2716 2710->2702 2711->2702 2720 46de92 2714->2720 2721 46deaa-46deb2 2714->2721 2722 46df18-46df28 call 46c1c2 2715->2722 2716->2722 2732 46de94-46dea8 2720->2732 2721->2675 2725 46deb8-46dedc call 44d9db call 46c71a 2721->2725 2722->2675 2739 46ddab-46ddbc call 47440e call 40e39d 2723->2739 2724->2723 2730 46ddc1-46ddc7 2724->2730 2753 46dede 2725->2753 2728->2675 2729->2705 2737 46de2b-46de2e call 40dded 2730->2737 2738 46ddc9 2730->2738 2732->2721 2732->2732 2737->2700 2742 46ddcb-46ddd7 ??2@YAPAXI@Z 2738->2742 2739->2730 2747 46ddeb 2742->2747 2748 46ddd9-46dde9 call 41b154 2742->2748 2752 46ddee-46ddfe call 46c63c 2747->2752 2748->2752 2757 46de00-46de09 call 41b984 2752->2757 2758 46de0b-46de18 call 40e39d 2752->2758 2753->2675 2761 46de1d-46de29 2757->2761 2758->2761 2761->2737 2761->2742
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00534BD4,00000000,00000000,?,?,?,?,?,?,?,?,0042D48A), ref: 0046DC51
                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_0006D791,00000000,00000000,005C9CF4), ref: 0046DC6A
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0046DDCD
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0046DE3D
                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 0046DE5C
                                                                                                                                                                              • SetEvent.KERNEL32(00534BD4,00000000,00000000,?,?,?,?,?,?,?,?,0042D48A,00000000), ref: 0046DE76
                                                                                                                                                                                • Part of subcall function 0046C1C2: GetCurrentThreadId.KERNEL32 ref: 0046C1F7
                                                                                                                                                                              Strings
                                                                                                                                                                              • could not create upnp thread, xrefs: 0046DC7E
                                                                                                                                                                              • 239.255.255.250, xrefs: 0046DCAC, 0046DEC0
                                                                                                                                                                              • UPnP: Could not map UPnP Port on this pass, retrying., xrefs: 0046DF0C
                                                                                                                                                                              • UPnP: Unable to map port %I:%d with UPnP., xrefs: 0046DF38
                                                                                                                                                                              • UPnP: Unable to get external IP with UPnP., xrefs: 0046DF49
                                                                                                                                                                              • UPnP: Could not detect external IP on this pass, retrying., xrefs: 0046DF13
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@CreateEventThread$Currentclosesocket
                                                                                                                                                                              • String ID: 239.255.255.250$UPnP: Could not detect external IP on this pass, retrying.$UPnP: Could not map UPnP Port on this pass, retrying.$UPnP: Unable to get external IP with UPnP.$UPnP: Unable to map port %I:%d with UPnP.$could not create upnp thread
                                                                                                                                                                              • API String ID: 2399951514-3944216563
                                                                                                                                                                              • Opcode ID: d2b97979da832ee8bae9213eb2ab3099e1b12a31641da632ff3272028fb434b3
                                                                                                                                                                              • Instruction ID: 901e7f3ec0250ac897a0eb41584c63d07c9bb6de20f3009e0ab1246d6f6e7351
                                                                                                                                                                              • Opcode Fuzzy Hash: d2b97979da832ee8bae9213eb2ab3099e1b12a31641da632ff3272028fb434b3
                                                                                                                                                                              • Instruction Fuzzy Hash: BA81D5B1F00644DEDB20EF65EC85DAA7775FB65304F10402FE143AB2A1E6784889EB5B
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00428BF4 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 66filelibraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2763 428bf4-428c22 GetModuleHandleA GetProcAddress 2764 428cb4-428cbe 2763->2764 2765 428c28-428ca2 srand rand call 4137cc * 2 CopyFileW ReplaceFileW DeleteFileW 2763->2765 2765->2764 2770 428ca4-428cae MoveFileExW 2765->2770 2770->2764
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,ReplaceFileW,00000000,00000000), ref: 00428C10
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00428C17
                                                                                                                                                                              • srand.MSVCRT ref: 00428C2E
                                                                                                                                                                              • rand.MSVCRT ref: 00428C33
                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000), ref: 00428C73
                                                                                                                                                                              • ReplaceFileW.KERNELBASE(00000000,?,?,00000002,00000000,00000000), ref: 00428C8E
                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 00428C9A
                                                                                                                                                                              • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 00428CAE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AddressCopyDeleteHandleModuleMoveProcReplacerandsrand
                                                                                                                                                                              • String ID: %s.%u.tmp$%s.new$ReplaceFileW$kernel32.dll
                                                                                                                                                                              • API String ID: 2253878432-542693280
                                                                                                                                                                              • Opcode ID: 9e67910292c641445d8ea098f5f3f5559bfabb8ea7ef57d815d5c480697f3f51
                                                                                                                                                                              • Instruction ID: 931dca36b283161ea1d67bf161c641646d757938793e9d0b9d11793b7e2543c2
                                                                                                                                                                              • Opcode Fuzzy Hash: 9e67910292c641445d8ea098f5f3f5559bfabb8ea7ef57d815d5c480697f3f51
                                                                                                                                                                              • Instruction Fuzzy Hash: C411CBB1940229BBDB20EBA1DC4EFDF7F7CAF65701F044465B604E2180DB749A85CBA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00417FC1 Relevance: 19.8, APIs: 1, Strings: 10, Instructions: 509COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2771 417fc1-417fd8 call 41ab7d 2774 4185e2-4185eb call 41ab99 2771->2774 2775 417fde-418011 call 40307b * 2 call 4168d2 call 40e21c call 416728 2771->2775 2788 418013-41801a 2775->2788 2789 41801c 2775->2789 2788->2789 2790 41801f-418037 2788->2790 2789->2790 2791 418050-41805e call 414c47 2790->2791 2794 418060-41806d 2791->2794 2795 418039-418040 2791->2795 2796 418086-418094 call 414c47 2794->2796 2797 418042-418046 2795->2797 2798 41804e 2795->2798 2803 418096-41809e 2796->2803 2804 41806f-418076 2796->2804 2800 418048 2797->2800 2801 41804b 2797->2801 2798->2791 2800->2801 2801->2798 2807 4180a0-4180a2 2803->2807 2808 4180b5-4180c0 call 475bee 2803->2808 2805 418084 2804->2805 2806 418078-41807c 2804->2806 2805->2796 2810 418081 2806->2810 2811 41807e 2806->2811 2812 4180a5-4180aa 2807->2812 2815 4180c2-418122 2808->2815 2810->2805 2811->2810 2812->2812 2814 4180ac-4180ae 2812->2814 2814->2808 2816 4180b0 call 44e5ea 2814->2816 2815->2815 2817 418124 2815->2817 2816->2808 2819 418127-418139 2817->2819 2820 41847e-418485 2819->2820 2821 41848b-418493 2820->2821 2822 41813e-418147 2820->2822 2821->2819 2823 418499-418514 call 4164c8 call 42e78c call 42e7f9 call 45f540 call 4164c8 call 42eb10 call 4164f8 call 4752ef call 4164c8 call 475060 call 41599a 2821->2823 2824 41815c-41816c call 414c47 2822->2824 2973 418534-418588 call 4168d2 call 429019 call 415226 call 40e21c call 414623 call 419846 2823->2973 2974 418516-41851f 2823->2974 2830 418149-41814d 2824->2830 2831 41816e-418187 2824->2831 2835 41815a 2830->2835 2836 41814f-418152 2830->2836 2832 418307-41830a 2831->2832 2833 41818d 2831->2833 2839 418310-418311 2832->2839 2840 418435-418447 call 4164f8 2832->2840 2837 418193-418195 2833->2837 2838 4182b5-4182ba 2833->2838 2835->2824 2841 418154 2836->2841 2842 418157 2836->2842 2846 418259-41825e 2837->2846 2847 41819b 2837->2847 2848 4182c1-4182c7 2838->2848 2849 4182bc 2838->2849 2844 418317-418318 2839->2844 2845 4183d8-4183f2 call 4164c8 call 470368 2839->2845 2855 418477-41847b 2840->2855 2869 418449-418475 call 414d46 call 414be3 call 414e53 call 41529d 2840->2869 2841->2842 2842->2835 2856 41831a-41831d 2844->2856 2857 41833f-418359 call 4164c8 call 470368 2844->2857 2903 418418-418431 call 40dfaa call 40e056 2845->2903 2852 418260 2846->2852 2853 418265-41826b 2846->2853 2854 4181a1-4181a4 2847->2854 2847->2855 2859 4182c9 2848->2859 2860 4182ce-4182d0 2848->2860 2849->2848 2852->2853 2864 418272-418274 2853->2864 2865 41826d 2853->2865 2867 418206-418209 2854->2867 2868 4181a6-4181a9 2854->2868 2855->2820 2856->2855 2863 418323-41833a call 4164c8 2856->2863 2919 4183b8-4183d1 call 40dfaa call 40e056 2857->2919 2859->2860 2870 4182d2-4182d6 2860->2870 2863->2855 2878 418276-41827c 2864->2878 2865->2864 2873 418210-418213 2867->2873 2874 41820b-41820e 2867->2874 2875 4181ab-4181ae 2868->2875 2876 4181ef-4181f5 2868->2876 2869->2855 2879 4182f0-4182f2 2870->2879 2880 4182d8-4182da 2870->2880 2885 418217-41821f 2873->2885 2874->2873 2887 418215 2874->2887 2889 4181b0-4181b3 2875->2889 2890 4181ce-4181d0 2875->2890 2899 4181f6-4181fc call 4163d0 2876->2899 2892 41829c-41829e 2878->2892 2893 41827e-418281 2878->2893 2898 4182f5-4182f9 2879->2898 2894 4182ec-4182ee 2880->2894 2895 4182dc-4182e2 2880->2895 2909 418221-418232 call 416ab9 2885->2909 2910 418248-418254 call 416449 2885->2910 2887->2885 2889->2855 2900 4181b9-4181c9 call 416487 2889->2900 2890->2855 2904 4181d6-4181da 2890->2904 2905 4182a1-4182a5 2892->2905 2901 418283-41828b 2893->2901 2902 418298-41829a 2893->2902 2894->2898 2895->2879 2911 4182e4-4182ea 2895->2911 2913 41823b-418243 call 414c47 2898->2913 2914 4182ff-418301 2898->2914 2924 418201 2899->2924 2900->2855 2901->2892 2918 41828d-418296 2901->2918 2902->2905 2950 418433 2903->2950 2951 4183f4-418413 call 40e0b6 call 416449 call 40e02c 2903->2951 2904->2855 2920 4181e0-4181e5 2904->2920 2905->2913 2923 4182a7-4182b0 call 41640e 2905->2923 2909->2910 2941 418234-418236 2909->2941 2910->2855 2911->2870 2911->2894 2913->2855 2914->2832 2918->2878 2918->2902 2954 4183d3 2919->2954 2955 41835b-4183b3 call 40e21c call 419841 call 40e21c call 419841 call 4166e9 call 40dea5 * 2 call 40e02c 2919->2955 2920->2855 2930 4181eb-4181ed 2920->2930 2923->2855 2924->2855 2930->2899 2941->2910 2947 418238 2941->2947 2947->2913 2950->2855 2951->2903 2954->2855 2955->2919 2997 4185a6-4185b0 2973->2997 2998 41858a-4185a3 call 40e21c call 4327f2 2973->2998 2974->2973 2976 418521-41852d CreateDirectoryW 2974->2976 2976->2973 3000 4185b2-4185b8 call 4b9082 2997->3000 3001 4185bd call 4b8e48 2997->3001 2998->2997 3000->3001 3006 4185c2-4185dd call 40dea5 * 2 call 41529d * 2 3001->3006 3006->2774
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                                • Part of subcall function 0040307B: ??2@YAPAXI@Z.MSVCRT ref: 0040308D
                                                                                                                                                                                • Part of subcall function 0040307B: memset.MSVCRT ref: 004030A2
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\uTorrent,00000000,00000000,channels,installs,apps,peakrate,?,?,?,.fileguard,.fileguard,file_guard,file_guard,?,00000000), ref: 00418527
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@CreateCurrentDirectoryThreadmemset
                                                                                                                                                                              • String ID: .fileguard$C:\Users\user\AppData\Roaming\uTorrent$Settings integrity check failed (duplicate keys: %d count: %d), repaired: %s$apps$channels$file_guard$installs$peakrate$settings.dat$W\
                                                                                                                                                                              • API String ID: 1678016590-2879078788
                                                                                                                                                                              • Opcode ID: e5a7ed014b7a933cd997413f64a40c8b2e5d5c3fb34bec255e837ffa0127ce65
                                                                                                                                                                              • Instruction ID: b578a30d4b3ec307eb5b6eaa5ce7e8af9296230407d1d30077cf4bffdfffef48
                                                                                                                                                                              • Opcode Fuzzy Hash: e5a7ed014b7a933cd997413f64a40c8b2e5d5c3fb34bec255e837ffa0127ce65
                                                                                                                                                                              • Instruction Fuzzy Hash: DC02D1316002198FCF15EF65C8919EE3BA2BF55308B55016FF816972A2DF39DC86CB49
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B6590 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004523C2: RegOpenKeyExW.KERNEL32(?,?,00000000,00429CE6,?,Software\Wine,00429C64,80000002,Software\Wine,00020019,?,00000019,?), ref: 004523D9
                                                                                                                                                                                • Part of subcall function 004522A9: RegQueryValueExW.KERNEL32(00000000,?,00000000,004B9B3D,004B9B3D,00000000,00000000,?,0045247E,?,004B9B3D,80000002,00000000,00020019,toolbar.log,80000002), ref: 004522C6
                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,StatsTesting,00000000,80000001,Software\BitTorrent,00020019,?), ref: 004B65EF
                                                                                                                                                                              • fopen.MSVCRT ref: 004B662C
                                                                                                                                                                              • _getpid.MSVCRT(00000000,?,?,?,00000001), ref: 004B6641
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004B6647
                                                                                                                                                                              • fprintf.MSVCRT ref: 004B6654
                                                                                                                                                                              • fclose.MSVCRT ref: 004B665A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountFolderOpenPathQuerySpecialTickValue_getpidfclosefopenfprintf
                                                                                                                                                                              • String ID: %s\stats-%s.txt$%u %d %S$Software\BitTorrent$StatsTesting$uTorrent
                                                                                                                                                                              • API String ID: 3146209500-563371569
                                                                                                                                                                              • Opcode ID: 8589f37797ff6c5c3de1ba0eb309a4964ddcac96e0457707ddbd4527cc1fa76a
                                                                                                                                                                              • Instruction ID: bb345fd407891971178a8223728cccacf131ee6fa20acc6de273b849c0d4df2f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8589f37797ff6c5c3de1ba0eb309a4964ddcac96e0457707ddbd4527cc1fa76a
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A116371E40208B6DB14F7B1DD5AFDE776CAF21704F44049EB905B21C2EBBC5B188AA9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A6C62 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 801014965-0
                                                                                                                                                                              • Opcode ID: 0a50fbda6ea11a3c99f1a267b03c7a0a23c93782f4aba281df20bc52f2d9ba08
                                                                                                                                                                              • Instruction ID: 3bf30f1247779c3b658a178e04d57b8ddda80b6babf2de2f40311b58725d0bcb
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a50fbda6ea11a3c99f1a267b03c7a0a23c93782f4aba281df20bc52f2d9ba08
                                                                                                                                                                              • Instruction Fuzzy Hash: 0541C3B4900348AFDB20AFA4CC89AAA7BB8FB2A310F24051FF441973A2D7785845DB55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041D5C3 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 299networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0041D60D
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0041D669
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0041D6C6
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0041D747
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,00000004,?,00000000), ref: 0041D7BD
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,00000004,?,00000000), ref: 0041D7EF
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,00000004,?,00000000), ref: 0041D814
                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 0041D8DE
                                                                                                                                                                              Strings
                                                                                                                                                                              • Too many bytes received on socket, xrefs: 0041D920
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                              • String ID: Too many bytes received on socket
                                                                                                                                                                              • API String ID: 1452528299-1535079384
                                                                                                                                                                              • Opcode ID: a3ad3ec746a6bdd2353890a07ed98fbe5a91348ee565900c8611228e6935d485
                                                                                                                                                                              • Instruction ID: dcaf174bd93d31c8175eb5b13dd9ac4441f93f2510cc96128d2ab5a31c1fb530
                                                                                                                                                                              • Opcode Fuzzy Hash: a3ad3ec746a6bdd2353890a07ed98fbe5a91348ee565900c8611228e6935d485
                                                                                                                                                                              • Instruction Fuzzy Hash: A1C1ADB0E007059FDB20DFA9C888BAEBBF1BF54314F10852ED09A97291D778A985CF55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B75F7 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 108windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostMessageW.USER32(?,00008041,?,00000000), ref: 004B773B
                                                                                                                                                                                • Part of subcall function 0046E196: fopen.MSVCRT ref: 0046E1CC
                                                                                                                                                                                • Part of subcall function 0046E196: GetCurrentProcessId.KERNEL32(?,toolbar.log,?,toolbar.log,default_offer: %d GetActiveToolbarName: %s,00000000,00000000), ref: 0046E1D5
                                                                                                                                                                                • Part of subcall function 0046E196: GetCurrentThreadId.KERNEL32 ref: 0046E1DD
                                                                                                                                                                                • Part of subcall function 0046E196: fprintf.MSVCRT ref: 0046E209
                                                                                                                                                                                • Part of subcall function 0046E196: vfprintf.MSVCRT ref: 0046E221
                                                                                                                                                                                • Part of subcall function 0046E196: fprintf.MSVCRT ref: 0046E22C
                                                                                                                                                                                • Part of subcall function 0046E196: fflush.MSVCRT ref: 0046E232
                                                                                                                                                                                • Part of subcall function 0046E196: fclose.MSVCRT ref: 0046E238
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Currentfprintf$MessagePostProcessThreadfclosefflushfopenvfprintf
                                                                                                                                                                              • String ID: TBRequestThread FAILED. err: %S$TBRequestThread Parsed OK?: %s$default_offer$default_offer: %d GetActiveToolbarName: %s$false$toolbar.log$toolbar_offer.benc$true
                                                                                                                                                                              • API String ID: 763171134-2035977267
                                                                                                                                                                              • Opcode ID: 2797179418aa55595b7fbddf2f0ad8a502fdd60e6f7194ddffe12b0c73354830
                                                                                                                                                                              • Instruction ID: f92895240a0a8b6e48b76d7b594ee3b1505cbea378ee81b7ae7a0703b4d2b400
                                                                                                                                                                              • Opcode Fuzzy Hash: 2797179418aa55595b7fbddf2f0ad8a502fdd60e6f7194ddffe12b0c73354830
                                                                                                                                                                              • Instruction Fuzzy Hash: E6314631B402506BDB10FB36DC53AEE3BA95FA1304F04442AB801573C2EF7D9A5993A9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BC389 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 102COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000001,InstallLocation,?,00000104,InstallLocation,?,00000104,00000000,00000000,00000000), ref: 004BC456
                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000026,00000000), ref: 004BC485
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FolderPathSpecial
                                                                                                                                                                              • String ID: INSTALLDEBUG: Chose APPDATA Path [%s]$INSTALLDEBUG: Chose Program Files Path [%s]$INSTALLDEBUG: Chose Uninstall Key Path [%s]$InstallLocation$RQh$Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent$\uTorrent
                                                                                                                                                                              • API String ID: 994120019-2252817956
                                                                                                                                                                              • Opcode ID: ec7623a517ffc44da6cd7d53f887d48723cbadf90b2efa302d2f170168e9947d
                                                                                                                                                                              • Instruction ID: 06ef21ca46241d9798be785b28957ea843fd28b4e61261b4aafc82d274cc75f6
                                                                                                                                                                              • Opcode Fuzzy Hash: ec7623a517ffc44da6cd7d53f887d48723cbadf90b2efa302d2f170168e9947d
                                                                                                                                                                              • Instruction Fuzzy Hash: 5831C431A4011CABDB20DB55CCC4BFA7BBCBF51704F0404ABA805A7281DBB88F858B79
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004933F5 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(ICMP.DLL,?,00493579,00000000,?,?,?,0045E743,0000001E,000003E8), ref: 00493404
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00493423
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,0045E743,0000001E,000003E8), ref: 00493434
                                                                                                                                                                              • GetProcAddress.KERNEL32(IcmpSendEcho), ref: 0049344E
                                                                                                                                                                              • GetProcAddress.KERNEL32(IcmpCloseHandle), ref: 00493464
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                              • String ID: ICMP.DLL$IcmpCloseHandle$IcmpCreateFile$IcmpSendEcho
                                                                                                                                                                              • API String ID: 2449869053-2450145906
                                                                                                                                                                              • Opcode ID: 2c369fd99aabf4275269d4d50a426bfa174f571bbf2ded8ed038e0f554878c70
                                                                                                                                                                              • Instruction ID: f2b9f5e875a66286b7cf9810124f892937c35adccf284c2ffd17c5259d1d16af
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c369fd99aabf4275269d4d50a426bfa174f571bbf2ded8ed038e0f554878c70
                                                                                                                                                                              • Instruction Fuzzy Hash: 08F04F70510B5A9EDF328F64BC04F953FA4BB7630FB018833A40292560E7748949FF86
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00428781 Relevance: 15.2, APIs: 10, Instructions: 153stringtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileTime.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 00428797
                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,00000000,00000001,?,0000001E), ref: 0042880B
                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 004288B2
                                                                                                                                                                                • Part of subcall function 00428E58: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,0042A109,00000000), ref: 00428E67
                                                                                                                                                                                • Part of subcall function 00428E58: GetLastError.KERNEL32 ref: 00428E71
                                                                                                                                                                              • _errno.MSVCRT ref: 004288F2
                                                                                                                                                                              • _errno.MSVCRT ref: 004288F9
                                                                                                                                                                              • strerror.MSVCRT ref: 00428902
                                                                                                                                                                              • _errno.MSVCRT ref: 00428916
                                                                                                                                                                              • _errno.MSVCRT ref: 0042891D
                                                                                                                                                                              • strerror.MSVCRT ref: 00428926
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File_errno$Pointerstrerror$ErrorLastReadTime
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1792347361-0
                                                                                                                                                                              • Opcode ID: 53e0fb29a1c18917734836fb9a2696cf313b86b7b8d0126cbab1deb792f0dd2a
                                                                                                                                                                              • Instruction ID: 63ef17d4fa3a7cf8390129745343e65738e84613510f8f17bf4405cf16fd04b9
                                                                                                                                                                              • Opcode Fuzzy Hash: 53e0fb29a1c18917734836fb9a2696cf313b86b7b8d0126cbab1deb792f0dd2a
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B51E471E00224FBCF20BFA1DC41AEEBBB5BF19344F50451AF804A6290EB399991DB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041BAA8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000001,066171C6,00000002,NOINSTALL,recover,?,MINIMIZED,AUTOMATION), ref: 0041BB10
                                                                                                                                                                              • GetVersion.KERNEL32 ref: 0041BB27
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0041BB5B
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0041BB7B
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0041BBA8
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0041BBC8
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0041BC03
                                                                                                                                                                                • Part of subcall function 0041A131: ExitProcess.KERNEL32 ref: 0041A158
                                                                                                                                                                              Strings
                                                                                                                                                                              • WSAStartup() failed, or you have the incorrect version of WinSock installed., xrefs: 0041BB00
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$CreateCurrentEventExitProcessThreadVersion
                                                                                                                                                                              • String ID: WSAStartup() failed, or you have the incorrect version of WinSock installed.
                                                                                                                                                                              • API String ID: 72386187-2515624185
                                                                                                                                                                              • Opcode ID: 12b3689de7c2e040afcbfd572be5dff2e9c7a7856c469df528e5b5c4b27e5e29
                                                                                                                                                                              • Instruction ID: 78dae66d723ac0a6cab2f2c5a1ee219f3cdc0b29d884a3a9f13511f655cd253e
                                                                                                                                                                              • Opcode Fuzzy Hash: 12b3689de7c2e040afcbfd572be5dff2e9c7a7856c469df528e5b5c4b27e5e29
                                                                                                                                                                              • Instruction Fuzzy Hash: 7A41F7B59046115EDB10BF75AC95EAA3B90E711304B11053FE446C76B2DB3C98C8ABD9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004E2B7D Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 52libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(urlmon,?,00404D3C), ref: 004E2B83
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CoInternetGetSession), ref: 004E2BA2
                                                                                                                                                                              • GetProcAddress.KERNEL32(FindMimeFromData), ref: 004E2BB5
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004E2BD2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$??2@LibraryLoad
                                                                                                                                                                              • String ID: CoInternetGetSession$FindMimeFromData$btresource$urlmon
                                                                                                                                                                              • API String ID: 1809095461-1897703424
                                                                                                                                                                              • Opcode ID: a860044ae272695ff6675689144b1e21d463836bdb79c4a2c51f50c0b6b49748
                                                                                                                                                                              • Instruction ID: 4d791cd177323056fb25a8557aef0088969ffd76efb416300e470e79dddba594
                                                                                                                                                                              • Opcode Fuzzy Hash: a860044ae272695ff6675689144b1e21d463836bdb79c4a2c51f50c0b6b49748
                                                                                                                                                                              • Instruction Fuzzy Hash: 2901F571A01240AFD7309FA6BC89E1E7F9CFB58351B00143BF401D72A1CAB098459F24
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042C481 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(DnsApi.dll,00000001,0041BBF1), ref: 0042C4AA
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 0042C4C6
                                                                                                                                                                              • GetProcAddress.KERNEL32(DnsRecordListFree), ref: 0042C4D8
                                                                                                                                                                              • FreeLibrary.KERNEL32 ref: 0042C4F2
                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0042C502
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryProc$CreateEventFreeLoad
                                                                                                                                                                              • String ID: DnsApi.dll$DnsQuery_A$DnsRecordListFree
                                                                                                                                                                              • API String ID: 4235736121-3267830732
                                                                                                                                                                              • Opcode ID: 69e5f1228dc3507a7e4203a0cc43acbe288c40fc8f2b2f3fc20e2c592ab3b125
                                                                                                                                                                              • Instruction ID: 82d6991b15c968e9538a72d8f46f7f14dc2fe362a0f9ac2f56a509cade1ad371
                                                                                                                                                                              • Opcode Fuzzy Hash: 69e5f1228dc3507a7e4203a0cc43acbe288c40fc8f2b2f3fc20e2c592ab3b125
                                                                                                                                                                              • Instruction Fuzzy Hash: 17012970A40E50DED7229FE5BC49C2E3FA7FAB9715384441AE00496621F77834CAEF84
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040F5F3 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _wtoi.MSVCRT ref: 0040F65C
                                                                                                                                                                              • memcpy.MSVCRT ref: 0040F6C2
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00000000,066171C6), ref: 0040F6E5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileModuleName_wtoimemcpy
                                                                                                                                                                              • String ID: .lang.txt$utorrent.lng$version
                                                                                                                                                                              • API String ID: 1396664218-1860213024
                                                                                                                                                                              • Opcode ID: 8266e537f161474caa81a3414605c5c25d38cb63a64747a6c4b153da5feee665
                                                                                                                                                                              • Instruction ID: c9648eb914efd3ba3f4640a0d5a3dc230cc03a2d011b0c5b25a9e7122406add9
                                                                                                                                                                              • Opcode Fuzzy Hash: 8266e537f161474caa81a3414605c5c25d38cb63a64747a6c4b153da5feee665
                                                                                                                                                                              • Instruction Fuzzy Hash: FE31D930A001195BCB24FBB5E85199E77A4AF55318F20057FE411A76D1EF399D498788
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00493473 Relevance: 10.6, APIs: 7, Instructions: 87fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004933F5: LoadLibraryW.KERNEL32(ICMP.DLL,?,00493579,00000000,?,?,?,0045E743,0000001E,000003E8), ref: 00493404
                                                                                                                                                                              • Icmp6CreateFile.IPHLPAPI(?,?,?,?,?,?,?,?,?,?,004935A5,00000001,?,?,?,00000000), ref: 004934B3
                                                                                                                                                                              • htonl.WS2_32(00000001), ref: 004934FC
                                                                                                                                                                              • htonl.WS2_32(00000000), ref: 00493516
                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000), ref: 00493520
                                                                                                                                                                              • SetLastError.KERNEL32(00000032), ref: 0049352F
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0049353A
                                                                                                                                                                              • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00493556
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorIcmpLasthtonl$CloseCreateEchoFileHandleIcmp6LibraryLoadSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3190929968-0
                                                                                                                                                                              • Opcode ID: 38934cefb15d54d9037c5c25b6e3bacf592bc9fa1d2919b72930fa5abd689ed1
                                                                                                                                                                              • Instruction ID: e410f16aea3e54d7742d97cd230a33e63a9c4176e8b6bcf9c42d61af99688b10
                                                                                                                                                                              • Opcode Fuzzy Hash: 38934cefb15d54d9037c5c25b6e3bacf592bc9fa1d2919b72930fa5abd689ed1
                                                                                                                                                                              • Instruction Fuzzy Hash: B321F731900208BFDF11DFACD805BAE7FB4AF1A325F140566E911E7290D7744A09DB52
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A136 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00411B56: GetFileAttributesW.KERNEL32(00000000,0042A150,005CB350,toolbar.log), ref: 00411B57
                                                                                                                                                                                • Part of subcall function 00428E8C: WriteFile.KERNEL32(?,?,00000000,00000004,00000000,?,?,0047B5D6,?,0000002C,00000000,00000004), ref: 00428E9B
                                                                                                                                                                                • Part of subcall function 00428E8C: GetLastError.KERNEL32(?,0047B5D6,?,0000002C,00000000,00000004,?,?,?,?,?,0047B647,?,?), ref: 00428EA5
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,004B76C0,00000080,?,?,005CB350,toolbar.log), ref: 0042A1AB
                                                                                                                                                                                • Part of subcall function 00428BF4: GetModuleHandleA.KERNEL32(kernel32.dll,ReplaceFileW,00000000,00000000), ref: 00428C10
                                                                                                                                                                                • Part of subcall function 00428BF4: GetProcAddress.KERNEL32(00000000), ref: 00428C17
                                                                                                                                                                                • Part of subcall function 00428BF4: srand.MSVCRT ref: 00428C2E
                                                                                                                                                                                • Part of subcall function 00428BF4: rand.MSVCRT ref: 00428C33
                                                                                                                                                                                • Part of subcall function 00428BF4: CopyFileW.KERNEL32(?,?,00000000), ref: 00428C73
                                                                                                                                                                                • Part of subcall function 00428BF4: ReplaceFileW.KERNELBASE(00000000,?,?,00000002,00000000,00000000), ref: 00428C8E
                                                                                                                                                                                • Part of subcall function 00428BF4: DeleteFileW.KERNEL32(?), ref: 00428C9A
                                                                                                                                                                                • Part of subcall function 00428BF4: MoveFileExW.KERNEL32(?,00000000,00000004), ref: 00428CAE
                                                                                                                                                                              • CopyFileW.KERNEL32(00000000,?,00000000,?,?,005CB350,toolbar.log), ref: 0042A1D7
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,005CB350,toolbar.log), ref: 0042A1E7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CopyDeleteHandle$AddressAttributesCloseErrorLastModuleMoveProcReplaceWriterandsrand
                                                                                                                                                                              • String ID: %s%s$.new$toolbar.log
                                                                                                                                                                              • API String ID: 3557110710-393782049
                                                                                                                                                                              • Opcode ID: 000a4752f5231ec9961ad5f726a8f2517fd3ead9bd568ab37bdd9ded2172f553
                                                                                                                                                                              • Instruction ID: b558d94c36af363b27f276db075aabed5f21ecf0e82b774e35f1e090b8c8426e
                                                                                                                                                                              • Opcode Fuzzy Hash: 000a4752f5231ec9961ad5f726a8f2517fd3ead9bd568ab37bdd9ded2172f553
                                                                                                                                                                              • Instruction Fuzzy Hash: 4D210B71F00238ABDB21DB64AC899FF77B8AB61720F5044ABF911D3280D6788F95C655
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004167A6 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 70COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?), ref: 004167C7
                                                                                                                                                                                • Part of subcall function 0044D85D: wcschr.MSVCRT ref: 0044D863
                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000001,?,?), ref: 0041682C
                                                                                                                                                                                • Part of subcall function 0042A467: GetDriveTypeW.KERNEL32(?,0000000A,00000104), ref: 0042A496
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DriveFileFolderModuleNamePathSpecialTypewcschr
                                                                                                                                                                              • String ID: .old$NOTE: Settings file found in directory of executable; using that.$\uTorrent$settings.dat
                                                                                                                                                                              • API String ID: 2416613174-1981774995
                                                                                                                                                                              • Opcode ID: b4d0edac644a2db4de015d6eefbc5ef77556738e58449bd29a18723807f8b390
                                                                                                                                                                              • Instruction ID: 7b5e632e3de4a90a03de259bab0b5ae487d4c79e2a82bf65b50cfe38f01a86f2
                                                                                                                                                                              • Opcode Fuzzy Hash: b4d0edac644a2db4de015d6eefbc5ef77556738e58449bd29a18723807f8b390
                                                                                                                                                                              • Instruction Fuzzy Hash: 8621D431A4012D9BCB14FF56DC85BE97774FF21308F0004AAE415A71D1EBB89E84CB69
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00492EDA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,004933C9,00000001,?,?,00455EAE), ref: 00492F41
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00455EAE,?,?,?,?,?,?,?), ref: 00492F4A
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00455EAE,?,?,?,?,?,?,?), ref: 00492F53
                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00092DE2,00000000,00000000,00000050), ref: 00492F72
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Create$Event$Thread
                                                                                                                                                                              • String ID: G0I$}0I
                                                                                                                                                                              • API String ID: 2525963256-3999704497
                                                                                                                                                                              • Opcode ID: 010ecda0d4ba5f3e4891cf3649a55445c505679c2015ae977ad96935ec2ca0e8
                                                                                                                                                                              • Instruction ID: e3367b39c2a6204637c769ee372f79f420dc7a2d3e83b8e2171d449f5512693f
                                                                                                                                                                              • Opcode Fuzzy Hash: 010ecda0d4ba5f3e4891cf3649a55445c505679c2015ae977ad96935ec2ca0e8
                                                                                                                                                                              • Instruction Fuzzy Hash: CA21A4B5501B80AFC330DF6A8988C57FFF8FED6B14350881EA59687A20D7B4E845CB25
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00411ED6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,?,?), ref: 00411EF4
                                                                                                                                                                              • GetTempFileNameW.KERNEL32(00000000,utt,00000000,?,?,?), ref: 00411F0F
                                                                                                                                                                              • rand.MSVCRT ref: 00411F19
                                                                                                                                                                              • rand.MSVCRT ref: 00411F1F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Temprand$FileNamePath
                                                                                                                                                                              • String ID: c:\%u%u.tmp$utt
                                                                                                                                                                              • API String ID: 1145506979-2866070429
                                                                                                                                                                              • Opcode ID: 7af364eb5bd9c7a8bda0a83364eaca63757c6728b5b80e488fb9843e47f9b5f1
                                                                                                                                                                              • Instruction ID: 7df9eadab44768ca8c76959722f5664b612566b4b31105b21f0b9372bc338d8c
                                                                                                                                                                              • Opcode Fuzzy Hash: 7af364eb5bd9c7a8bda0a83364eaca63757c6728b5b80e488fb9843e47f9b5f1
                                                                                                                                                                              • Instruction Fuzzy Hash: 9911E7716001195ACB24A725DC15BEB733DDF51308F0401B9A916D31A5EF789FC9CA58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00501D30 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 00501D4A
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000,?,?,?,?,00000080), ref: 00501DC0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$ChangeCloseCreateFindModuleNameNotificationPointer
                                                                                                                                                                              • String ID: .adknow$.bunndle$.opcandy$.opinstall
                                                                                                                                                                              • API String ID: 2685538020-1799820315
                                                                                                                                                                              • Opcode ID: 1b5b4d9697ef868142040e2d96c88028415acbff518d813273c5efee8231f23d
                                                                                                                                                                              • Instruction ID: 0ae9f64675a4e346a19f9fcca40fd9ffba5fdf1ac8945abb444708f8191c64bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b5b4d9697ef868142040e2d96c88028415acbff518d813273c5efee8231f23d
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D01B567F0041867D720E3569C45A9F3BAAEBD4710F248066F50AD3181E7B49F0BA7DB
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A6A5 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?), ref: 0042A6C7
                                                                                                                                                                              • GetDateFormatA.KERNELBASE(00000400,00000000,?,ddd','dd'-'MMM'-'yyyy,?,00000030), ref: 0042A6E4
                                                                                                                                                                              • GetTimeFormatA.KERNEL32(00000400,00000000,?,HH':'mm':'ss',?,00000030), ref: 0042A706
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Time$Format$DateFileSystem
                                                                                                                                                                              • String ID: $HH':'mm':'ss'$ddd','dd'-'MMM'-'yyyy
                                                                                                                                                                              • API String ID: 3098269223-1095276128
                                                                                                                                                                              • Opcode ID: e933b5c21ee3f3330ecbdd04e3befa2c6c0d2dfd2914fafb5392fb8305fb0023
                                                                                                                                                                              • Instruction ID: cae867b08c3fdcc39e59c0085f442469be7e8714c26d18724b018100ba0c184b
                                                                                                                                                                              • Opcode Fuzzy Hash: e933b5c21ee3f3330ecbdd04e3befa2c6c0d2dfd2914fafb5392fb8305fb0023
                                                                                                                                                                              • Instruction Fuzzy Hash: EC01B172600218BBEB10EBA9DC45FEF3B6CFF45740F540429BA00E7180D774AA0A8BA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A86D2 Relevance: 10.5, APIs: 7, Instructions: 48COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004A85C2: memset.MSVCRT ref: 004A85EE
                                                                                                                                                                                • Part of subcall function 004A85C2: SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 004A860D
                                                                                                                                                                                • Part of subcall function 004A85C2: 73A1A570.USER32(00000000,?,00400000,005A6D68), ref: 004A8615
                                                                                                                                                                                • Part of subcall function 004A85C2: MulDiv.KERNEL32(?,00000048,00000000), ref: 004A863E
                                                                                                                                                                              • GetLastError.KERNEL32(?,005A6D68,?,00400000,?,004A7F24,004A70E1,00000000,005A6D68,00402775,00000159,00000000,?,00402BBD), ref: 004A86EF
                                                                                                                                                                              • CreateDialogIndirectParamW.USER32(00400000,?,00000009,?,?), ref: 004A8709
                                                                                                                                                                              • GetLastError.KERNEL32(?,005A6D68,?,00400000,?,004A7F24,004A70E1,00000000,005A6D68,00402775,00000159,00000000,?,00402BBD), ref: 004A8715
                                                                                                                                                                              • GetLastError.KERNEL32(?,005A6D68,?,00400000,?,004A7F24,004A70E1,00000000,005A6D68,00402775,00000159,00000000,?,00402BBD), ref: 004A8721
                                                                                                                                                                              • GetLastError.KERNEL32(?,005A6D68,?,00400000,?,004A7F24,004A70E1,00000000,005A6D68,00402775,00000159,00000000,?,00402BBD), ref: 004A8733
                                                                                                                                                                              • GetLastError.KERNEL32(?,005A6D68,?,00400000,?,004A7F24,004A70E1,00000000,005A6D68,00402775,00000159,00000000,?,00402BBD), ref: 004A8740
                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004A8750
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$A570CreateDialogFreeGlobalIndirectInfoParamParametersSystemmemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4037060881-0
                                                                                                                                                                              • Opcode ID: 6e97a3d19ab5b3ab5efb7dc6fb912fd560b761aff0794afb42541700b9d8958b
                                                                                                                                                                              • Instruction ID: f0f6e8f106b8f49631d35b739175dcfc4972bbe9b3d78601328f9d0099f819c3
                                                                                                                                                                              • Opcode Fuzzy Hash: 6e97a3d19ab5b3ab5efb7dc6fb912fd560b761aff0794afb42541700b9d8958b
                                                                                                                                                                              • Instruction Fuzzy Hash: 3301E9B5900218EFDB11EFA9EC84A5D7FA9FF69354F10443FE505C2220EB758A04AFA1
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B8378 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 128COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: wcschrwcsrchr
                                                                                                                                                                              • String ID: "$%s\shell$%s\shell\%s\command
                                                                                                                                                                              • API String ID: 1119115753-2976378921
                                                                                                                                                                              • Opcode ID: e3dac1ce4d7b64676032b9696fe4564641cb753984e165562542ae00b0d2e470
                                                                                                                                                                              • Instruction ID: 22dffd5926a9dd175809b1764bbdc5ed45ce7401b9b58c2917de82e1451eb472
                                                                                                                                                                              • Opcode Fuzzy Hash: e3dac1ce4d7b64676032b9696fe4564641cb753984e165562542ae00b0d2e470
                                                                                                                                                                              • Instruction Fuzzy Hash: D541D772900219AADF14EB51CC56BEA33AC9F51304F1444AFE905A7183EF7C6F49CBA9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045E71A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 112COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InterlockedExchangeAdd.KERNEL32(005CB320,000000FF), ref: 0045E871
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExchangeInterlocked
                                                                                                                                                                              • String ID: &m%d$&p%d$=%a$=%d
                                                                                                                                                                              • API String ID: 367298776-1780905800
                                                                                                                                                                              • Opcode ID: 57a2e74e31f6eef174821eb8ab0cd62295c8c0726c094dedf94026e7b0c86e6c
                                                                                                                                                                              • Instruction ID: 335c6b1b83de83646f1bd388bb7409d994f19d968cd2ba6ef6a30f8ebba2806b
                                                                                                                                                                              • Opcode Fuzzy Hash: 57a2e74e31f6eef174821eb8ab0cd62295c8c0726c094dedf94026e7b0c86e6c
                                                                                                                                                                              • Instruction Fuzzy Hash: 36418771A00208EFDF14EFA5C881EED77A9FF54318F00853EF95657292DB34AA498B94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042951F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(C:\,00000000,00000000,005A72AA,?,?,00000000,00000000,?,005A72A0,005A72A0), ref: 00429591
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InformationVolume
                                                                                                                                                                              • String ID: C:\$Can't create UUID - %d$UuidCreateSequential$rpcrt4.dll
                                                                                                                                                                              • API String ID: 2039140958-2536843575
                                                                                                                                                                              • Opcode ID: 6f3af5373a384f6b897596f37974af539253d6b68c4876440f477fdd05512c6e
                                                                                                                                                                              • Instruction ID: 7f33ba5214b9c37b09fb3e31e4c2fae15cfbd63669696060b383b3bc0b94577e
                                                                                                                                                                              • Opcode Fuzzy Hash: 6f3af5373a384f6b897596f37974af539253d6b68c4876440f477fdd05512c6e
                                                                                                                                                                              • Instruction Fuzzy Hash: 67210B32600115A7DB25EE66DD42EFF777CAF51304F50806EF80AA7181EB74AE45CB24
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00404D09 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004AFE50: memset.MSVCRT ref: 004AFE5E
                                                                                                                                                                                • Part of subcall function 004AFE50: RegisterClassExW.USER32(?), ref: 004AFE92
                                                                                                                                                                                • Part of subcall function 004A80C3: LoadCursorA.USER32(00000000,00007F00), ref: 004A80FD
                                                                                                                                                                                • Part of subcall function 004A80C3: RegisterClassExW.USER32(?), ref: 004A8111
                                                                                                                                                                                • Part of subcall function 004E2B7D: LoadLibraryW.KERNEL32(urlmon,?,00404D3C), ref: 004E2B83
                                                                                                                                                                                • Part of subcall function 004E2B7D: GetProcAddress.KERNEL32(00000000,CoInternetGetSession), ref: 004E2BA2
                                                                                                                                                                                • Part of subcall function 004E2B7D: GetProcAddress.KERNEL32(FindMimeFromData), ref: 004E2BB5
                                                                                                                                                                                • Part of subcall function 004E2B7D: ??2@YAPAXI@Z.MSVCRT ref: 004E2BD2
                                                                                                                                                                                • Part of subcall function 004AA982: GetIconInfo.USER32(00000000,?), ref: 004AA999
                                                                                                                                                                                • Part of subcall function 004AA982: 73A1A570.USER32(00000000), ref: 004AA9AE
                                                                                                                                                                                • Part of subcall function 004AA982: memset.MSVCRT ref: 004AA9C4
                                                                                                                                                                                • Part of subcall function 004AA982: GetObjectA.GDI32(?,00000018,?), ref: 004AA9F6
                                                                                                                                                                                • Part of subcall function 004AA982: GetDIBits.GDI32(00000010,?,00000000,?,?,00000028,00000000), ref: 004AAA57
                                                                                                                                                                                • Part of subcall function 004AA982: GetDIBits.GDI32(00000010,?,00000000,?,00404D60,00000028,00000000), ref: 004AAA74
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00404D98
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404DA6
                                                                                                                                                                              • DestroyCursor.USER32(?), ref: 00404DAB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Object$AddressBitsClassCursorDeleteLoadProcRegistermemset$??2@A570DestroyIconInfoLibrary
                                                                                                                                                                              • String ID: LDlBar$main.ico
                                                                                                                                                                              • API String ID: 1102316021-264381734
                                                                                                                                                                              • Opcode ID: 54d6febc99661df80c39f97a2efb4f37b98c17c716bcd89cfd38ad0112d78134
                                                                                                                                                                              • Instruction ID: 3a0b7d487a57c24ac225abd25670c9c97872efba4780e2ac382123f5ebb9cb0a
                                                                                                                                                                              • Opcode Fuzzy Hash: 54d6febc99661df80c39f97a2efb4f37b98c17c716bcd89cfd38ad0112d78134
                                                                                                                                                                              • Instruction Fuzzy Hash: 49119671900104BFD710BBB79C4695FBFB9EFA6708B10406FF50162262DB781E45EA29
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041AA09 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAEnumNetworkEvents.WS2_32(000000FF,00000000,?), ref: 0041AA22
                                                                                                                                                                              • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,0041E67E,00000000,0041E7AB), ref: 0041AA32
                                                                                                                                                                              • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,0041E67E,00000000,0041E7AB), ref: 0041AA41
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$EnumEventsNetwork
                                                                                                                                                                              • String ID: WSAEnumNetworkEvents error (%d)$~A
                                                                                                                                                                              • API String ID: 2729671098-1272546508
                                                                                                                                                                              • Opcode ID: fb1901381b18ee6a383b4883814d0d06fc4194ebc08429e78f2c46bb5e6ab8a1
                                                                                                                                                                              • Instruction ID: d8ce3c2bf4add63e566655890af883137fc4e57d3eb36b8738d3b2344b6e95cc
                                                                                                                                                                              • Opcode Fuzzy Hash: fb1901381b18ee6a383b4883814d0d06fc4194ebc08429e78f2c46bb5e6ab8a1
                                                                                                                                                                              • Instruction Fuzzy Hash: A51106B25023059FDB348F18C9817EB77A4FF09391F14801ADD415B390C775AC91CBA6
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BC5CB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 004BC5ED
                                                                                                                                                                              • strncpy.MSVCRT ref: 004BC5FB
                                                                                                                                                                              • InterlockedExchangeAdd.KERNEL32(005CB320,00000001), ref: 004BC64E
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,DownloadThread,00000000,00000000,Function_000B6F21,00000000,00000000,?,?,?,?,00000000,00000000,00000002,?,005A00F8), ref: 004BC66C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseExchangeHandleInterlockedmemsetstrncpy
                                                                                                                                                                              • String ID: DownloadThread
                                                                                                                                                                              • API String ID: 2407899111-1588220237
                                                                                                                                                                              • Opcode ID: ba2d4d95c3c9cc03743d9cec2b12da0f4da8f7392feac1a53c51f42ab84c396d
                                                                                                                                                                              • Instruction ID: 0162d7394377f4005496f5ed20a462db6e203b6f726f020898657d86c49fd2f1
                                                                                                                                                                              • Opcode Fuzzy Hash: ba2d4d95c3c9cc03743d9cec2b12da0f4da8f7392feac1a53c51f42ab84c396d
                                                                                                                                                                              • Instruction Fuzzy Hash: FA118270904208AFDB10AFB98885EEFBBE8FF15344F04846AF59997251DA7859058BA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040EDA1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowTextW.USER32(00000048), ref: 0040EDE1
                                                                                                                                                                              • SetWindowTextW.USER32(00000000), ref: 0040EE0D
                                                                                                                                                                              • GetWindow.USER32(00000048,00000005), ref: 0040EE16
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Text
                                                                                                                                                                              • String ID: R$H
                                                                                                                                                                              • API String ID: 848690642-781948141
                                                                                                                                                                              • Opcode ID: 207030e18a2e2ef663eb530a3302c7f7ffd54c505a3023ca213fc4c1912f2396
                                                                                                                                                                              • Instruction ID: 3a6fdd347a53c235b0ed62a3fa65b6711ca1f402ad5bf98e48bb84b7e1e634d4
                                                                                                                                                                              • Opcode Fuzzy Hash: 207030e18a2e2ef663eb530a3302c7f7ffd54c505a3023ca213fc4c1912f2396
                                                                                                                                                                              • Instruction Fuzzy Hash: B301DB711002169BC7219F46EC4093BB7F4EF95B51F48087AF984A22A0E73ACC69E7A5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042CA45 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • inet_addr.WS2_32(4.2.2.1), ref: 0042CA6B
                                                                                                                                                                              • GetBestInterface.IPHLPAPI(?,00000002), ref: 0042CA7D
                                                                                                                                                                              • GetBestInterfaceEx.IPHLPAPI(?,?), ref: 0042CACB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BestInterface$inet_addr
                                                                                                                                                                              • String ID: 2001:db8::1428:57ab$4.2.2.1
                                                                                                                                                                              • API String ID: 4228498846-2965112811
                                                                                                                                                                              • Opcode ID: 05c00ad65c01b0908db3b72751a7a969519e8422cd65f5f76f9300abc9b2c3ac
                                                                                                                                                                              • Instruction ID: b00c42638213fc3c76ea0e6d2f8f03ad1d9d695cd5d42b4eb50baed04feca87d
                                                                                                                                                                              • Opcode Fuzzy Hash: 05c00ad65c01b0908db3b72751a7a969519e8422cd65f5f76f9300abc9b2c3ac
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A018F34601E299FDB1497E8AD8AF6E3BABB764304F844116F402D51A1FB6868889B49
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047B8E3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetOpenA.WININET(03D25730,00000000,00000000,00000000,10000000), ref: 0047B946
                                                                                                                                                                              • InternetSetStatusCallback.WININET(00000000,0047B7AA), ref: 0047B95B
                                                                                                                                                                                • Part of subcall function 004782BF: LoadLibraryA.KERNEL32(?,00000000,00000000,00000000,?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?), ref: 004782D7
                                                                                                                                                                                • Part of subcall function 004782BF: GetProcAddress.KERNEL32(00000000,?), ref: 004782F1
                                                                                                                                                                                • Part of subcall function 004782BF: GetLastError.KERNEL32(?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?,?,?,?,?), ref: 0047830B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Internet$AddressCallbackErrorLastLibraryLoadOpenProcStatus
                                                                                                                                                                              • String ID: %s(%d)$uTorrent/3300$wininet.dll
                                                                                                                                                                              • API String ID: 3855235716-251696733
                                                                                                                                                                              • Opcode ID: 51f47b4729701882e3aaacfb93015e3ead0278fa440f3906c4eb09521cd06fc0
                                                                                                                                                                              • Instruction ID: 62d4adc58864eb3fa63a713f33ad6f798ba56fc2820dee8e4db75af64a00f7eb
                                                                                                                                                                              • Opcode Fuzzy Hash: 51f47b4729701882e3aaacfb93015e3ead0278fa440f3906c4eb09521cd06fc0
                                                                                                                                                                              • Instruction Fuzzy Hash: 80F068F0940B4CAEDA105F706CCDF962F18E33138DB108466F609B2251E369084C666E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046B88C Relevance: 7.6, APIs: 5, Instructions: 82fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,?,00000000,?,?), ref: 0046B8B8
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,00000000,?,?), ref: 0046B8C3
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?,00000000,?,00000001,?,00000000,?,00000000,?,?), ref: 0046B8F3
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,00000080,?,?,?,?,00000000,?,00000001,?,00000000,?), ref: 0046B946
                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(?,00000000,?,?,?,?,00000000,?,00000001,?,00000000,?,00000000,?,?), ref: 0046B953
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Pointer$ChangeCloseCreateErrorFindLastNotificationReadWrite
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3091388843-0
                                                                                                                                                                              • Opcode ID: 43085baebbc9234bb8013e87be6728ead1b2261b7aa130b176971757bd6f1c68
                                                                                                                                                                              • Instruction ID: c5dd294215c153ce41fa38d662ec1c8f48a5ec9920ced3c4309b6d185b0abd65
                                                                                                                                                                              • Opcode Fuzzy Hash: 43085baebbc9234bb8013e87be6728ead1b2261b7aa130b176971757bd6f1c68
                                                                                                                                                                              • Instruction Fuzzy Hash: CE219EB1D00209AFDF10EFA08C819FFBB78EF15310F10455AEA12A6281E7344B99DBA5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00455ACB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 239COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GlobalMemoryStatus.KERNEL32(?), ref: 00455BAC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: GlobalMemoryStatus
                                                                                                                                                                              • String ID: l+f$l+f$|\
                                                                                                                                                                              • API String ID: 1890195054-966735644
                                                                                                                                                                              • Opcode ID: 5e0882fcfcbac26ef07dce0f3854c6ae6cd559cb86699ac0be912544d800381a
                                                                                                                                                                              • Instruction ID: b873f9c71905be08b48d33f849dab205ccc7bfa41e1df75d201180eef9297cf8
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e0882fcfcbac26ef07dce0f3854c6ae6cd559cb86699ac0be912544d800381a
                                                                                                                                                                              • Instruction Fuzzy Hash: E581B772A10E149FDB18DF39DCA8D7A37A6AB68305715402FE802D7366DB385C4CEB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047B9EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115stringnetworkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0047B9FA
                                                                                                                                                                                • Part of subcall function 004782BF: LoadLibraryA.KERNEL32(?,00000000,00000000,00000000,?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?), ref: 004782D7
                                                                                                                                                                                • Part of subcall function 004782BF: GetProcAddress.KERNEL32(00000000,?), ref: 004782F1
                                                                                                                                                                                • Part of subcall function 004782BF: GetLastError.KERNEL32(?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?,?,?,?,?), ref: 0047830B
                                                                                                                                                                              • InternetSetCookieA.WININET(?,00000000,?), ref: 0047BAC1
                                                                                                                                                                              • strchr.MSVCRT ref: 0047BACA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@AddressCookieErrorInternetLastLibraryLoadProcstrchr
                                                                                                                                                                              • String ID: wininet.dll
                                                                                                                                                                              • API String ID: 3787153555-3354682871
                                                                                                                                                                              • Opcode ID: b850c7fac82686126cf1b2932402074930d93f2866d044d9f3b2cce378655b23
                                                                                                                                                                              • Instruction ID: 4c03211188e92c6499b3c4ada11a0a8b19ae0c0a555716c88a406cb7e198e78e
                                                                                                                                                                              • Opcode Fuzzy Hash: b850c7fac82686126cf1b2932402074930d93f2866d044d9f3b2cce378655b23
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F31F031A00615ABCB28AB39C855BAA3B95EB44358F08C12FED0D9B391DB799C01C7D9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041215B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                                • Part of subcall function 004292DF: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00412194,004B75F7,00000000,?), ref: 004292EA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CreateModuleNamePointer
                                                                                                                                                                              • String ID: \\?\%s$\\?\%s%s
                                                                                                                                                                              • API String ID: 3112930533-856063531
                                                                                                                                                                              • Opcode ID: c0fd378a8cc1a40f4bc15d4790c68d3ccfd39bf5b6c04ebd2fe96e2119353138
                                                                                                                                                                              • Instruction ID: fc2d2f84cc84fe049de06ef32efd360e9d507d1a88368099b9bf7336326f6154
                                                                                                                                                                              • Opcode Fuzzy Hash: c0fd378a8cc1a40f4bc15d4790c68d3ccfd39bf5b6c04ebd2fe96e2119353138
                                                                                                                                                                              • Instruction Fuzzy Hash: B321A671640104BADB18F7A2DD87EEE7778AF61304F1004BEB101B71E2EB785F598658
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00428994 Relevance: 6.2, APIs: 4, Instructions: 218timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • GetFileTime.KERNEL32(00000000,00000000,00000000,?,00000080,?,?,00000000,?,?,?,?,00403A94,?,?,00000000), ref: 004289DB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CreatePointerTime
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2325584289-0
                                                                                                                                                                              • Opcode ID: 3c8ae9f8a38346a6f6ff55295f0595d736d72e01df32df6e9cdddcbafd26f723
                                                                                                                                                                              • Instruction ID: f31e976a1fab81a73fd8df8babf13e356885e66ed2077452992e05e327aca615
                                                                                                                                                                              • Opcode Fuzzy Hash: 3c8ae9f8a38346a6f6ff55295f0595d736d72e01df32df6e9cdddcbafd26f723
                                                                                                                                                                              • Instruction Fuzzy Hash: 17713071A01225DBCF10EFA5D880AAFBBB2EF55314F50411EE806A7381DF39AE41CB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BA9DF Relevance: 6.1, APIs: 4, Instructions: 110windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004BAA19
                                                                                                                                                                              • MulDiv.KERNEL32(0000000B,00000060,00000001), ref: 004BAA66
                                                                                                                                                                              • MulDiv.KERNEL32(0000000B,00000060,00000000), ref: 004BAAAD
                                                                                                                                                                              • DrawIcon.USER32(?,?,0000055B,?), ref: 004BAB17
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientDrawIconRect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 589690827-0
                                                                                                                                                                              • Opcode ID: b1513c0ddaf39eeda8a7947986807310349d3afd8769ef5e2bd1578c7574fd4f
                                                                                                                                                                              • Instruction ID: d15371eb2345eb6279ecbfd46f90d4d9b9c5424df89d6eb502e9511fa4029680
                                                                                                                                                                              • Opcode Fuzzy Hash: b1513c0ddaf39eeda8a7947986807310349d3afd8769ef5e2bd1578c7574fd4f
                                                                                                                                                                              • Instruction Fuzzy Hash: 25414D31600208BFDF14EB95CD91FEE77B9EF19304F10801AF906A61A1DB74AE59CB65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A85C2 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 004A85EE
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 004A860D
                                                                                                                                                                              • 73A1A570.USER32(00000000,?,00400000,005A6D68), ref: 004A8615
                                                                                                                                                                              • MulDiv.KERNEL32(?,00000048,00000000), ref: 004A863E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: A570InfoParametersSystemmemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1377285383-0
                                                                                                                                                                              • Opcode ID: fb33276f0fac455650080eb24c1e66d572f8a5709f89f0a4436cc4e5e66c9932
                                                                                                                                                                              • Instruction ID: 501a252c70ed0c033032de9576096895af1525f652c7713d4fe05001e99d0f66
                                                                                                                                                                              • Opcode Fuzzy Hash: fb33276f0fac455650080eb24c1e66d572f8a5709f89f0a4436cc4e5e66c9932
                                                                                                                                                                              • Instruction Fuzzy Hash: 0721A131E00209BBEB10DB95CC49FEE7B79EF66304F104069EA15A7280EF34AA06CB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A0AC Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00000080,?,0042F675,?,00000000,00414236,?,00000000,00000000), ref: 0042A0C9
                                                                                                                                                                              • SetLastError.KERNEL32(00000008), ref: 0042A0E5
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0042A117
                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000,00000000), ref: 0042A125
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Close$ChangeCreateErrorFindHandleLastNotificationPointerSize
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1383291070-0
                                                                                                                                                                              • Opcode ID: dc51b7ec2b49aeaa49470c3df9892d0bea2508b55116f8868d2013f63b33f34c
                                                                                                                                                                              • Instruction ID: 48866a0ad771a03f512931b01e5449b39f88caca898e8dc2dc65eb7cb0e7e19b
                                                                                                                                                                              • Opcode Fuzzy Hash: dc51b7ec2b49aeaa49470c3df9892d0bea2508b55116f8868d2013f63b33f34c
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E0149313003319BD2306B29AC49B3F77A99F82325F444127F922932C2DF799C29822B
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042CBF4 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • htonl.WS2_32(?), ref: 0042CC24
                                                                                                                                                                              • htonl.WS2_32(00000000), ref: 0042CC2F
                                                                                                                                                                              • GetBestInterface.IPHLPAPI(00000000), ref: 0042CC36
                                                                                                                                                                              • GetBestInterfaceEx.IPHLPAPI(?,00000000), ref: 0042CC6E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BestInterfacehtonl
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2864685209-0
                                                                                                                                                                              • Opcode ID: f8e354e368222ec28837a47c05c1d933a450c5200f6794dd9a338c1b19938650
                                                                                                                                                                              • Instruction ID: 82c93d32fe0f71184727ae3e2d08fa622c2dccb69d1e2c17f2ed214e0b658f6f
                                                                                                                                                                              • Opcode Fuzzy Hash: f8e354e368222ec28837a47c05c1d933a450c5200f6794dd9a338c1b19938650
                                                                                                                                                                              • Instruction Fuzzy Hash: 4F014E30A006259FCF20E7A5FD88B9E336CAB15304F940047E10ED2141EB7CAA8DDF59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00429775 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,004C2D3E,00000000,?,?,004C2D3E), ref: 0042979B
                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,004C2D3E), ref: 004297A2
                                                                                                                                                                              • GetTokenInformation.KERNELBASE(004C2D3E,00000014(TokenIntegrityLevel),?,00000004,?,?,?,004C2D3E), ref: 004297C1
                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(004C2D3E,?,?,004C2D3E), ref: 004297DA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ProcessToken$ChangeCloseCurrentFindInformationNotificationOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2406157124-0
                                                                                                                                                                              • Opcode ID: 937d2795066a596eb1656fa8d5ef556c17f4d2b73b545835ba29255cd0804ce5
                                                                                                                                                                              • Instruction ID: 0a4dd7bc2db876febd149dd6993373a9fd0a4a4a911bd6aa21b847d2f3265e8a
                                                                                                                                                                              • Opcode Fuzzy Hash: 937d2795066a596eb1656fa8d5ef556c17f4d2b73b545835ba29255cd0804ce5
                                                                                                                                                                              • Instruction Fuzzy Hash: C8016270A10218FBDF10DFE1AC859DEB778AF50345F4080AAEA01A2191D779DE48EB24
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041C8F7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?), ref: 0041CA54
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                              • String ID: Error 73: %d/%d/%d/%d
                                                                                                                                                                              • API String ID: 1452528299-1157078553
                                                                                                                                                                              • Opcode ID: 7e64fec59224a861d274887081493c6bee6bf8974e28abb2baee9f94c3502852
                                                                                                                                                                              • Instruction ID: ec425a2a5d1a2b2784e6611967229c58e20dffd74c4334e9599dbde56a8fd75e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7e64fec59224a861d274887081493c6bee6bf8974e28abb2baee9f94c3502852
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D710270A406499BCB21CFA9CCC5BEEBBB2FF44304F10855ED096D3290D778AA85CB49
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047B4C6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(0047B647,0047B647,0000002C,00000000,00000004,?,?,?,?,?,0047B647,?,?), ref: 0047B54A
                                                                                                                                                                              • __aulldiv.LIBCMT ref: 0047B61C
                                                                                                                                                                                • Part of subcall function 00419846: ??3@YAXPAX@Z.MSVCRT ref: 00419847
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@ErrorLast__aulldiv
                                                                                                                                                                              • String ID: can't unzip
                                                                                                                                                                              • API String ID: 1109631758-3013233975
                                                                                                                                                                              • Opcode ID: 27e5295619574608145fca6fbb3368684c13d4e6146ece79bf38e72dec11b0df
                                                                                                                                                                              • Instruction ID: 43b7e5999e2f75687b10491ba3ab9ad436186d68399dae97714a452da4c13739
                                                                                                                                                                              • Opcode Fuzzy Hash: 27e5295619574608145fca6fbb3368684c13d4e6146ece79bf38e72dec11b0df
                                                                                                                                                                              • Instruction Fuzzy Hash: EE41A671A00204ABCF14EF6588C1BEE77A6EF84318B20815FED159B396DB799D45CB88
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AA86A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadImageW.USER32(00400000,00000000,00000001,00000000,00000000,00000010), ref: 004AA928
                                                                                                                                                                                • Part of subcall function 004AA3CC: fopen.MSVCRT ref: 004AA424
                                                                                                                                                                                • Part of subcall function 004AA3CC: fwrite.MSVCRT ref: 004AA43E
                                                                                                                                                                                • Part of subcall function 004AA3CC: fclose.MSVCRT ref: 004AA450
                                                                                                                                                                              • LoadImageW.USER32(00400000,00000000,00000001,00000000,00000000,00000010), ref: 004AA8DE
                                                                                                                                                                                • Part of subcall function 004A96F5: DeleteFileW.KERNEL32(00000000,00000000,004AA543,AM@,00000000,?,?,00000000,00000000), ref: 004A9704
                                                                                                                                                                                • Part of subcall function 004A70A1: LoadImageA.USER32(00000000,00000001,00000000,00000000,00000000,004AA94E), ref: 004A70B6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ImageLoad$DeleteFilefclosefopenfwrite
                                                                                                                                                                              • String ID: current.btskin
                                                                                                                                                                              • API String ID: 3077475770-2521300750
                                                                                                                                                                              • Opcode ID: 9e67357a0cf4b21e88c9e86eb0d4dc470d745487a1c589f4910a8ce4df6b6cfc
                                                                                                                                                                              • Instruction ID: fa7ce5a3708646a9c7c508c5a12c8db2d44bb0d13b45e828b863bda85b68e7d0
                                                                                                                                                                              • Opcode Fuzzy Hash: 9e67357a0cf4b21e88c9e86eb0d4dc470d745487a1c589f4910a8ce4df6b6cfc
                                                                                                                                                                              • Instruction Fuzzy Hash: BA218774A00218ABCB14FBE5CC91DEFBB78EF69304F10046EE50177282DB795A44CBA9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00417F03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0046B708: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0046B724
                                                                                                                                                                              • atoi.MSVCRT ref: 00417F60
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,00000000), ref: 00417F79
                                                                                                                                                                                • Part of subcall function 0046B708: ReadFile.KERNEL32(?,?,000000F8,?,00000000,00000080), ref: 0046B77A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$DeleteModuleNameReadatoi
                                                                                                                                                                              • String ID: campaigncode.txt
                                                                                                                                                                              • API String ID: 151848173-4217819719
                                                                                                                                                                              • Opcode ID: e389c6b5b4c9296f17dcaeed76d3786c4b2bf749926d71adbb9cd489e4e15c17
                                                                                                                                                                              • Instruction ID: ca5712f4bc4441dfceb6f6f6d382b8648709a6af9af35fb6fb9323e28672b277
                                                                                                                                                                              • Opcode Fuzzy Hash: e389c6b5b4c9296f17dcaeed76d3786c4b2bf749926d71adbb9cd489e4e15c17
                                                                                                                                                                              • Instruction Fuzzy Hash: BA012272A04114ABC721EB68A8517FF73F99F82748F15412FE401A7340EF3C9D8A8B88
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042CB93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl
                                                                                                                                                                              • String ID: l+f$l+f
                                                                                                                                                                              • API String ID: 2009864989-4211113545
                                                                                                                                                                              • Opcode ID: 722ee28cd5d3005bdc17aaaed3c64328ef9a60ac35ace5e573db0483fe166ebb
                                                                                                                                                                              • Instruction ID: 40854ca0a33c501b17fefb07b222241a012e2ce8c820c26eea7cfce1fbfc26ca
                                                                                                                                                                              • Opcode Fuzzy Hash: 722ee28cd5d3005bdc17aaaed3c64328ef9a60ac35ace5e573db0483fe166ebb
                                                                                                                                                                              • Instruction Fuzzy Hash: 01F03A75600D028FD318EF58F996F1937A2B770315BC5416AE41286321F7386888EA48
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004D6057 Relevance: 4.6, APIs: 3, Instructions: 83COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(?,00000000,00000000,?,?,004DA43F,00000065,00000000,?,00000000,004DA47A,?,00000019,?,00000000,004DE203), ref: 004D6077
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004D6090
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000250,?,004DA43F,00000065,00000000,?,00000000,004DA47A,?,00000019), ref: 004D6115
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$??2@Show
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2547709225-0
                                                                                                                                                                              • Opcode ID: 6d7fd3f7d6f4438513d7ca75fe41d59e35e6d85bee42813c3bc653059225f5a9
                                                                                                                                                                              • Instruction ID: 6f69a77706594692e80f44e1cad894802f07e81209da4e33a67a953773a47cf0
                                                                                                                                                                              • Opcode Fuzzy Hash: 6d7fd3f7d6f4438513d7ca75fe41d59e35e6d85bee42813c3bc653059225f5a9
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B313875200B01AFE724CF29C9A4E17BBF9FF88710B10851EE55687B90DB35F8018B94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042CAD5 Relevance: 4.6, APIs: 3, Instructions: 69networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0042C563: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,00000000,0042CC12,00000000), ref: 0042C578
                                                                                                                                                                              • gethostname.WS2_32(?,00000100), ref: 0042CB43
                                                                                                                                                                              • gethostbyname.WS2_32(?), ref: 0042CB50
                                                                                                                                                                              • htonl.WS2_32(?), ref: 0042CB76
                                                                                                                                                                                • Part of subcall function 0042CA45: inet_addr.WS2_32(4.2.2.1), ref: 0042CA6B
                                                                                                                                                                                • Part of subcall function 0042CA45: GetBestInterface.IPHLPAPI(?,00000002), ref: 0042CA7D
                                                                                                                                                                                • Part of subcall function 00474567: htonl.WS2_32(?), ref: 0047457C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl$BestInterfaceLibraryLoadgethostbynamegethostnameinet_addr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3514994397-0
                                                                                                                                                                              • Opcode ID: 64ff07b018c58541ff2fde5ec5dab84bdb519fa8baecd3aae9cb7eaa2d63b7a8
                                                                                                                                                                              • Instruction ID: dca00bae7ebc506decc7aebb93fc8b5f8bf310fd9c5cd41112024d6e22116e9a
                                                                                                                                                                              • Opcode Fuzzy Hash: 64ff07b018c58541ff2fde5ec5dab84bdb519fa8baecd3aae9cb7eaa2d63b7a8
                                                                                                                                                                              • Instruction Fuzzy Hash: 7E110530B402289BCF20EB61F8C6BEE7BB5AF51314F948057E10197292D77CA84AC689
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046B4B3 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0046B535,0053DEEC,00000000), ref: 0046B4C9
                                                                                                                                                                                • Part of subcall function 00428E58: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,0042A109,00000000), ref: 00428E67
                                                                                                                                                                                • Part of subcall function 00428E58: GetLastError.KERNEL32 ref: 00428E71
                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,0000003C,00000000,00000000), ref: 0046B4F1
                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000004,00000000,00000000,00000004), ref: 0046B50E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Pointer$ErrorLastRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2403858029-0
                                                                                                                                                                              • Opcode ID: adac4e19b6c74aaeaefa9971da586c9ac09ed600edc397fbd6f882963630ff11
                                                                                                                                                                              • Instruction ID: c44665d5931a022c897e80e768573539a971c39934b30f7636ec7a88e1eb6cd6
                                                                                                                                                                              • Opcode Fuzzy Hash: adac4e19b6c74aaeaefa9971da586c9ac09ed600edc397fbd6f882963630ff11
                                                                                                                                                                              • Instruction Fuzzy Hash: D801206170025475EB2156768C45EAF6B6CCBD272CF00061EB523D12C2F7BC9D4982A9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00419899 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                                                              • Opcode ID: 78e797d4ec7323be594e79b5f4b588d69f537c5753c44b5f29196223e358a4fb
                                                                                                                                                                              • Instruction ID: ef72d4add1f28c554749a64057a83ccfc36db5b64a38f8dda3b6db6258263f96
                                                                                                                                                                              • Opcode Fuzzy Hash: 78e797d4ec7323be594e79b5f4b588d69f537c5753c44b5f29196223e358a4fb
                                                                                                                                                                              • Instruction Fuzzy Hash: F0F0C2376281210BE7267A2A78747EB92989FA3779F16412FE805D6260DB5C4C8291DC
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B8AA7 Relevance: 4.5, APIs: 3, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000104), ref: 004B8AC0
                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 004B8ACE
                                                                                                                                                                              • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 004B8AE1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: NamePath$FileLongModuleTemp
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 550811638-0
                                                                                                                                                                              • Opcode ID: 85d1361f720e0649e18f8f4afffb4627f21cd226155728bccd18875f020ec5b1
                                                                                                                                                                              • Instruction ID: 3766401be9869c55fe5fbcc16b704c86040402570bcba6149289e24d473d213b
                                                                                                                                                                              • Opcode Fuzzy Hash: 85d1361f720e0649e18f8f4afffb4627f21cd226155728bccd18875f020ec5b1
                                                                                                                                                                              • Instruction Fuzzy Hash: F401D6B150021E9ADF20AB20DC48EEB736CEF11308F0004A6A955D7155EB74ABCACBA8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041DE7F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountTick
                                                                                                                                                                              • String ID: N\
                                                                                                                                                                              • API String ID: 536389180-3893816264
                                                                                                                                                                              • Opcode ID: 0e5bb4a5840380c1f4047d340b6a3666ee22ecab988df9d3bb0b5831862b677c
                                                                                                                                                                              • Instruction ID: 2b6a55e0190c3338af9ef460ccc1c3ccbaf53ea40a59f47e3c53d3cb3235cd6c
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e5bb4a5840380c1f4047d340b6a3666ee22ecab988df9d3bb0b5831862b677c
                                                                                                                                                                              • Instruction Fuzzy Hash: A23108756006049BDF00AF64C881FEB37A5EF54304F14802BF80A9F286CB789D8687AE
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00432136 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateThread.KERNEL32(?,75F76854,00000000,?,?,?), ref: 0043215C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateThread
                                                                                                                                                                              • String ID: \Y\
                                                                                                                                                                              • API String ID: 2422867632-2470704388
                                                                                                                                                                              • Opcode ID: d7d708c35ebdf05099b4d6ecad081aea31b9b762f24668b35dcdfd7f0988ed39
                                                                                                                                                                              • Instruction ID: a92191474b9bbe86f6a116f2a3958a611c4257a1e8b4b21a2b8a5e036d707667
                                                                                                                                                                              • Opcode Fuzzy Hash: d7d708c35ebdf05099b4d6ecad081aea31b9b762f24668b35dcdfd7f0988ed39
                                                                                                                                                                              • Instruction Fuzzy Hash: C5F03C36A00118ABCF11DF99DC01FDE7BB9EF5C750F10806AFA44A3250D7759A15DBA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004522DF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegSetValueExW.KERNEL32(00000000,00000000,00000000,00000004,00000000,00000004,004B8EF1,OfferAccepted,OfferName,00000000,OfferProvider,00000000,80000001,Software\BitTorrent\uTorrent,?,00000000), ref: 004522F9
                                                                                                                                                                              Strings
                                                                                                                                                                              • RegKey: Could not write DWORD valuename %s value %d; Error %d, xrefs: 0045230C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value
                                                                                                                                                                              • String ID: RegKey: Could not write DWORD valuename %s value %d; Error %d
                                                                                                                                                                              • API String ID: 3702945584-557100169
                                                                                                                                                                              • Opcode ID: f02308936a0e4943debf9e66717b37f598ad6d0f1441ec83bbfa613a013fba06
                                                                                                                                                                              • Instruction ID: 85a21606ff66f8ee8a2735ad38a36e4f302a0bbb1c0a096fe4cc439ad2d7b575
                                                                                                                                                                              • Opcode Fuzzy Hash: f02308936a0e4943debf9e66717b37f598ad6d0f1441ec83bbfa613a013fba06
                                                                                                                                                                              • Instruction Fuzzy Hash: 34E0C2B51043407FFB119F608D45F277BA4FB66714F04840ABB64A00F2D3B9881CE75A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042C9DA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAStringToAddressA.WS2_32(::1,00000017,00000000,?,0042C2AD), ref: 0042CA03
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressString
                                                                                                                                                                              • String ID: ::1
                                                                                                                                                                              • API String ID: 2549180374-2731173655
                                                                                                                                                                              • Opcode ID: 26ed23e2e5b382d2f5046a866c7f1c80aeb29221ae6702706803807c6c56edef
                                                                                                                                                                              • Instruction ID: ed092a9ba989c6236ee9f71bca57af46751e24bea19d558bbb2ef860e47f111d
                                                                                                                                                                              • Opcode Fuzzy Hash: 26ed23e2e5b382d2f5046a866c7f1c80aeb29221ae6702706803807c6c56edef
                                                                                                                                                                              • Instruction Fuzzy Hash: 18D02B7510020DABEB10D7E0DD02BEE777C6B04B10F204255B361E61C0EF709A0C5B51
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041E882 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0041E882
                                                                                                                                                                                • Part of subcall function 0041E6A3: Sleep.KERNEL32(00000019), ref: 0041E6F5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentSleepThread
                                                                                                                                                                              • String ID: `M\
                                                                                                                                                                              • API String ID: 1164918020-2426158757
                                                                                                                                                                              • Opcode ID: 777961f631dc94718624e7aa70d00fbe1b7b6aeb108f09831687f0184fa75e83
                                                                                                                                                                              • Instruction ID: 039b93e99395aee2c9e848ecb56bc7caa5752de9850730c89c09d67fb44f47f2
                                                                                                                                                                              • Opcode Fuzzy Hash: 777961f631dc94718624e7aa70d00fbe1b7b6aeb108f09831687f0184fa75e83
                                                                                                                                                                              • Instruction Fuzzy Hash: 4AE01278A112008FD708EF61D569F5A3BA1BFE430AF00442DA4068B291DB758814EB55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004523C2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00452165: RegCloseKey.KERNEL32(00000000,?,004523CA,Software\Wine,00429C64,80000002,Software\Wine,00020019,?,00000019,?,?,?,?,00429CE6,0041E6F0), ref: 0045216F
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(?,?,00000000,00429CE6,?,Software\Wine,00429C64,80000002,Software\Wine,00020019,?,00000019,?), ref: 004523D9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseOpen
                                                                                                                                                                              • String ID: Software\Wine
                                                                                                                                                                              • API String ID: 47109696-669380751
                                                                                                                                                                              • Opcode ID: 84e032f75547aff6e69f63ca2de0b033342478e45a56d447276e3367862df3ac
                                                                                                                                                                              • Instruction ID: a59e756117fde5c9e9f95eeb6d01d65ce1883dd99a70db7c902dfda40746c46f
                                                                                                                                                                              • Opcode Fuzzy Hash: 84e032f75547aff6e69f63ca2de0b033342478e45a56d447276e3367862df3ac
                                                                                                                                                                              • Instruction Fuzzy Hash: BAD02232058221AACA21AF30DC08F8F7F94DF6A311F00081AB141900B1C261985ED791
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A7AF8 Relevance: 3.2, APIs: 2, Instructions: 155COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ScreenToClient.USER32(?,00000100), ref: 004A7C13
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004A7C20
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Client$RectScreen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 67810849-0
                                                                                                                                                                              • Opcode ID: 2c58b0db248ff48182ba2c8b6a101b6c3f46c1e345545e3fef65a58a940f3042
                                                                                                                                                                              • Instruction ID: 227601d7b8c0db7adbc979b694de579130e5697593f677581b22369131d18d28
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c58b0db248ff48182ba2c8b6a101b6c3f46c1e345545e3fef65a58a940f3042
                                                                                                                                                                              • Instruction Fuzzy Hash: 5C5101706046069FCB399F24CD88A7EBBF1FF6A314F10851AE956977A0C738E951DB08
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046B708 Relevance: 3.1, APIs: 2, Instructions: 128fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0046B724
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,000000F8,?,00000000,00000080), ref: 0046B77A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CreateModuleNamePointerRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1528952607-0
                                                                                                                                                                              • Opcode ID: 405b0702a8e62379bbdf3cade9633b882f870c1cea3da6a6853751f0e6f60191
                                                                                                                                                                              • Instruction ID: e4409b3ee8eb985e0fb4a1a553f73f9f4c72d8230e0ae1afa2c9625afe563e5b
                                                                                                                                                                              • Opcode Fuzzy Hash: 405b0702a8e62379bbdf3cade9633b882f870c1cea3da6a6853751f0e6f60191
                                                                                                                                                                              • Instruction Fuzzy Hash: 95418671E00218ABCB24EBA5CC819EFBB79EF94714F10415AE511E3281EF789E85CBD5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BBB59 Relevance: 3.1, APIs: 2, Instructions: 66stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0046B708: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0046B724
                                                                                                                                                                              • strrchr.MSVCRT ref: 004BBB7C
                                                                                                                                                                              • strrchr.MSVCRT ref: 004BBB86
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strrchr$FileModuleName
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1156189791-0
                                                                                                                                                                              • Opcode ID: b4f76625ef40ca0eadea2cdd82c713fe160fa8e02b0bd0022363c579aacf273b
                                                                                                                                                                              • Instruction ID: 15215662ed78d163f77ebb2ddb6a2d49a86ce8bf7ec51025e67b15b9463a857d
                                                                                                                                                                              • Opcode Fuzzy Hash: b4f76625ef40ca0eadea2cdd82c713fe160fa8e02b0bd0022363c579aacf273b
                                                                                                                                                                              • Instruction Fuzzy Hash: E011DF72E002155BCB04E6B5C955AEF73B9DF90354F51006EA802A7285EF78DE01C7A4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00413BEE Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000080,00000000,00000000), ref: 00413C7E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CloseCreateHandlePointer
                                                                                                                                                                              • String ID: d10:.fileguard40:%H
                                                                                                                                                                              • API String ID: 22866420-206068509
                                                                                                                                                                              • Opcode ID: 1f2d7d373b1b9c5248119b683d9c628ddbf1f11f5755dba89ab2aca157882462
                                                                                                                                                                              • Instruction ID: c11c640780b59f9c2504d342f9266eefda60cf9956c16d46c519c558b97e702e
                                                                                                                                                                              • Opcode Fuzzy Hash: 1f2d7d373b1b9c5248119b683d9c628ddbf1f11f5755dba89ab2aca157882462
                                                                                                                                                                              • Instruction Fuzzy Hash: 65110D73600204A6DB21BE71DC45DEF37699F55354F20852EF92393292FE7CDA498398
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041A591 Relevance: 3.0, APIs: 2, Instructions: 49networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSASend.WS2_32(?,?,?,?,?,00000000,00000000), ref: 0041A5F0
                                                                                                                                                                              • WSASetLastError.WS2_32(0000277B), ref: 0041A688
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3410151345-0
                                                                                                                                                                              • Opcode ID: 7703cc351b79bd950aab2aaed20655335516e59d10b5ecfe46ca1f7da1ada88a
                                                                                                                                                                              • Instruction ID: 47899c1875e942a59224e29a11f44eafb590d6b586cc6371827d3ef857cd55cb
                                                                                                                                                                              • Opcode Fuzzy Hash: 7703cc351b79bd950aab2aaed20655335516e59d10b5ecfe46ca1f7da1ada88a
                                                                                                                                                                              • Instruction Fuzzy Hash: 50115E75944258FFDB218F58CD05BD9BBB4FB05730F10829AF168A62E0C3B85AC19F65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A9719 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadImageW.USER32(00000000,00000000,00000000,00000000,00000000,00002050), ref: 004A9736
                                                                                                                                                                              • GetObjectA.GDI32(00000000,00000018,?), ref: 004A974D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ImageLoadObject
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2222342736-0
                                                                                                                                                                              • Opcode ID: efb8b2785daa7f07ef532242f9b72c75682c51bfbe5bd429e280c3890e733c25
                                                                                                                                                                              • Instruction ID: 3aeb6d8532d24ab378f79c63d5817a908584dd219ae49bca2248a0f72c188d04
                                                                                                                                                                              • Opcode Fuzzy Hash: efb8b2785daa7f07ef532242f9b72c75682c51bfbe5bd429e280c3890e733c25
                                                                                                                                                                              • Instruction Fuzzy Hash: D0F05E75601229BBD7209FAA9C49C9FBFACEF6A7A0B100022F605D2241D6706D0587F0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00492D50 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,74DF30D0,?,00492E9C,?,00000000), ref: 00492D72
                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00092A3B,00000000,00000000,00000010), ref: 00492D88
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Create$EventThread
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3571019211-0
                                                                                                                                                                              • Opcode ID: 2775e1ccae8241d0bc64a3cdbe56f54e062a24a58a0a3c149a353c8f6a80c4c9
                                                                                                                                                                              • Instruction ID: d85b96cddfa894fbc20e24c0ea309912f72b0de51c1f834cdfed53d1872ce3d5
                                                                                                                                                                              • Opcode Fuzzy Hash: 2775e1ccae8241d0bc64a3cdbe56f54e062a24a58a0a3c149a353c8f6a80c4c9
                                                                                                                                                                              • Instruction Fuzzy Hash: D9F0F876505740AED3308F5A9C48D97FFFCEFE6B10700881FB495C2620D6B09449CBA1
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041CD9D Relevance: 3.0, APIs: 2, Instructions: 26networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • socket.WS2_32(00000010,00000000,00000000), ref: 0041CDAC
                                                                                                                                                                              • setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0041CDD2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: setsockoptsocket
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2787935680-0
                                                                                                                                                                              • Opcode ID: 4b198c024f367d3aaee971b28fc98f615fd2ae443e79025f0d78d586a8de1565
                                                                                                                                                                              • Instruction ID: 8f364fed54c31782a1f09df69972fbe2f80431e7afdcde38b9596f78e967c2e4
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b198c024f367d3aaee971b28fc98f615fd2ae443e79025f0d78d586a8de1565
                                                                                                                                                                              • Instruction Fuzzy Hash: B0E0E570180208BFEB205F10DC49AEE3F64EF05760F008516FA1D462D0D7705995D7D0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047B637 Relevance: 3.0, APIs: 2, Instructions: 26networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetReadFileExA.WININET(00000000,0000002C,00000001,00000000), ref: 0047B658
                                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 0047B662
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileInternetLastRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2488913338-0
                                                                                                                                                                              • Opcode ID: d15a68d3b26a625e7694bf9c9f3b00e8b90a71332cbeb6e1061c055ae175c8b8
                                                                                                                                                                              • Instruction ID: 3fc6a49fa8c47bfbaeddf8b464ff432dab593611b8146f1a080ffdecd79dfd64
                                                                                                                                                                              • Opcode Fuzzy Hash: d15a68d3b26a625e7694bf9c9f3b00e8b90a71332cbeb6e1061c055ae175c8b8
                                                                                                                                                                              • Instruction Fuzzy Hash: E6E0D830200A109AD6301B29DC48BEB37AEDF92748B00841EF94EE2191C7A95D0A85DA
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00479954 Relevance: 3.0, APIs: 2, Instructions: 26networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CleanupStartup
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 915672949-0
                                                                                                                                                                              • Opcode ID: eea2adb42177c40f250d229dae659c032742c4c3fbfca6386fedc06a882e5574
                                                                                                                                                                              • Instruction ID: ee1a15d8102ea40dba1199d0f9cae18b0edc0c4510bf32852537ce44216b624b
                                                                                                                                                                              • Opcode Fuzzy Hash: eea2adb42177c40f250d229dae659c032742c4c3fbfca6386fedc06a882e5574
                                                                                                                                                                              • Instruction Fuzzy Hash: 2CE092F09006088EFB314725981D7E27BA9DBA7348F44808ED38DE5395C258CD8BEF66
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0044DB53 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: localtime
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1047626651-0
                                                                                                                                                                              • Opcode ID: 641f6c16ba3da984084870179a7db9593213d785f8f7a95d801f44b9a7c9eb0e
                                                                                                                                                                              • Instruction ID: 133ac66bdc1fd15f556efca27276c636aaebd7ded4c0b82e594e4d630c4b5cc8
                                                                                                                                                                              • Opcode Fuzzy Hash: 641f6c16ba3da984084870179a7db9593213d785f8f7a95d801f44b9a7c9eb0e
                                                                                                                                                                              • Instruction Fuzzy Hash: 91E09A377001039ACA088E79EA44D0773E89FA132471A083BB100DB192DA24E8028764
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00428E58 Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,0042A109,00000000), ref: 00428E67
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00428E71
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1948546556-0
                                                                                                                                                                              • Opcode ID: 5047cefb499b28bb854a26f466202aac7a7521b641c3f794da2cb0fdccea9264
                                                                                                                                                                              • Instruction ID: f01c3032de734dcd088bf04cd051360b619f7380fba9e2206743b73a2971c9cf
                                                                                                                                                                              • Opcode Fuzzy Hash: 5047cefb499b28bb854a26f466202aac7a7521b641c3f794da2cb0fdccea9264
                                                                                                                                                                              • Instruction Fuzzy Hash: 08E08C72260109BFEB00CFA4DC0AEAE3BACEB21784F408124F901C2140DB78DA009764
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00428E8C Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,00000004,00000000,?,?,0047B5D6,?,0000002C,00000000,00000004), ref: 00428E9B
                                                                                                                                                                              • GetLastError.KERNEL32(?,0047B5D6,?,0000002C,00000000,00000004,?,?,?,?,?,0047B647,?,?), ref: 00428EA5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 442123175-0
                                                                                                                                                                              • Opcode ID: d340c580cee7c73d8628b9ddd0cdc2c4da665c8d9884a0bbda78876f34533fbf
                                                                                                                                                                              • Instruction ID: cc858b2015719ecc7f11c2ccce5f9d719250ea5d9e05817104b3b56f15624f10
                                                                                                                                                                              • Opcode Fuzzy Hash: d340c580cee7c73d8628b9ddd0cdc2c4da665c8d9884a0bbda78876f34533fbf
                                                                                                                                                                              • Instruction Fuzzy Hash: 87E08C72320109FFEB10CFA4DC06EAE3BACEB21744F508115F501C1140DB78EA0096A0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00413E07 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00432136: CreateThread.KERNEL32(?,75F76854,00000000,?,?,?), ref: 0043215C
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,dtfun,00000000,00000000,Function_00002AB0,?,00000000,?,Function_00002AB0,?,00402DA7,00000000,00402E78,000006C2,?,00000000), ref: 00413E2E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCreateHandleThread
                                                                                                                                                                              • String ID: dtfun
                                                                                                                                                                              • API String ID: 3032276028-4208289573
                                                                                                                                                                              • Opcode ID: d24ca858645e0d4015b97b9d36b1e8cc19bc55dfd97686457f4f7746c71a5d9a
                                                                                                                                                                              • Instruction ID: ce6934f7f0fa05ded27d1ec5f9f4affc02fc6d682df5c65877a25f35e5fb8537
                                                                                                                                                                              • Opcode Fuzzy Hash: d24ca858645e0d4015b97b9d36b1e8cc19bc55dfd97686457f4f7746c71a5d9a
                                                                                                                                                                              • Instruction Fuzzy Hash: E1E0ECB1240309BBEB18DB51DD46F6F776CEB91B05F204019B7015A180D6B4AE019668
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A86A3 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004A85C2: memset.MSVCRT ref: 004A85EE
                                                                                                                                                                                • Part of subcall function 004A85C2: SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 004A860D
                                                                                                                                                                                • Part of subcall function 004A85C2: 73A1A570.USER32(00000000,?,00400000,005A6D68), ref: 004A8615
                                                                                                                                                                                • Part of subcall function 004A85C2: MulDiv.KERNEL32(?,00000048,00000000), ref: 004A863E
                                                                                                                                                                              • DialogBoxIndirectParamW.USER32(00400000,00000000,?,?,?), ref: 004A86BC
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004A86C5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: A570DialogFreeGlobalIndirectInfoParamParametersSystemmemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2545452461-0
                                                                                                                                                                              • Opcode ID: ac83eea2b396509448b5792cb24ac709b7b32c8059b28a91f01b20d57a68119c
                                                                                                                                                                              • Instruction ID: be48361289f46f5f832389402be9d45aafdf66ebc2260a11fcad5dafd27d86e2
                                                                                                                                                                              • Opcode Fuzzy Hash: ac83eea2b396509448b5792cb24ac709b7b32c8059b28a91f01b20d57a68119c
                                                                                                                                                                              • Instruction Fuzzy Hash: 8CD05E33504121AB87215BAAAC08C4FFBE9EFF6B60B05081EF501E2120CB758C169BB2
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042B252 Relevance: 3.0, APIs: 2, Instructions: 18networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • getaddrinfo.WS2_32(0042C300,0042C300,0042C300,0042C300,00000018,0042C300,00000000,00000000,?,00000000), ref: 0042B277
                                                                                                                                                                              • WSASetLastError.WS2_32(00000000), ref: 0042B27C
                                                                                                                                                                                • Part of subcall function 0042B0E7: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042B133
                                                                                                                                                                                • Part of subcall function 0042B0E7: LoadLibraryA.KERNEL32(?,00000018,00000000,00000000), ref: 0042B17C
                                                                                                                                                                                • Part of subcall function 0042B0E7: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 0042B18A
                                                                                                                                                                                • Part of subcall function 0042B0E7: FreeLibrary.KERNEL32(00000000), ref: 0042B195
                                                                                                                                                                                • Part of subcall function 0042B0E7: LoadLibraryA.KERNEL32(?), ref: 0042B1D3
                                                                                                                                                                                • Part of subcall function 0042B0E7: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 0042B1E1
                                                                                                                                                                                • Part of subcall function 0042B0E7: FreeLibrary.KERNEL32(00000000), ref: 0042B1EC
                                                                                                                                                                                • Part of subcall function 0042B0E7: GetProcAddress.KERNEL32(00000000,00534A54), ref: 0042B1FF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressProc$FreeLoad$DirectoryErrorLastSystemgetaddrinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1170566393-0
                                                                                                                                                                              • Opcode ID: 7c923693edd48edd1c1cddb3dc5d7515b9041ecf35e6206eac4c89bab4aa5051
                                                                                                                                                                              • Instruction ID: c48b78d2352141ce59460dc1ca87bd5eb6bc19fa63c8ca2a9b1484d9bda1a86a
                                                                                                                                                                              • Opcode Fuzzy Hash: 7c923693edd48edd1c1cddb3dc5d7515b9041ecf35e6206eac4c89bab4aa5051
                                                                                                                                                                              • Instruction Fuzzy Hash: 6CE01231604625AFD7129FA5BD04D6F7BE5EF64B40F00481DF540D1120D3359C58EFA2
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A70A1 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadImageA.USER32(00000000,00000001,00000000,00000000,00000000,004AA94E), ref: 004A70B6
                                                                                                                                                                              • LoadIconA.USER32(00000000,004AA94E), ref: 004A70C7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load$IconImage
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 666102371-0
                                                                                                                                                                              • Opcode ID: f917a7cb46a05fffe4fc6020d86b2a1facb9abe4539742b9d85ffd9e40f7cb1b
                                                                                                                                                                              • Instruction ID: 1fc0fe6083b20e34aa969efdb5e72f25c78ecc03a3cabc69cf913954fc69d778
                                                                                                                                                                              • Opcode Fuzzy Hash: f917a7cb46a05fffe4fc6020d86b2a1facb9abe4539742b9d85ffd9e40f7cb1b
                                                                                                                                                                              • Instruction Fuzzy Hash: 4DD0C9F0010818BEEE22AB20ED49E363BAED7A5302B000112B885C95B0D26A6C48F631
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041990D Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00419936
                                                                                                                                                                                • Part of subcall function 004782BF: LoadLibraryA.KERNEL32(?,00000000,00000000,00000000,?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?), ref: 004782D7
                                                                                                                                                                                • Part of subcall function 004782BF: GetProcAddress.KERNEL32(00000000,?), ref: 004782F1
                                                                                                                                                                                • Part of subcall function 004782BF: GetLastError.KERNEL32(?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?,?,?,?,?), ref: 0047830B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressErrorInitializeLastLibraryLoadProc
                                                                                                                                                                              • String ID: oleaut32.dll
                                                                                                                                                                              • API String ID: 3908964974-552348730
                                                                                                                                                                              • Opcode ID: 1b0bdb9b0d2298ccecbe862e6f2213b14ba9a45fbba4060e019f2c5748d31d1c
                                                                                                                                                                              • Instruction ID: cc2bc7fe7c0c5c6c5525078d6548d532e1a8c4b46f683b94733ca2273afa4b0b
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b0bdb9b0d2298ccecbe862e6f2213b14ba9a45fbba4060e019f2c5748d31d1c
                                                                                                                                                                              • Instruction Fuzzy Hash: EFD012B4AC1E046AEF115A706F3BF9127B0E771F0AF80008DF908292E19BA9095AD91D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A761A Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 004A7624
                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 004A7638
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemShowWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3351165006-0
                                                                                                                                                                              • Opcode ID: aa4ca5fdea0726a921ae032bc14cad49c7cb8503e34d332de2c144e5d86ba26c
                                                                                                                                                                              • Instruction ID: 96b503c0e5ba033d030d1f48c6570caca7008a85ee4ff7edef73273377b3ca2f
                                                                                                                                                                              • Opcode Fuzzy Hash: aa4ca5fdea0726a921ae032bc14cad49c7cb8503e34d332de2c144e5d86ba26c
                                                                                                                                                                              • Instruction Fuzzy Hash: A9D0C9B1514151AAA61C5B30C969C3A7BECEF52702709860DF98A81190D639D805EB20
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041984E Relevance: 2.5, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • malloc.MSVCRT ref: 0041986D
                                                                                                                                                                                • Part of subcall function 00413CFE: InterlockedExchange.KERNEL32(005C442C,00000001), ref: 00413D09
                                                                                                                                                                                • Part of subcall function 00413CFE: CloseHandle.KERNEL32(00000000,NoMemoryThread,00000000,00000000,00413CC3,75F76854,00000000,?), ref: 00413D2E
                                                                                                                                                                                • Part of subcall function 00413CFE: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,004BA8EA), ref: 00413D39
                                                                                                                                                                              • GetLastError.KERNEL32(75F76850,75F76854,00459837,004BA8EA,00000000,00403328,004BA8EA,?,00000000,0040559D,004BA8EA), ref: 00419884
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseErrorExchangeHandleInterlockedLastSleepmalloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3304500728-0
                                                                                                                                                                              • Opcode ID: 8c009763218d0f015416c8c9c36e65a8484112a1bdbbdc62c83f421cbdfa3b71
                                                                                                                                                                              • Instruction ID: 783642e5a86638b666c62f7ef879e16c0a79258a4b8111ffc74d86f710f0f174
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c009763218d0f015416c8c9c36e65a8484112a1bdbbdc62c83f421cbdfa3b71
                                                                                                                                                                              • Instruction Fuzzy Hash: 12E0D832A241200BE7216B2FBC187DB23886FD3729F02441FE800C9250EB6C4DC291D8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00415F1F Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                                                              • Opcode ID: 730a54feb37dd5384219a1a7f8a22524bceea62915d3027c9599b2b719092579
                                                                                                                                                                              • Instruction ID: 9c6d22327f99e7f92912113ee493dde32345870762dee3d79a722537e198b1dd
                                                                                                                                                                              • Opcode Fuzzy Hash: 730a54feb37dd5384219a1a7f8a22524bceea62915d3027c9599b2b719092579
                                                                                                                                                                              • Instruction Fuzzy Hash: 79419D75900108EFCB18EFA4C885AFEBBB8AF49304F15405EE406A7291DB39D984CB69
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042C879 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2009864989-0
                                                                                                                                                                              • Opcode ID: 802a1adbd73a796e540d4af0e541f9323476cc3f8a4e60e5af029edee2bfa612
                                                                                                                                                                              • Instruction ID: b144fccd37cf0850f9fa79116f746cce90d23d58216db54ff214b929880c9f82
                                                                                                                                                                              • Opcode Fuzzy Hash: 802a1adbd73a796e540d4af0e541f9323476cc3f8a4e60e5af029edee2bfa612
                                                                                                                                                                              • Instruction Fuzzy Hash: E7210131F00526CBCB25BA15E8C17AE73A2AFA1319FA4801BD4015B352DB3D9D86D788
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00420D17 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountTick
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 536389180-0
                                                                                                                                                                              • Opcode ID: 13807015078736d3dca536181e0940ca6357af258381fc9dbe2ecf1342f281bc
                                                                                                                                                                              • Instruction ID: ca61fa0245c1ee0dc2515e087fa9267c470dc018a14a5295f13546dfe35b3d34
                                                                                                                                                                              • Opcode Fuzzy Hash: 13807015078736d3dca536181e0940ca6357af258381fc9dbe2ecf1342f281bc
                                                                                                                                                                              • Instruction Fuzzy Hash: 87216071A00218AFCF11DFA5D884AEB7BB5FF45310F14847AEC199F246DB75A940CBA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047027A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetForegroundWindow.USER32(?,004309F7), ref: 004702B6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ForegroundWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2020703349-0
                                                                                                                                                                              • Opcode ID: 739560fa483c0cbf6c62b974f266b772f518af29fe0149bb48371507ec66c088
                                                                                                                                                                              • Instruction ID: 89cfb5806c5003369e768c947b7477593d2325d51075582581c223c2f82d2e10
                                                                                                                                                                              • Opcode Fuzzy Hash: 739560fa483c0cbf6c62b974f266b772f518af29fe0149bb48371507ec66c088
                                                                                                                                                                              • Instruction Fuzzy Hash: 8EF0A936301104DF8B149BADD48D49DBFE5EB9631072584ABF00AE3392DA759C415754
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045217A Relevance: 1.5, APIs: 1, Instructions: 38registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(?,?,00000000,?,80000001,00020019,?,?,00452216,?,?,00000001,00020019,00020019,00429E9D,00533090), ref: 00452196
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryValue
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3660427363-0
                                                                                                                                                                              • Opcode ID: 3eba08415aa807d2b39f7c94dba43f8071e479c76887e35e37ef8976568fa029
                                                                                                                                                                              • Instruction ID: d6e03b253361909cef2081321a27c537e76fc85aa47fcaf1193730d38b1e98f4
                                                                                                                                                                              • Opcode Fuzzy Hash: 3eba08415aa807d2b39f7c94dba43f8071e479c76887e35e37ef8976568fa029
                                                                                                                                                                              • Instruction Fuzzy Hash: 1BF0497520160AEBDF19CF60DA40AAF37A8AF06385F10452BFE02D2250D375DE24DAA9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046B521 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0046B4B3: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0046B535,0053DEEC,00000000), ref: 0046B4C9
                                                                                                                                                                                • Part of subcall function 0046B4B3: SetFilePointer.KERNEL32(00000000,0000003C,00000000,00000000), ref: 0046B4F1
                                                                                                                                                                                • Part of subcall function 0046B4B3: SetFilePointer.KERNEL32(00000000,00000004,00000000,00000000,00000004), ref: 0046B50E
                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,?,00000000,00000000,000000F8,0053DEEC,00000000), ref: 0046B56B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                              • Opcode ID: 37d7e34d9363f42253d94b7de1d586d07a419a5e7ad31c1c2a600277411f9cd1
                                                                                                                                                                              • Instruction ID: af60510601be8f47e88aabb9bb4f7504c198f8d7a3a67c7566d0d045846eaf91
                                                                                                                                                                              • Opcode Fuzzy Hash: 37d7e34d9363f42253d94b7de1d586d07a419a5e7ad31c1c2a600277411f9cd1
                                                                                                                                                                              • Instruction Fuzzy Hash: F7F0BB32A40B2565D73067B99C407FE7264DB50758F50052AE912D73C0FF58C98B97DA
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00495D5B Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000014,00000000,00000000,00479654,00000000,0000004C,?,?,00000000,?,0041BC27), ref: 00495D94
                                                                                                                                                                                • Part of subcall function 00495CA0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00495CD8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateDirectoryUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3902259469-0
                                                                                                                                                                              • Opcode ID: 113fd71fce3ffbf60ba81a73722eec25878f067e86cfcf36052c85b792c149a9
                                                                                                                                                                              • Instruction ID: ec1d8026d0e12c000bf6e02c94b0a2df9d3622d2036182d14d35eeec08e39bb3
                                                                                                                                                                              • Opcode Fuzzy Hash: 113fd71fce3ffbf60ba81a73722eec25878f067e86cfcf36052c85b792c149a9
                                                                                                                                                                              • Instruction Fuzzy Hash: 63F0DAB16007009B8630AF5BD48485BFBFCBFE47403408D2FE096D3621C7B4A9098B54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00452407 Relevance: 1.5, APIs: 1, Instructions: 25registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegCreateKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,000F003F,00000000,00000000,00000000,0041670F,?,004B8E68,80000001,Software\BitTorrent\uTorrent,?,00000000), ref: 00452431
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Create
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                                              • Opcode ID: 1e9ffdde444975586f4483952b983303b7b54f774e40c9b07e86bd127bf16fe3
                                                                                                                                                                              • Instruction ID: 62e87969c754c2190cae94c0f4d72fc0bdfcaa40b2816e99a817e746a0b6d305
                                                                                                                                                                              • Opcode Fuzzy Hash: 1e9ffdde444975586f4483952b983303b7b54f774e40c9b07e86bd127bf16fe3
                                                                                                                                                                              • Instruction Fuzzy Hash: 80E0C2B32581683EA7115AB0ACC4C7B7B4CDA2739EB144127F65592012C1914C1EA230
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041E65A Relevance: 1.5, APIs: 1, Instructions: 25networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAWaitForMultipleEvents.WS2_32(00000040,005C47E8,00000000,00000000,00000000,00000000,0041E7AB), ref: 0041E696
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: EventsMultipleWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1423513418-0
                                                                                                                                                                              • Opcode ID: a7a3b753672e1ab961568b28e242eab24b5554c428c9de2bbe51396fa6d6e652
                                                                                                                                                                              • Instruction ID: 479a453047b5dadf0b91cd4860eb03d513cbce6b2da21ec0c29332ee0ecf386e
                                                                                                                                                                              • Opcode Fuzzy Hash: a7a3b753672e1ab961568b28e242eab24b5554c428c9de2bbe51396fa6d6e652
                                                                                                                                                                              • Instruction Fuzzy Hash: 7AE0D874650120AFEB346756AC55FC822526772B00FD20806F903EB1D0C2789CC19A8C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AC319 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DrawTextW.USER32(?,00000000,00000002,?,?), ref: 004AC343
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DrawText
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2175133113-0
                                                                                                                                                                              • Opcode ID: 910ac66169b42d1562ba9d3d9f99b898b13ca511e18a8d8edb96954fd530ab8a
                                                                                                                                                                              • Instruction ID: b6005270d6f7e985f7a6c8502120d02280ee5f39c4d81f3744a74dfe975842fd
                                                                                                                                                                              • Opcode Fuzzy Hash: 910ac66169b42d1562ba9d3d9f99b898b13ca511e18a8d8edb96954fd530ab8a
                                                                                                                                                                              • Instruction Fuzzy Hash: 2AE04F32000119EFCF015F88DC08AEB3B69EF25341F008011FD098A120C732D665DB80
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004522A9 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,?,00000000,004B9B3D,004B9B3D,00000000,00000000,?,0045247E,?,004B9B3D,80000002,00000000,00020019,toolbar.log,80000002), ref: 004522C6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryValue
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3660427363-0
                                                                                                                                                                              • Opcode ID: c16d69f1c41c3e90dbb9e974de91b6a77bda19894a42d5a3aea6255a05df76cf
                                                                                                                                                                              • Instruction ID: 1f6e59e80ca1cfaefb2e6b68564e630b73dc40cdfc1a1424076357cfc3d5045b
                                                                                                                                                                              • Opcode Fuzzy Hash: c16d69f1c41c3e90dbb9e974de91b6a77bda19894a42d5a3aea6255a05df76cf
                                                                                                                                                                              • Instruction Fuzzy Hash: D6E04F75100208FAEF118F51CD04A9B37ACFB12359F108166FD13D5150D275DA4E9B15
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B086F Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(0000004A,00000000,00000000,00000000), ref: 004B0881
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                              • Opcode ID: 227ba72995f608a4199017126c11469eec08194dde2181b28bcc3bdfe272dad8
                                                                                                                                                                              • Instruction ID: 17d350127428647063e1ac2b4c48130d6ec980162252bb2a75ad78d238149560
                                                                                                                                                                              • Opcode Fuzzy Hash: 227ba72995f608a4199017126c11469eec08194dde2181b28bcc3bdfe272dad8
                                                                                                                                                                              • Instruction Fuzzy Hash: B7E01271660208F6EF14A751DD07BDF73A89B1174EF1004E5A602E10D0D6B8AE0595B9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A467 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,0000000A,00000104), ref: 0042A496
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DriveType
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 338552980-0
                                                                                                                                                                              • Opcode ID: ae143b52d681f7c02df87be6bda78ba7c8d60257315b3833aa3bcb5cf382f008
                                                                                                                                                                              • Instruction ID: b33d8b8dbd0720f9cd0b7fb71b1d5590a798e24c0dd186885b888f70c8ab7bf8
                                                                                                                                                                              • Opcode Fuzzy Hash: ae143b52d681f7c02df87be6bda78ba7c8d60257315b3833aa3bcb5cf382f008
                                                                                                                                                                              • Instruction Fuzzy Hash: 85E08C34AC020E4BDB10FA70DC4AEEE73289B20704F2042656502E60D0EEB4AA8A8B91
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A71DA Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL ref: 004A7205
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                              • Opcode ID: c9ec66709a06d5e98debdfed352f3fffba0a4d599f94049374247f9fee866454
                                                                                                                                                                              • Instruction ID: 6f560604f2d7866d2a14c582f79c7cb2b10254e9dc1fd8cd685e0d8239ba866d
                                                                                                                                                                              • Opcode Fuzzy Hash: c9ec66709a06d5e98debdfed352f3fffba0a4d599f94049374247f9fee866454
                                                                                                                                                                              • Instruction Fuzzy Hash: 01F04EB4E0020EDFCB40DFA8C585B9EBBF0BB08319F108459E818EB255D374AA54CF91
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0051A41C Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: exit
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2483651598-0
                                                                                                                                                                              • Opcode ID: cd13ce555633ccb448e5e7b3743fa435b3af9272cb7a3f25918bd9167e689775
                                                                                                                                                                              • Instruction ID: 3dadc8bcb3a17b66dd6a0df1abb5f6c0c536277363adc59c6b1ca031b53818b3
                                                                                                                                                                              • Opcode Fuzzy Hash: cd13ce555633ccb448e5e7b3743fa435b3af9272cb7a3f25918bd9167e689775
                                                                                                                                                                              • Instruction Fuzzy Hash: E4C04C607C130230F56271B51D0BFF959057B94F04F998555FB84785C3A9C5AA80016B
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00448DC6 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • HeapCreate.KERNEL32(00000000,00000000,00000000,00448EBA,0041BAB6,00000001,066171C6,00000002,NOINSTALL,recover,?,MINIMIZED,AUTOMATION), ref: 00448DCC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                              • Opcode ID: 7d2fc59d9e2c8100d1f4b0aae1f0453d80cc285b1ca2193f0945aa71269172be
                                                                                                                                                                              • Instruction ID: 5b77318df79b8f5934bf37c1bf95e05cdf8091c935d1d44e94741d15ee973ca1
                                                                                                                                                                              • Opcode Fuzzy Hash: 7d2fc59d9e2c8100d1f4b0aae1f0453d80cc285b1ca2193f0945aa71269172be
                                                                                                                                                                              • Instruction Fuzzy Hash: C3C08C38B403029AFE201F311C1AB8E23D06B71B86FA10099E1019E6C0EE68850A6E0C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004521D4 Relevance: 1.5, APIs: 1, Instructions: 12registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegSetValueExW.KERNEL32(00000000,004B8EA7,00000000,004B8EA7,00000000,?,00452243,80000001,00000000,00000001,?,0041670F,?,004B8EA7,OfferProvider,00000000), ref: 004521F6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                              • Opcode ID: 4b7ed1570147b6d7dc1a136b927d2bd1e7ad2fc4b39f5e074efb3c28a38d7c6e
                                                                                                                                                                              • Instruction ID: c9d15c3bb1460175608ea38de78b449daf870a9b71c55e591be355dd42a6c2f8
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b7ed1570147b6d7dc1a136b927d2bd1e7ad2fc4b39f5e074efb3c28a38d7c6e
                                                                                                                                                                              • Instruction Fuzzy Hash: A7D09E32418681AEDB12CF509D08F177FA2BB56715F244A4AB2B5540F187B6446CFB17
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00411B56 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000,0042A150,005CB350,toolbar.log), ref: 00411B57
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                              • Opcode ID: 67006132ed8bca619482c6679a07083596aa8b8a65241e37c213e2e2c12f80f2
                                                                                                                                                                              • Instruction ID: cb2bafda0c0d7f985e6ffd33c9ed78d8f94b8af1ede39919f36286246a7efeda
                                                                                                                                                                              • Opcode Fuzzy Hash: 67006132ed8bca619482c6679a07083596aa8b8a65241e37c213e2e2c12f80f2
                                                                                                                                                                              • Instruction Fuzzy Hash: EBB092B092650009AE24173A0C084A722448A7233AF541F61E5B5C01F4FB2AEC97E008
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00452165 Relevance: 1.5, APIs: 1, Instructions: 10registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000,?,004523CA,Software\Wine,00429C64,80000002,Software\Wine,00020019,?,00000019,?,?,?,?,00429CE6,0041E6F0), ref: 0045216F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                                              • Opcode ID: 9eaf0ef1e28c7ba9c29eee49900fadf5d29d611d0827ad95f5b715a64454d485
                                                                                                                                                                              • Instruction ID: a67163a9d273ffc94d1e26d4440022c7c5a53e6c6db2e04680f148bd22e855d1
                                                                                                                                                                              • Opcode Fuzzy Hash: 9eaf0ef1e28c7ba9c29eee49900fadf5d29d611d0827ad95f5b715a64454d485
                                                                                                                                                                              • Instruction Fuzzy Hash: 9AC04C3151421147D7715F28B808B5373E86F55312F15055AA890D6140DBA898859658
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004118BC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000,00000000,0047B3E4,00000000,00000000,0047B46B,00000000,00000000,00000000,?,?,0000002C,00000000,00000004), ref: 004118C7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2591292051-0
                                                                                                                                                                              • Opcode ID: b5bbf269c3d6d3ea942b1f0a9bfc76d03c6151d8763a6f9d1252de70f7aef660
                                                                                                                                                                              • Instruction ID: 5e3c797ddafb9d894730d899c724b0d8eb3d0a894d32e8af438ea94d574bb946
                                                                                                                                                                              • Opcode Fuzzy Hash: b5bbf269c3d6d3ea942b1f0a9bfc76d03c6151d8763a6f9d1252de70f7aef660
                                                                                                                                                                              • Instruction Fuzzy Hash: 02C04C3150451547D6245B2CB84988577E86E163707250B5AF0F5D22F0C7745C875654
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041A9EC Relevance: 1.5, APIs: 1, Instructions: 7networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAEventSelect.WS2_32(000000FF,?,0041B982), ref: 0041AA00
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: EventSelect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 31538577-0
                                                                                                                                                                              • Opcode ID: a6c88bcfbcf99e68852f6f224a5c9c2be5360b5da4127e85e3c00edb22db9c8b
                                                                                                                                                                              • Instruction ID: f52daa5ae7e38309dd6c3ff504133ef2552588b93c1a059e0b8ce3ba6b90d7c5
                                                                                                                                                                              • Opcode Fuzzy Hash: a6c88bcfbcf99e68852f6f224a5c9c2be5360b5da4127e85e3c00edb22db9c8b
                                                                                                                                                                              • Instruction Fuzzy Hash: 85C0483A010504AFCA028F44EE06D05BBB2EB6A308B1AC059F1088A239C333C977FE44
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00413D42 Relevance: 1.5, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlCompactHeap.NTDLL(00B40000,00000000,0041E855), ref: 00413D4E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CompactHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2517715189-0
                                                                                                                                                                              • Opcode ID: 3fa077a326dc1a95d94caa506ad7993fe763940c301cfbe19cf8682d45cef3fb
                                                                                                                                                                              • Instruction ID: 184ac9f108d5d3c5943f0548cfe19a16b2714a6280d97cfe167124bc161fd8a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 3fa077a326dc1a95d94caa506ad7993fe763940c301cfbe19cf8682d45cef3fb
                                                                                                                                                                              • Instruction Fuzzy Hash: 76B012307003049BFF208F20EC8CF4733786BA0701F2404007101E30A0C724D448EA24
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00411A52 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MoveFileExW.KERNEL32(00000000,00000000,00000003,00414694,0042F675,?,?,?,0042F675,global_resume.dat), ref: 00411A56
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileMove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3562171763-0
                                                                                                                                                                              • Opcode ID: f9ce48a12f8365634f04bdd7ffb821c0216940909249de987fff3f6c5ef7d9a5
                                                                                                                                                                              • Instruction ID: bcb44c2a313ca1bbc299dbd906b40f453d45548f619a99553cde3f3c9a95b6de
                                                                                                                                                                              • Opcode Fuzzy Hash: f9ce48a12f8365634f04bdd7ffb821c0216940909249de987fff3f6c5ef7d9a5
                                                                                                                                                                              • Instruction Fuzzy Hash: 57A002E06506016AFD395721AE2AF26262C9BD1B02F04454875055409046758615D620
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00419846 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                                                              • Opcode ID: e735534d31ebb15bce5402a46d184ac47ef5594229e9bb67959a7a6b344ad1ea
                                                                                                                                                                              • Instruction ID: a424f187ea3d5b827f0182a45a2b7164527136812d2cd4ea81eb4d196d2d5425
                                                                                                                                                                              • Opcode Fuzzy Hash: e735534d31ebb15bce5402a46d184ac47ef5594229e9bb67959a7a6b344ad1ea
                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00428956 Relevance: 1.3, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,00000000,00000080,?,?,004ADD20,?,00000000,00000028,000000F8), ref: 00428988
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CloseCreateHandlePointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 22866420-0
                                                                                                                                                                              • Opcode ID: 9d3d4e77c09c5e6e061789975153e37b16c4b497d21e6d35344cd5bb2fe6e8ee
                                                                                                                                                                              • Instruction ID: 65e9e6b5ffb85e58923554d7b258d6042a11b06291afca3b127c74848c4868a3
                                                                                                                                                                              • Opcode Fuzzy Hash: 9d3d4e77c09c5e6e061789975153e37b16c4b497d21e6d35344cd5bb2fe6e8ee
                                                                                                                                                                              • Instruction Fuzzy Hash: 03E02672B031307AD91032357C869EF2308AF87334B24032BF665472C09E6E088BA5AA
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 004B4A3C Relevance: 260.4, APIs: 2, Strings: 146, Instructions: 1367COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetVersion.KERNEL32(?,?,?), ref: 004B4AEB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Version
                                                                                                                                                                              • String ID: %s:%d$%u,%u,%u,%u,%u$&lv=%d_%d_%U$&v1f=%d$&v1tw=%d$&v2f=%d$&v2tw=%d$&v3f=%d$&v3tw=%d$&wpu=%d$MS_Windows$SOFTWARE\Microsoft\Internet Explorer$TX\$Version$ac=%d$adc=%U$ah=%u$ans=%d$ap=%s$at=%d$av=%Lu$avduf=%d$avie=%d$c=%U$cehh=%S$cen=%d$cfu.log$cl=%s$cmp=%d$def_tor=%d$def_tor_changed=%d$dl=%u$doainstalled=%U$e=%d$fg=%Lu$fh=%u$flc=%d$gnc=%d$h=%s$hc=%d$hn=%u$i=%d$ie=%S$ih=%d$incodecs=%s$insvr=%d$it=%d$iu=%d$k=%U$l=%U$lgc=%d$m_down=%d$m_up=%d$m_utpq=%d$main$mini=%d$mt=%Lu$mtl=%Lu$mts=%u$nat_state=%d$notstore$np=%d$oh=%d$ot=%d$ou=%d$outcodecs=%s$p_down=%u$p_ip=%a$p_up=%u$pb=%d$pc=%u$pcc=%d$pd=%u$period=%d$plus=%d$pr=%u$prc=%d$ps=%d$pt=%s$pupsell=%d$qv=%d$rca=%d$rca_list=%d$rcbe=%d$rce=%d$rcse=%d$rsa=%d$rsf=%d$s=%d$sc=%d$sch=%d$sctl=%d$seccau=%U$secn=%U$secp=%U$secres=%U$shdi=%d$sids=%s$skn=%u$spc=%d$ssb=%Lu$ssb_new=%Lu$ssu=%Lu$ssu_new=%Lu$svn_revno=%d$svp=%d$t=%d$t_down=%Lu$t_downP=%Lu$t_up=%Lu$t_upP=%Lu$tb=%d$tco=%d$tde=%d$tdu=%d$tendP=%u$tk=%U$tor_act=%d$tor_all=%d$tor_cmp=%d$tor_down=%d$tor_in=%d$tor_nl=%d$trc=%d$tta=%d$ttaP=%d$tta_offs=%d$ttc=%d$ttd=%d$ttdP=%d$ttt=%d$uTorrent$ul=%u$up=%d$v=%d$view=%s$w64=%u$w=%X$win32$wui=%d$xai=%d$xim=%d$xrsb=%d$xrtsb=%d$xseq=%d$xsss=%d
                                                                                                                                                                              • API String ID: 1889659487-3900516312
                                                                                                                                                                              • Opcode ID: f1e168407b1e0025c262ce6ef469587dd57154782637192b833b14663a1b6dfb
                                                                                                                                                                              • Instruction ID: 22321e90680199177805d85a6dfe33c627d1ef23d05ee59fc5769193e0dd1321
                                                                                                                                                                              • Opcode Fuzzy Hash: f1e168407b1e0025c262ce6ef469587dd57154782637192b833b14663a1b6dfb
                                                                                                                                                                              • Instruction Fuzzy Hash: 79D268B19006288FDB61DF24CC456DEBBF6BF48304F0144EAE508A7251EB75AA89CF55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043E16F Relevance: 216.6, APIs: 12, Strings: 111, Instructions: 1332COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(last seen complete,?,?,started,00000002), ref: 0043E39C
                                                                                                                                                                              • memset.MSVCRT ref: 0043E52D
                                                                                                                                                                              • GetLastError.KERNEL32(hashfails,?,waste,?,?,lsd,?,dht,?,order,?,superseed_cur_piece,?,created_torrent,?,superseed), ref: 0043E765
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0043E795
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0043E7C5
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0043E7F4
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0043E823
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0043E852
                                                                                                                                                                                • Part of subcall function 00407DCC: ??2@YAPAXI@Z.MSVCRT ref: 00407DDC
                                                                                                                                                                              • GetLastError.KERNEL32(time,blocks,blocksize,?,comments,trackers), ref: 0043EEAC
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0043EED3
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043EFB3
                                                                                                                                                                              • memset.MSVCRT ref: 0043F11E
                                                                                                                                                                                • Part of subcall function 004198EE: memset.MSVCRT ref: 00419900
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$memset$??2@$??3@
                                                                                                                                                                              • String ID: added_on$adid$antivirus$app_owner$app_type$app_url$autoexecute$blocks$blocksize$caption$codec$comments$completed_on$converted_media$converted_path$corrupt$created_torrent$device_id$dht$download_url$downloaded$downspeed$episode$episode_to$error$errorString$feed_url$file_index$file_size$hashed$hashfails$have$hideautoexecuteui$infected$info$is_conversion_job$key$known$label$labels$last seen complete$last_active$lsd$max_connections$meta_audio_codec$meta_available$meta_containers$meta_durations$meta_encoding_rates$meta_video_codec$meta_video_heights$meta_video_widths$modtimes$moniker$moved$num_transfers$observers$order$outofspace$override_seedsettings$path$peers$peers6$physmap$pieces_to_download$prio$prio2$profile$progress$quality$quarantined$read_only$relative$resume_valid$rss_name$run_program$runtime$season$seedtime$sid$source_path$startTime$started$state$suffixes$superseed$superseed_cur_piece$targets$time$trackermode$trackers$transcode$ulslots$uploaded$upspeed$use_utp$use_utp_only$valid$visible$vote$votes$wanted_ratio$wanted_seednum$wanted_seedtime$wasforce$waste$web_seeding_enabled$x$x$x$l+f
                                                                                                                                                                              • API String ID: 200005987-1182754882
                                                                                                                                                                              • Opcode ID: 46c39f331d07de90008eae4d97b22835b7653db24478b326f90c4258a82488b4
                                                                                                                                                                              • Instruction ID: d499ce9741027f5362e46459bd31affc9340a9519d88364737b74541a46f9455
                                                                                                                                                                              • Opcode Fuzzy Hash: 46c39f331d07de90008eae4d97b22835b7653db24478b326f90c4258a82488b4
                                                                                                                                                                              • Instruction Fuzzy Hash: 4AC27F746002049FCF15EF96C892BED7BB2BF88318F04506EF815AB392DB789941DB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040A420 Relevance: 35.7, APIs: 14, Strings: 6, Instructions: 680windowthreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 0040A443
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0040A5D2
                                                                                                                                                                              • IsIconic.USER32(?), ref: 0040A5F8
                                                                                                                                                                              • SetThreadExecutionState.KERNEL32(80000000), ref: 0040A67A
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040A8AB
                                                                                                                                                                              • WaitForInputIdle.USER32(00000000,00001388), ref: 0040A90E
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,000003E8), ref: 0040A920
                                                                                                                                                                              • _CIpow.MSVCRT ref: 0040A9B9
                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 0040AB0C
                                                                                                                                                                              • SetWindowTextW.USER32(?,005A6EC0), ref: 0040AB32
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0040AC8F
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040ACCF
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0040AD18
                                                                                                                                                                                • Part of subcall function 004043A0: DestroyCursor.USER32(?), ref: 004043AE
                                                                                                                                                                              • PostMessageW.USER32(?,00008060,00000000,00000000), ref: 0040ADBB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$??2@??3@Text$CloseCursorDestroyExecutionForegroundHandleIconicIdleInputIpowMessagePostRectStateThreadWait
                                                                                                                                                                              • String ID: 0$Error opening Windows firewall: 0x%X %s$Prevented update check because of proxy torrents$Unable to send crash report to server:%S$dht_feed.dat$l+f
                                                                                                                                                                              • API String ID: 764335532-3802867949
                                                                                                                                                                              • Opcode ID: 4aa696bec1bd6002d6546b8896bbc65f0f65096a9da398b4660546ee9d7fce9e
                                                                                                                                                                              • Instruction ID: 03516f557a78d4ee9b8fce121f4342718aa3b023950c31cf51987506a8dd3270
                                                                                                                                                                              • Opcode Fuzzy Hash: 4aa696bec1bd6002d6546b8896bbc65f0f65096a9da398b4660546ee9d7fce9e
                                                                                                                                                                              • Instruction Fuzzy Hash: 653226715043449EEB24EB75EC51BAE37B1AB66308F04047FE542632D2DB3C5899DB2B
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046C4F6 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 116networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • socket.WS2_32(00000002,00000002,00000000), ref: 0046C505
                                                                                                                                                                              • WSAGetLastError.WS2_32(?,?,?,?,0046DE4F,00534BD4,00000000,00000000), ref: 0046C512
                                                                                                                                                                              • ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 0046C540
                                                                                                                                                                              Strings
                                                                                                                                                                              • 239.255.255.250, xrefs: 0046C5D3
                                                                                                                                                                              • UPnP: Unable to bind to UPnP port: %d, xrefs: 0046C5BC
                                                                                                                                                                              • UPnP: Joined multicast group, xrefs: 0046C628
                                                                                                                                                                              • 0.0.0.0, xrefs: 0046C5DA
                                                                                                                                                                              • UPnP: Unable to setsockopt: %d, xrefs: 0046C577
                                                                                                                                                                              • UPnP: Could not join multicast group: %d, xrefs: 0046C601
                                                                                                                                                                              • UPnP: Unable to create socket: %d, xrefs: 0046C519
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastioctlsocketsocket
                                                                                                                                                                              • String ID: 0.0.0.0$239.255.255.250$UPnP: Could not join multicast group: %d$UPnP: Joined multicast group$UPnP: Unable to bind to UPnP port: %d$UPnP: Unable to create socket: %d$UPnP: Unable to setsockopt: %d
                                                                                                                                                                              • API String ID: 3996898016-1212020434
                                                                                                                                                                              • Opcode ID: a560468c74b119a7636562bd5c116398754cbcf7d9982e36876d862ad69a1d7c
                                                                                                                                                                              • Instruction ID: fcd4a1b042d543f9031c0b3c10e581258e6df2b334ee055ad7f0eff41a9b3387
                                                                                                                                                                              • Opcode Fuzzy Hash: a560468c74b119a7636562bd5c116398754cbcf7d9982e36876d862ad69a1d7c
                                                                                                                                                                              • Instruction Fuzzy Hash: 92310871A40304BFFB206BA19C8AFBA7BB8FF59700F10011AF641A61D1E7795445AB6B
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004942FF Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 172encryptionmemorystringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrcpynW.KERNEL32(?,00533090,00000104,0058A2C0,000002B0,004ADEF4,00000001,00533090,0052C8F4,?,00000000,75C08FB0,00000000,?,00409A4F,00000000), ref: 0049438A
                                                                                                                                                                              • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,00000000,?,00000000), ref: 004943B6
                                                                                                                                                                              • GetLastError.KERNEL32(?,00409A4F,00000000,00000000,00000004,0052C8F4,?,00000000), ref: 004943C0
                                                                                                                                                                                • Part of subcall function 004782BF: LoadLibraryA.KERNEL32(?,00000000,00000000,00000000,?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?), ref: 004782D7
                                                                                                                                                                                • Part of subcall function 004782BF: GetProcAddress.KERNEL32(00000000,?), ref: 004782F1
                                                                                                                                                                                • Part of subcall function 004782BF: GetLastError.KERNEL32(?,0047B8FE,005CA060,wininet.dll,00000000,?,0047B96D,00000000,0047BAFC,00000000,004B75F7,?,?,?,?,?), ref: 0047830B
                                                                                                                                                                              • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 004943F9
                                                                                                                                                                              • GetLastError.KERNEL32(?,00409A4F,00000000,00000000,00000004,0052C8F4,?,00000000), ref: 00494403
                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,00409A4F,00000000,00000000,00000004,0052C8F4,?,00000000), ref: 00494416
                                                                                                                                                                              • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 00494442
                                                                                                                                                                              • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,?,00000000), ref: 00494486
                                                                                                                                                                              • GetLastError.KERNEL32(?,00409A4F,00000000,00000000,00000004,0052C8F4,?,00000000), ref: 00494493
                                                                                                                                                                              Strings
                                                                                                                                                                              • CertFindCertificateInStore failed with %x, xrefs: 0049449A
                                                                                                                                                                              • Crypt32.dll, xrefs: 00494325
                                                                                                                                                                              • Unable to load CryptAPI functions, xrefs: 0049433F
                                                                                                                                                                              • Unable to allocate memory for Signer Info., xrefs: 00494425
                                                                                                                                                                              • CryptQueryObject failed with %x, xrefs: 004943C7
                                                                                                                                                                              • Signer certificate mismatch, xrefs: 004944F4
                                                                                                                                                                              • CryptMsgGetParam failed with %x, xrefs: 0049440A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$Crypt$Param$AddressAllocCertCertificateFindLibraryLoadLocalObjectProcQueryStorelstrcpyn
                                                                                                                                                                              • String ID: CertFindCertificateInStore failed with %x$Crypt32.dll$CryptMsgGetParam failed with %x$CryptQueryObject failed with %x$Signer certificate mismatch$Unable to allocate memory for Signer Info.$Unable to load CryptAPI functions
                                                                                                                                                                              • API String ID: 3019003785-1091527329
                                                                                                                                                                              • Opcode ID: d192186d8f73894168479b4e70a05aa2641e9e3a85cec2c4fb040005d1e052a6
                                                                                                                                                                              • Instruction ID: c94ddef722fee44eb26bf71784a6811643c229cda5e25bef6bfe393f67f17929
                                                                                                                                                                              • Opcode Fuzzy Hash: d192186d8f73894168479b4e70a05aa2641e9e3a85cec2c4fb040005d1e052a6
                                                                                                                                                                              • Instruction Fuzzy Hash: C651C071A00208AFDF20DFA1DC45EEE7FB9FB98714F14406AF505E7291D77489428B65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00428318 Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 317filewindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                              • _wcsncoll.MSVCRT ref: 00428448
                                                                                                                                                                              • CopyFileW.KERNEL32(00000008,00000000,00000000,004482BB,?,?), ref: 0042849A
                                                                                                                                                                              • CopyFileW.KERNEL32(00000004,00000000,00000000), ref: 004284C4
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004482BB,00000008), ref: 004284CE
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 0042857E
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00004000,00000080,00000000), ref: 004285BE
                                                                                                                                                                              • DeleteFileW.KERNEL32(00004000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004482BB), ref: 004285C3
                                                                                                                                                                                • Part of subcall function 0042A209: memcpy.MSVCRT ref: 0042A258
                                                                                                                                                                              • PostMessageW.USER32(00008067,00000000,00000000,?), ref: 00428682
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AttributesCopy$CurrentDeleteErrorLastMessagePostThread_wcsncollmemcpy
                                                                                                                                                                              • String ID: 5$@$Can't delete original torrent file %s$TX\$torrent already exists
                                                                                                                                                                              • API String ID: 3646242634-1488676901
                                                                                                                                                                              • Opcode ID: 1efa91a23ae9f1a33e4b0469c390d4f636cf356a3bc81320105209816c6a4196
                                                                                                                                                                              • Instruction ID: bd5c69cfa38c8395ffc1e5c15fdfd53ed1f93d05bd3f6190ba303c8503dbb948
                                                                                                                                                                              • Opcode Fuzzy Hash: 1efa91a23ae9f1a33e4b0469c390d4f636cf356a3bc81320105209816c6a4196
                                                                                                                                                                              • Instruction Fuzzy Hash: DDB14570A00218ABDF14EBA6D841BEF7B75AF94304F44446FE402A7292DF3D5A49CB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004447A1 Relevance: 16.6, APIs: 2, Strings: 7, Instructions: 891COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 00444B30
                                                                                                                                                                                • Part of subcall function 00443CF2: memset.MSVCRT ref: 00443DAE
                                                                                                                                                                              • rand.MSVCRT ref: 004452D0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@memsetrand
                                                                                                                                                                              • String ID: BAN peer: Responsible for '%s' metadata not being loaded!$ERROR: Metadata for '%s' could not be loaded! ("%s")$Finished receiving metadata for '%s'$Metadata Complete$Timing out hole punch request(%A)$magnet:$l+f
                                                                                                                                                                              • API String ID: 1885702909-2128729322
                                                                                                                                                                              • Opcode ID: 92fba0eba98a63047e4139546d13f25c4f9e0b9de6a24c9297b354b3b659c9e9
                                                                                                                                                                              • Instruction ID: 0c6c453a03c7066253f546f486224fddd91024fbcc1a4e6d3dd27f14ca4ca0bf
                                                                                                                                                                              • Opcode Fuzzy Hash: 92fba0eba98a63047e4139546d13f25c4f9e0b9de6a24c9297b354b3b659c9e9
                                                                                                                                                                              • Instruction Fuzzy Hash: 9C72F230A00A449FEB25EF75C891BEEB7E2BF94308F14446FE45657392CB38A945CB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BCAD5 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 98keyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B8253: SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,00000000,?), ref: 004B826F
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000010), ref: 004BCAEB
                                                                                                                                                                                • Part of subcall function 004B810C: CreatePipe.KERNEL32(?,?,?,00000000,00000000,?,?), ref: 004B813A
                                                                                                                                                                                • Part of subcall function 004B810C: GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 004B814E
                                                                                                                                                                                • Part of subcall function 004B810C: GetCurrentProcess.KERNEL32(?,00000000), ref: 004B8154
                                                                                                                                                                                • Part of subcall function 004B810C: DuplicateHandle.KERNEL32(00000000), ref: 004B8157
                                                                                                                                                                                • Part of subcall function 004B810C: CloseHandle.KERNEL32(?), ref: 004B8160
                                                                                                                                                                                • Part of subcall function 004B810C: PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 004B81FC
                                                                                                                                                                                • Part of subcall function 004B810C: GetExitCodeProcess.KERNEL32(?,?), ref: 004B8226
                                                                                                                                                                                • Part of subcall function 004B810C: CloseHandle.KERNEL32(?), ref: 004B822F
                                                                                                                                                                                • Part of subcall function 004B810C: CloseHandle.KERNEL32(?,00000000,?,?), ref: 004B8244
                                                                                                                                                                                • Part of subcall function 00419846: ??3@YAXPAX@Z.MSVCRT ref: 00419847
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Handle$CloseProcess$CurrentPipe$??3@AsyncCodeCreateDuplicateExitFolderNamedPathPeekSpecialState
                                                                                                                                                                              • String ID: Could not setup teredo, result was: [%s]$Ok.$Unknown error.$client$enterpriseclient$interface ipv6 set teredo %s$netsh.exe$netsh.exe interface ipv6 set teredo %s
                                                                                                                                                                              • API String ID: 574571512-3787872490
                                                                                                                                                                              • Opcode ID: ec612bfd4c10c6705607b611c736e2ad7c091488826f0b2791ea7173d1cb00f5
                                                                                                                                                                              • Instruction ID: 5dd946c5e7d0447a69c37957dd2e82d32c074cc132acbb3cb6beeffd1937784a
                                                                                                                                                                              • Opcode Fuzzy Hash: ec612bfd4c10c6705607b611c736e2ad7c091488826f0b2791ea7173d1cb00f5
                                                                                                                                                                              • Instruction Fuzzy Hash: C4317071D4411466DF04B6E69897BED77A9AF60308F1005AFE802772C1DF7D6A0886A8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004E8812 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53clipboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Clipboard$_strnicmp$AvailableCloseDataFormatOpen
                                                                                                                                                                              • String ID: feed$http$http://
                                                                                                                                                                              • API String ID: 101086014-67626171
                                                                                                                                                                              • Opcode ID: 4dcdc64361740f302a60f048bdc8b991cbefe7be4f709e11bd7fac542557c787
                                                                                                                                                                              • Instruction ID: 8cb50bb1a1f93fb8282b69bf2511249bbbee477f0bcff5f099556e31f750004e
                                                                                                                                                                              • Opcode Fuzzy Hash: 4dcdc64361740f302a60f048bdc8b991cbefe7be4f709e11bd7fac542557c787
                                                                                                                                                                              • Instruction Fuzzy Hash: 7801FC3270036027EE2137376D15B6A2654AF62B52F4C017EFD08DB2D5DF9CC90541AD
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00438BD4 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                                • Part of subcall function 00432DB5: ??3@YAXPAX@Z.MSVCRT ref: 00432DBA
                                                                                                                                                                                • Part of subcall function 00432DB5: ??3@YAXPAX@Z.MSVCRT ref: 00432DC5
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 00438C0C
                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00438C6F
                                                                                                                                                                              • __aullrem.LIBCMT ref: 00438C86
                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00438CB9
                                                                                                                                                                              • __aullrem.LIBCMT ref: 00438CDB
                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00438D8F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldiv$??3@__aullrem$??2@CurrentThread
                                                                                                                                                                              • String ID: x$l+f
                                                                                                                                                                              • API String ID: 1379171660-680846166
                                                                                                                                                                              • Opcode ID: 114d2903bb4343914412443630fd4e2c23bd87b0a02c7db5142f22f088928820
                                                                                                                                                                              • Instruction ID: 6beb55ff1cdc486ea1a2474867ae1e2733b6b38b8cff3dcc3f2f290d44350906
                                                                                                                                                                              • Opcode Fuzzy Hash: 114d2903bb4343914412443630fd4e2c23bd87b0a02c7db5142f22f088928820
                                                                                                                                                                              • Instruction Fuzzy Hash: EAB124B4A00B11AFCB24CF69C580AAAFBF1BF08314B10592EE59A97B91D734F954CF54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004040F6 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 126fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0044D943: _wcsicmp.MSVCRT ref: 0044D95A
                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,*.torrent,?), ref: 00404192
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,?), ref: 004041E7
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004041F3
                                                                                                                                                                              • FindNextFileW.KERNEL32(000000FF,00000010), ref: 00404263
                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00404282
                                                                                                                                                                              Strings
                                                                                                                                                                              • Torrent storage folder can't be the same as the autoload folder!, xrefs: 00404150
                                                                                                                                                                              • *.torrent, xrefs: 00404173
                                                                                                                                                                              • d, xrefs: 0040424B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFind$Close$CreateFirstHandleNext_wcsicmp
                                                                                                                                                                              • String ID: *.torrent$Torrent storage folder can't be the same as the autoload folder!$d
                                                                                                                                                                              • API String ID: 3375530805-1019836267
                                                                                                                                                                              • Opcode ID: edd95bdc6e378d42b8916e927dc19227720015d15f1c7006708301e83d9db6b5
                                                                                                                                                                              • Instruction ID: 150db0695cba4d87e9153b8576b9fecda1dd253f78e682a6724cf371a08cce17
                                                                                                                                                                              • Opcode Fuzzy Hash: edd95bdc6e378d42b8916e927dc19227720015d15f1c7006708301e83d9db6b5
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B419371E44208AADF04EBF5CC45AFEBB78AFA1348F1045AEA511731C1DB385E4ACB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0048441E Relevance: 10.9, APIs: 1, Strings: 6, Instructions: 354COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Got Bad Have %d$Got Choke$Got Have %d$Got Interested$Got Not Interested$Got Unchoke
                                                                                                                                                                              • API String ID: 0-125272345
                                                                                                                                                                              • Opcode ID: d7cb3b343eca3294a27cadac6a52ada8296a186bd41390b57018c196569b2965
                                                                                                                                                                              • Instruction ID: 5e63233474cc2da998865624b5663cfd274d7d372e93504cbb771dfefea1653f
                                                                                                                                                                              • Opcode Fuzzy Hash: d7cb3b343eca3294a27cadac6a52ada8296a186bd41390b57018c196569b2965
                                                                                                                                                                              • Instruction Fuzzy Hash: 07C10370600B069FCB19FB24C886BEF73E5AF86308F10085EE55A87392DB7D6985C759
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00462C59 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,00000001,?), ref: 00462CB1
                                                                                                                                                                              • FindClose.KERNEL32(00000000,00000000), ref: 00462CCD
                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000), ref: 00462D0C
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00462D82
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00462D8D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$CloseFirst$Next
                                                                                                                                                                              • String ID: %s\*.*
                                                                                                                                                                              • API String ID: 790976334-1013718255
                                                                                                                                                                              • Opcode ID: ca9e391d5c9a6d2a1f08b2039f9d6cca430980d732f5c992c4918cca648d1d92
                                                                                                                                                                              • Instruction ID: 366eb72712124a77ea24447880c48990d2c74a759bd9db71cffcc958f63fa751
                                                                                                                                                                              • Opcode Fuzzy Hash: ca9e391d5c9a6d2a1f08b2039f9d6cca430980d732f5c992c4918cca648d1d92
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E41C731900508BFCF04FBA5CD919EEB779AF64304F1040AEE405A7191EB38AF49DB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041CDE4 Relevance: 10.6, APIs: 7, Instructions: 101networkstringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041CD9D: socket.WS2_32(00000010,00000000,00000000), ref: 0041CDAC
                                                                                                                                                                                • Part of subcall function 0041CD9D: setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0041CDD2
                                                                                                                                                                              • setsockopt.WS2_32(?,0000FFFF,00000004,00000000,00000004), ref: 0041CE3A
                                                                                                                                                                              • _errno.MSVCRT ref: 0041CE45
                                                                                                                                                                              • _errno.MSVCRT ref: 0041CE4C
                                                                                                                                                                              • strerror.MSVCRT ref: 0041CE55
                                                                                                                                                                              • WSAGetLastError.WS2_32(00000000,00534BD4,?,00000001,00000000,00000000,00000000,00000000,0042FA80,00000000,00000000), ref: 0041CE88
                                                                                                                                                                              • WSAGetLastError.WS2_32(00000000,00534BD4,?,00000001,00000000,00000000,00000000,00000000,0042FA80,00000000,00000000), ref: 0041CE8E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast_errnosetsockopt$socketstrerror
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2040699923-0
                                                                                                                                                                              • Opcode ID: b7779befe187da0255e3664502ca0e62f9bf3ea0c4a52e39ef8151030e51e3b4
                                                                                                                                                                              • Instruction ID: 9c6334b123dae514190630676a53752d2bb21184c53eb5447ad3eebbcfbca7fc
                                                                                                                                                                              • Opcode Fuzzy Hash: b7779befe187da0255e3664502ca0e62f9bf3ea0c4a52e39ef8151030e51e3b4
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A313731A40204B7DF11AEB48C82BEE7B559F11374F148716FA14DB2D2D73DC8849799
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00408306 Relevance: 9.2, APIs: 6, Instructions: 186sleepsynchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@CloseExitHandleMutexProcessReleaseShowSleepWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 223816685-0
                                                                                                                                                                              • Opcode ID: 417955e07cb19fc77c5366d28831d1b2977accafa66a93fc185af47f9d6dc8b1
                                                                                                                                                                              • Instruction ID: be90564a4e2f6460a5c410b7ff00cf8f6db091d1bcf42ad81c04cbaef3c9f42d
                                                                                                                                                                              • Opcode Fuzzy Hash: 417955e07cb19fc77c5366d28831d1b2977accafa66a93fc185af47f9d6dc8b1
                                                                                                                                                                              • Instruction Fuzzy Hash: D05164B16001416FCB14FBB2DCD28AE7BA59F51308B14403FE582672E3CF3D68899B99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0044C838 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 346COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • Invalid range request: %Lu-%Lu, xrefs: 0044CAB5
                                                                                                                                                                              • Requested range not satisfiable, xrefs: 0044CAC7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentThread
                                                                                                                                                                              • String ID: Invalid range request: %Lu-%Lu$Requested range not satisfiable
                                                                                                                                                                              • API String ID: 2882836952-506312262
                                                                                                                                                                              • Opcode ID: a2cc8ac91725e6f577b1b44bb4f24059a63c1fea2599189bd55e2e0fc9ec4546
                                                                                                                                                                              • Instruction ID: 1b4d28adb8bb4b3f90d2eb23fe8df62145a65684ae9d88d10aa3fd2b270183a9
                                                                                                                                                                              • Opcode Fuzzy Hash: a2cc8ac91725e6f577b1b44bb4f24059a63c1fea2599189bd55e2e0fc9ec4546
                                                                                                                                                                              • Instruction Fuzzy Hash: 24E18E70A00B059FD764DF79C881BEABBF1BF49304F14496EE0AA973A2D734A941CB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0048028C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 188COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                              • String ID: ReadFromDisk$Sending Piece %d:%d->%d$l+f
                                                                                                                                                                              • API String ID: 613200358-1075162796
                                                                                                                                                                              • Opcode ID: ad67f4ccf25871aee046ae1c135ea6a346272fcfcfc11b65816228b584844c8c
                                                                                                                                                                              • Instruction ID: 224a66662b6ada67d3e9b45de7dc8c34f21cba70b7cd120b797b952140d96c4c
                                                                                                                                                                              • Opcode Fuzzy Hash: ad67f4ccf25871aee046ae1c135ea6a346272fcfcfc11b65816228b584844c8c
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D71B0347046409FCB15DF29C885BDABBE2AF99304F04C45EF9894B3A2C774A858CB94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004122AB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,*.*,00000000,00000000), ref: 004122D5
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?,00000004,005C50B4), ref: 00412321
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0041232C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                                                              • String ID: *.*$.
                                                                                                                                                                              • API String ID: 3541575487-358234090
                                                                                                                                                                              • Opcode ID: 93a70323c48a91ad73f0bb3cb389b13435626890e9f828930252a22ab43cd4d3
                                                                                                                                                                              • Instruction ID: 47c8fec1caa384382c64d6e7539576a5128b70155d854350d8d825bc605e618c
                                                                                                                                                                              • Opcode Fuzzy Hash: 93a70323c48a91ad73f0bb3cb389b13435626890e9f828930252a22ab43cd4d3
                                                                                                                                                                              • Instruction Fuzzy Hash: F301D671900208AADB10F7B5DD49AEEB37C9F61318F1005BBE501E21E1EBBC9FD99658
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00454C91 Relevance: 7.6, APIs: 5, Instructions: 88fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(00000000), ref: 00454CC1
                                                                                                                                                                              • DeviceIoControl.KERNEL32(?,000900C4,00000000,00000000,00000000,00000000,?,00000000), ref: 00454CF7
                                                                                                                                                                              • SetEndOfFile.KERNEL32(?,?,?), ref: 00454D2C
                                                                                                                                                                              • SetFileValidData.KERNEL32(?,?,?,?,?,?), ref: 00454D54
                                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 00454D70
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AttributesControlDataDeviceErrorLastValid
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3955369320-0
                                                                                                                                                                              • Opcode ID: e50988168939c47edf272d98ce8af752c24c4a8968ca67e93c13ece2cdf220b5
                                                                                                                                                                              • Instruction ID: d1232a7b56122ce242eebf09b2d67869f69363f4fbc3be00478ace2ca75663f7
                                                                                                                                                                              • Opcode Fuzzy Hash: e50988168939c47edf272d98ce8af752c24c4a8968ca67e93c13ece2cdf220b5
                                                                                                                                                                              • Instruction Fuzzy Hash: FE21C5A14452C87EEB22CB605C40DBB3F6C9BE2349B08045BE8429B352DA694DCCE775
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00494519 Relevance: 7.5, APIs: 5, Instructions: 22encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00494509,00000000,0052C8F4,?), ref: 0049451E
                                                                                                                                                                              • LocalFree.KERNEL32(?,00494509,00000000,0052C8F4,?), ref: 0049452C
                                                                                                                                                                              • CertFreeCRLContext.CRYPT32(?), ref: 0049453A
                                                                                                                                                                              • CertCloseStore.CRYPT32(?,00000000), ref: 00494549
                                                                                                                                                                              • CryptMsgClose.CRYPT32(?), ref: 00494557
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Free$CertCloseLocal$ContextCryptStore
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1288644396-0
                                                                                                                                                                              • Opcode ID: 443a3c027a3420e0a37594b017dca1a7856152fbb67edf4b25fa4d31995c1120
                                                                                                                                                                              • Instruction ID: 00e6c6f558cc81ef73ead0b65ef97914a866f97373f14209c06fd3ab92a38ba3
                                                                                                                                                                              • Opcode Fuzzy Hash: 443a3c027a3420e0a37594b017dca1a7856152fbb67edf4b25fa4d31995c1120
                                                                                                                                                                              • Instruction Fuzzy Hash: 9CE0C931C10918EFCF225B98DC08CEEBF72FFD9716B654126E1127052597360D95EE29
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00412341 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0041237A
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?,00000004), ref: 004123C0
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004123CB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 3541575487-438819550
                                                                                                                                                                              • Opcode ID: cd08c7ec0542af995f8b8148fc1c3755f03c973bfecc3e01300133587a61bf33
                                                                                                                                                                              • Instruction ID: 015cffc6e5592ca79f63ea6c00ef082fa6a63dc2f0715e3cc815aca3d8ba72b2
                                                                                                                                                                              • Opcode Fuzzy Hash: cd08c7ec0542af995f8b8148fc1c3755f03c973bfecc3e01300133587a61bf33
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F11E372900218ABCB10EBF5DC459DEB77CAF65714F00017AE912E7290EB389F44CB98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00438493 Relevance: 6.3, APIs: 4, Instructions: 309COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00423423: GetSystemTime.KERNEL32(00000000,00000000,0042A301,0041E70C), ref: 0042342D
                                                                                                                                                                                • Part of subcall function 00423423: SystemTimeToFileTime.KERNEL32(?,?), ref: 0042343B
                                                                                                                                                                              • __aulldiv.LIBCMT ref: 0043856E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Time$System$File__aulldiv
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1459046340-0
                                                                                                                                                                              • Opcode ID: be550088a235ae378029987635a7d56bb5db7616d6f8f6db9374598b83f176f3
                                                                                                                                                                              • Instruction ID: d6f13ba7c293e4550571d2d4d441bb8599ad0b84f064bc429fa7567345172cb9
                                                                                                                                                                              • Opcode Fuzzy Hash: be550088a235ae378029987635a7d56bb5db7616d6f8f6db9374598b83f176f3
                                                                                                                                                                              • Instruction Fuzzy Hash: BBC18B70A007099BCB28DF64C8917EEF7F2BF59304F24542EE466A3341DB78A941CB98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00408183 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00429019: __aulldiv.LIBCMT ref: 0042903B
                                                                                                                                                                                • Part of subcall function 00429019: __aulldiv.LIBCMT ref: 00429066
                                                                                                                                                                              • IsIconic.USER32(?), ref: 0040824B
                                                                                                                                                                                • Part of subcall function 00407B14: GetWindowRect.USER32(?,?), ref: 00407B24
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 004082EC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldiv$??3@IconicRectWindow
                                                                                                                                                                              • String ID: dht_feed.dat
                                                                                                                                                                              • API String ID: 2481113364-937663496
                                                                                                                                                                              • Opcode ID: 3e67aa08da61955a0b271e407ad9f29f5330ab5a53f6c1b1266d28dd038bfc46
                                                                                                                                                                              • Instruction ID: 0d50fe9925201d774158ac9ca877f842f909e4c06183cf79a1dd624624a103b1
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e67aa08da61955a0b271e407ad9f29f5330ab5a53f6c1b1266d28dd038bfc46
                                                                                                                                                                              • Instruction Fuzzy Hash: B141B631A059149FCB04EB79ED51EAE37B5EBA931CB04006EE801633A1DB386D49EB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046E8C7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 12encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(2E322E31,00000000,C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent,0046F6B6), ref: 0046E8DA
                                                                                                                                                                              Strings
                                                                                                                                                                              • C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent, xrefs: 0046E8C7
                                                                                                                                                                              • F, xrefs: 0046E8CD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ContextCryptRelease
                                                                                                                                                                              • String ID: C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent$F
                                                                                                                                                                              • API String ID: 829835001-1499756329
                                                                                                                                                                              • Opcode ID: 57620f1136d8e3cd884ac03fe72906a7358d632caff1ed30071ab450c225c836
                                                                                                                                                                              • Instruction ID: 7d685f44dc4c9a3c1089dd7caeecd26403a9720370db170d18ed5ccefd1d5a0f
                                                                                                                                                                              • Opcode Fuzzy Hash: 57620f1136d8e3cd884ac03fe72906a7358d632caff1ed30071ab450c225c836
                                                                                                                                                                              • Instruction Fuzzy Hash: 8DC012B411061187DB301F18A804B827BD8AF04340F10081AB980D7344EBB0E8819A68
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004983A4 Relevance: 5.2, APIs: 4, Instructions: 163COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpymemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1297977491-0
                                                                                                                                                                              • Opcode ID: 1ed0c12a831393f2476262c477b6784f020e5990882ba058d098baf6e0cec674
                                                                                                                                                                              • Instruction ID: d9a8a5a0a7e6870754bde643610f2a76d77ffe26ed2a1d0f504b725902c30168
                                                                                                                                                                              • Opcode Fuzzy Hash: 1ed0c12a831393f2476262c477b6784f020e5990882ba058d098baf6e0cec674
                                                                                                                                                                              • Instruction Fuzzy Hash: 0B51D432B052999ECF148EAC8C017DEBF745F66300F0541BEE489EB282D9348B58DB96
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046E88C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CryptDestroyKey.ADVAPI32(0046E8E8,C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent,0046F6AE), ref: 0046E89D
                                                                                                                                                                              Strings
                                                                                                                                                                              • C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent, xrefs: 0046E88C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CryptDestroy
                                                                                                                                                                              • String ID: C=US,ST=CA,L=San Francisco,O=BitTorrent,OU=uTorrent,CN=uTorrent
                                                                                                                                                                              • API String ID: 1712904745-2629353765
                                                                                                                                                                              • Opcode ID: b10933c023bdd01d83e992e12a2735a6703616b63e440ba204de7c89631c8d52
                                                                                                                                                                              • Instruction ID: 9f44ada2d0a9adf7744900831abd9e869477fdea960c5afb4331135c4d42c68f
                                                                                                                                                                              • Opcode Fuzzy Hash: b10933c023bdd01d83e992e12a2735a6703616b63e440ba204de7c89631c8d52
                                                                                                                                                                              • Instruction Fuzzy Hash: ACC012744007118BDB601F18F8088827BE8BE08300310081EA880C3304EBB4EC808E58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004169D0 Relevance: 3.1, APIs: 2, Instructions: 57sleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • Sleep.KERNEL32(000000C8,00000000,?,?,00000000,?,?,?,?,?,?,?,0041880B), ref: 00416A2A
                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00416A6A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExitProcessSleep
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 911557368-0
                                                                                                                                                                              • Opcode ID: f4d88cd5ced8689d212063ae651ec498ca390ba0b4ec20094af1b6d64055f9d1
                                                                                                                                                                              • Instruction ID: 8a69a20d274e9fbed7fe7bfc41028a87903afe1037be489e5ca2dff29a0e9a84
                                                                                                                                                                              • Opcode Fuzzy Hash: f4d88cd5ced8689d212063ae651ec498ca390ba0b4ec20094af1b6d64055f9d1
                                                                                                                                                                              • Instruction Fuzzy Hash: F8016B319001106BDB10B7599C496DE77ADEF5B34DF12802FE402B2151D67ACC84E218
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00422809 Relevance: 2.7, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: G=D$x
                                                                                                                                                                              • API String ID: 0-4128599692
                                                                                                                                                                              • Opcode ID: 6482bd960f6d2f8ab7f22983f2758897e63d1837d6de4829ada68514227515c5
                                                                                                                                                                              • Instruction ID: 7c6646e71f35f56dcabcc52ef699ecb3b14bed65ef9282360eebc4d4c2fe1094
                                                                                                                                                                              • Opcode Fuzzy Hash: 6482bd960f6d2f8ab7f22983f2758897e63d1837d6de4829ada68514227515c5
                                                                                                                                                                              • Instruction Fuzzy Hash: E8A1DF70F04258AFCF25CFA8D1817EEBBF0AF49310F54854AD49567382D7B8A986CB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A58F Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000400,00000001,?,0000001F,?,?,?,?,?,?,?,?,?,0042A5D0,?,00000059), ref: 0042A5AB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                                                              • Opcode ID: d789d7a0e9e2d44de11c92d7da8ff33773d906f16ccc04ff3f59d18d67a1608b
                                                                                                                                                                              • Instruction ID: 6d0063fcab4bcc466b23e05ec88fc50ced3470b6216b44fee88038c50ad4f423
                                                                                                                                                                              • Opcode Fuzzy Hash: d789d7a0e9e2d44de11c92d7da8ff33773d906f16ccc04ff3f59d18d67a1608b
                                                                                                                                                                              • Instruction Fuzzy Hash: 03E0E67650021CFBDB009FE5CC45DEE7778BB48754F004415FF01AB191E670E91A9B95
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00474050 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 002c0fc24abeabb9adf169bdd720873923eb329038eb198712c8a9d0945cb008
                                                                                                                                                                              • Instruction ID: 8b3d66b8ad0b1c0a8c25d84552d3fe5e796f9bdbf8e6da4505dd69f9e6b66597
                                                                                                                                                                              • Opcode Fuzzy Hash: 002c0fc24abeabb9adf169bdd720873923eb329038eb198712c8a9d0945cb008
                                                                                                                                                                              • Instruction Fuzzy Hash: AE4153367097814BD36DC63D8C805ABAFD79FE1100B54CA6DC8C6977CAC9B4E905C3A1
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0049A9B1 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 35a4c53c122d284bcdc2e888781173fbe2320c5faadfcabdd6d95456c630445f
                                                                                                                                                                              • Instruction ID: c17cd1851b0eb6f2254dbc112bc8792a83595f5e73ea7260c4e28c0398355137
                                                                                                                                                                              • Opcode Fuzzy Hash: 35a4c53c122d284bcdc2e888781173fbe2320c5faadfcabdd6d95456c630445f
                                                                                                                                                                              • Instruction Fuzzy Hash: 36F09A2590E281CCC3499624C0A5B68FE81E7E2203F5DC1ECD2C70BB5AC9A8910DC372
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A88D6 Relevance: 63.5, APIs: 34, Strings: 2, Instructions: 460windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetPropA.USER32(?,MsgBoxData), ref: 004A8906
                                                                                                                                                                              • GetDlgItem.USER32(?,00000064), ref: 004A894A
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 004A8958
                                                                                                                                                                              • GetDlgItem.USER32(?,00000064), ref: 004A89C0
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 004A89CE
                                                                                                                                                                              • GetPropA.USER32(?,MsgBoxData), ref: 004A89EE
                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 004A8A60
                                                                                                                                                                              • GetSystemMetrics.USER32(0000002E), ref: 004A8A67
                                                                                                                                                                              • GetSystemMetrics.USER32(0000002D), ref: 004A8A6E
                                                                                                                                                                              • GetDlgItem.USER32(?,0000FFFF), ref: 004A8A79
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 004A8A96
                                                                                                                                                                              • 73A1A570.USER32(?), ref: 004A8AA0
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004A8AB2
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004A8B09
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004A8B39
                                                                                                                                                                              • OffsetRect.USER32(?,?,?), ref: 004A8BA0
                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000214), ref: 004A8BD5
                                                                                                                                                                              • GetParent.USER32(00000000), ref: 004A8BDA
                                                                                                                                                                              • GetDlgItem.USER32(00000000,0000CAFE), ref: 004A8C01
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000214,?), ref: 004A8C3D
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,Button,00000000,50010002,?,?,?,00000000,00000000,00000064,00000000), ref: 004A8CB7
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 004A8CCD
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 004A8CF8
                                                                                                                                                                                • Part of subcall function 004A7247: GetWindowRect.USER32(00000000,?), ref: 004A7267
                                                                                                                                                                                • Part of subcall function 004A7247: GetSystemMetrics.USER32(00000000), ref: 004A7283
                                                                                                                                                                                • Part of subcall function 004A7247: GetSystemMetrics.USER32(00000001), ref: 004A728A
                                                                                                                                                                                • Part of subcall function 004A7247: GetWindowRect.USER32(?,?), ref: 004A7297
                                                                                                                                                                                • Part of subcall function 004A7247: OffsetRect.USER32(?,?,?), ref: 004A72AF
                                                                                                                                                                                • Part of subcall function 004A7247: OffsetRect.USER32(?,?,004A8BEE), ref: 004A72D8
                                                                                                                                                                                • Part of subcall function 004A7247: SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000205,?,?,?,?,?,004A8BEE), ref: 004A72F6
                                                                                                                                                                              • GetDlgItem.USER32(00000000,?), ref: 004A8D27
                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 004A8D2E
                                                                                                                                                                              • GetDlgItem.USER32(00000000,?), ref: 004A8D42
                                                                                                                                                                              • SetFocus.USER32(00000000), ref: 004A8D49
                                                                                                                                                                              • GetSystemMenu.USER32(00000000,00000001), ref: 004A8D5A
                                                                                                                                                                              • GetSystemMenu.USER32(00000000,00000000), ref: 004A8D61
                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 004A8D66
                                                                                                                                                                              • GetMenuItemID.USER32(00000000,00000000), ref: 004A8D76
                                                                                                                                                                              • RemoveMenu.USER32(00000000,00000000,00001400), ref: 004A8D91
                                                                                                                                                                              • GetPropA.USER32(?,MsgBoxData), ref: 004A8DAB
                                                                                                                                                                              • UnhookWindowsHookEx.USER32(00000000), ref: 004A8DB3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$SystemWindow$MessageRectSend$MenuMetrics$OffsetProp$ObjectSelect$A570CountCreateFocusHookParentRemoveUnhookWindows
                                                                                                                                                                              • String ID: Button$MsgBoxData
                                                                                                                                                                              • API String ID: 1163415667-4089024010
                                                                                                                                                                              • Opcode ID: c4168eda3b37c21f3b85b098e052c3eeaa4f0b218be827112a76d39de5685ffa
                                                                                                                                                                              • Instruction ID: 8696b2429c418afd3779a93dd3d76f23b9f81e70cd5e45798445dc4cffddb89b
                                                                                                                                                                              • Opcode Fuzzy Hash: c4168eda3b37c21f3b85b098e052c3eeaa4f0b218be827112a76d39de5685ffa
                                                                                                                                                                              • Instruction Fuzzy Hash: 42027D71A00209AFDB21CFA4CC85FAE7BB5FF26310F14851AF905A72A0DB78AD45DB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004023DE Relevance: 63.2, APIs: 35, Strings: 1, Instructions: 171windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0040ED0D: KillTimer.USER32(?,?), ref: 0040ED20
                                                                                                                                                                              • GetDlgItem.USER32(?,000006B1), ref: 004023FE
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,000006C2), ref: 0040240A
                                                                                                                                                                              • GetDlgItem.USER32(?,000006BF), ref: 00402415
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,000006C2), ref: 00402419
                                                                                                                                                                              • GetDlgItem.USER32(?,000006BF), ref: 00402424
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,000006C2), ref: 00402428
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BD), ref: 00402433
                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00402436
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BD), ref: 00402449
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,000006C2), ref: 0040244D
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BE), ref: 00402458
                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 0040245B
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BE), ref: 0040246E
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,000006C2), ref: 00402472
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06B2), ref: 0040247D
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,000006C2), ref: 00402481
                                                                                                                                                                              • GetDlgItem.USER32(?,000006C2), ref: 0040248C
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,000006C2), ref: 00402490
                                                                                                                                                                              • GetDlgItem.USER32(?,000006B3), ref: 004024B5
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000461,?,00000000), ref: 004024D4
                                                                                                                                                                              • GetDlgItem.USER32(?,000006B5), ref: 004024E6
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 004024F5
                                                                                                                                                                              • GetDlgItem.USER32(?,000006B5), ref: 00402500
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000040A,00000001,00000000), ref: 0040250C
                                                                                                                                                                              • GetDlgItem.USER32(?,000006B3), ref: 00402517
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 0040251E
                                                                                                                                                                              • GetDlgItem.USER32(?,000006AF), ref: 00402529
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 0040252D
                                                                                                                                                                              • GetDlgItem.USER32(?,000006B5), ref: 00402538
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 0040253C
                                                                                                                                                                              • GetDlgItem.USER32(?,000006C1), ref: 00402547
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 0040254B
                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000), ref: 00402554
                                                                                                                                                                              • EnableMenuItem.USER32(00000000,0000F060,00000000), ref: 00402565
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00402573
                                                                                                                                                                              Strings
                                                                                                                                                                              • {\rtf1\ansi\ansicpg1252 \fs38 \b Thank you for your patience\b0}, xrefs: 00402492
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$Window$Show$MessageSend$Menu$EnableInvalidateKillRectSystemTimer
                                                                                                                                                                              • String ID: {\rtf1\ansi\ansicpg1252 \fs38 \b Thank you for your patience\b0}
                                                                                                                                                                              • API String ID: 2598469842-3054735106
                                                                                                                                                                              • Opcode ID: 3acff4e3071d94cb8c7cff20362b7a67114f49e9630f8d9865091623d6e233d8
                                                                                                                                                                              • Instruction ID: a7af41278ca8d05f8bcab0000c0c7f3dd3a3da219e7c697a899f7a761aa73cda
                                                                                                                                                                              • Opcode Fuzzy Hash: 3acff4e3071d94cb8c7cff20362b7a67114f49e9630f8d9865091623d6e233d8
                                                                                                                                                                              • Instruction Fuzzy Hash: E8416EF16407087BDA20BBB6DD8DE1BBBDDEFC5B04B014818F655D7190CAB9F8058A28
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BE343 Relevance: 59.9, APIs: 7, Strings: 27, Instructions: 421windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,066171C6,00000000), ref: 004BE367
                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000010,InstallLocation,?), ref: 004BE448
                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000028,00000001,00000000,?,00000010,00000000,?,0000000B,00000000,?,0000001A,\Microsoft\Internet Explorer\Quick Launch,?,00000019), ref: 004BE5C3
                                                                                                                                                                              • _wcsnicmp.MSVCRT ref: 004BE5F7
                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 004BE658
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000080,00000000,00000000,InstallLocation,?,00000104), ref: 004BE743
                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,?,00000104), ref: 004BE8BD
                                                                                                                                                                                • Part of subcall function 004B2EFA: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004B2F11
                                                                                                                                                                                • Part of subcall function 004B2EFA: GetShortPathNameW.KERNEL32(?,?,00000100), ref: 004B2F2E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Name$FilePath$ModuleShort$AttributesFolderMessageSpecial_wcsicmp_wcsnicmp
                                                                                                                                                                              • String ID: %s%s%s$.btapp$.btinstall$.btkey$.btsearch$.btskin$.torrent$/UNINSTALL /S$/UNINSTALL /S /REMSETTINGS$InstallLocation$Magnet$Software\BitTorrent$Software\BitTorrent\engine$Software\BitTorrent\uTorrent$Software\Classes\Applications\uTorrent.exe$Software\Classes\uTorrent$Software\Classes\uTorrent\Content Type$Software\Classes\uTorrent\DefaultIcon$Software\Classes\uTorrent\shell$Software\Classes\uTorrent\shell\open$Software\Classes\uTorrent\shell\open\command$Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent$\Microsoft\Internet Explorer\Quick Launch$deltree /Y $rmdir /S /Q $uTorrent$uTorrent.exe
                                                                                                                                                                              • API String ID: 1589642727-1822536445
                                                                                                                                                                              • Opcode ID: 75f7a7277d08134fad361134780823055ab3b44787046a2dff23cffead749aae
                                                                                                                                                                              • Instruction ID: f60e159f3cf946b77536288e9b8f789084457fad53cd45fc0f260c793681ed3a
                                                                                                                                                                              • Opcode Fuzzy Hash: 75f7a7277d08134fad361134780823055ab3b44787046a2dff23cffead749aae
                                                                                                                                                                              • Instruction Fuzzy Hash: 95E1B3715002589ADB14FFB2CC92AEE3B68BF51308F0444AFF90597192DF7C9A49CB69
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004502AD Relevance: 52.9, APIs: 6, Strings: 24, Instructions: 405stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _atoi64$strstrtolower$strchr
                                                                                                                                                                              • String ID: Accept-Encoding:$Accept:$Authorization:$Basic$Connection: close$Connection: keep-alive$Content-Length:$Content-Type:$Cookie:$GUID$GUID=$HTTP: IP %a: Bad Range value$HTTP: IP %a: can't accept cookie - incorrect format$If-None-Match:$Range:$Referer:$User-Agent:$X-Requested-With:$boundary=$bytes=$new$stay_signed_in=true$x-bt-seq:$x-raptor-rid:
                                                                                                                                                                              • API String ID: 1699365641-4153045325
                                                                                                                                                                              • Opcode ID: f19e7edea6058a150b2a07301eaa8384eb0e1a4fcfba810c89e2fe4de04f20ae
                                                                                                                                                                              • Instruction ID: ff75cb753828590ba4a573670c32cb913f5f3837ca711b4c3ccd87131a44aa4b
                                                                                                                                                                              • Opcode Fuzzy Hash: f19e7edea6058a150b2a07301eaa8384eb0e1a4fcfba810c89e2fe4de04f20ae
                                                                                                                                                                              • Instruction Fuzzy Hash: 57D15F7970476657CB2DAA2484503FEAB816F56345F28012FEC9617383DB2C5D4F8B8E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046A700 Relevance: 39.4, APIs: 2, Strings: 24, Instructions: 421COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: /announce?$/btapp/$/gui$/gui/$/gui/connect$/gui/keepalive$/gui/pair$/gui/pingimg$/gui/srp$<html><head><link rel="stylesheet" type="text/css" href="%s"></head><body><script>var key = "%s";var source = "%s";</script><h3>%s wants access to %s</h3><p>If you click yes, this site will have access to your data</p><input type="button" value="Allow" onclick$BMB$HTTP/1.1 200 OKContent-Length: %dContent-Type: text/html%s$HTTP: IP %a: Blocked: GET %.100s $HTTP: IP %a: GET %.200s$cancel$http://apps.bittorrent.com/torque/pairing/style.%s%scss$iframe$iframe$image/x-ms-bmp$pin$sessionid$style$uTorrent$l+f
                                                                                                                                                                              • API String ID: 0-1397624512
                                                                                                                                                                              • Opcode ID: e5420effb25d5aeb1361dc030fd20728e2e8b6dbde60a4faa0ea1157eccb2dc2
                                                                                                                                                                              • Instruction ID: f1ed1d87dd229d21e79a93845adc6a2cb0f20e0ae82fa114463f9a8fee8825d5
                                                                                                                                                                              • Opcode Fuzzy Hash: e5420effb25d5aeb1361dc030fd20728e2e8b6dbde60a4faa0ea1157eccb2dc2
                                                                                                                                                                              • Instruction Fuzzy Hash: 58D1E5706006106ADB24BB619C91BFF6B69AF11708F14057FBC067B2C3EA7C5C59CA6B
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0044CD70 Relevance: 38.9, APIs: 12, Strings: 10, Instructions: 444stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strchr$tolower$ErrorFileLastRead_atoi64atoistrrchrstrtolstrtoul
                                                                                                                                                                              • String ID: /content/$/proxy$/seed/$/streaming$/torrent/$http%3a$http:%2f$http:/$http://%s$x
                                                                                                                                                                              • API String ID: 2392246350-879189557
                                                                                                                                                                              • Opcode ID: 65e9de0cae04bb9ad05029a4413c5b05d5a1bce212b2dd4b5f0819591fcf6ea2
                                                                                                                                                                              • Instruction ID: 242918fb879a55bdb628b2dcb4c11ce2cd4f91f31f7ef549e84f0f7543c58c6b
                                                                                                                                                                              • Opcode Fuzzy Hash: 65e9de0cae04bb9ad05029a4413c5b05d5a1bce212b2dd4b5f0819591fcf6ea2
                                                                                                                                                                              • Instruction Fuzzy Hash: 1BF1B031E042059BEF24EF65C885BAE77A1AF15308F1840AFE8056B3C2DB7D9949C799
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00460EC7 Relevance: 38.9, APIs: 20, Strings: 2, Instructions: 415memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 00460FC3
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0046101F
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00461032
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00461055
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 004610D8
                                                                                                                                                                              • SysAllocString.OLEAUT32(0053BB00), ref: 00461199
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 004611AB
                                                                                                                                                                              • SysAllocString.OLEAUT32(0053B334), ref: 004611B8
                                                                                                                                                                              • SysAllocString.OLEAUT32(00533090), ref: 004611C5
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0046128A
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00461295
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004612A0
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004612AF
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004612BE
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004612DD
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004612FE
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00461309
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00461314
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00461323
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00461332
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Free$Alloc$DesktopWindow_wcsicmp
                                                                                                                                                                              • String ID: HNetCfg.FwPolicy2$HNetCfg.FwRule
                                                                                                                                                                              • API String ID: 1759499233-590769273
                                                                                                                                                                              • Opcode ID: 61f7b6f09e57c82e1b526948e5702aa3a9da29a7576a6f344308e6b8e86bdfc1
                                                                                                                                                                              • Instruction ID: e200121c2e93dc4ffdcff2a60cee2919f917c2d7f2403650360c53d8dd1b3eb2
                                                                                                                                                                              • Opcode Fuzzy Hash: 61f7b6f09e57c82e1b526948e5702aa3a9da29a7576a6f344308e6b8e86bdfc1
                                                                                                                                                                              • Instruction Fuzzy Hash: DFF15C70D002499FDF10DBA4C858BAEBBB5FF49315F18449AE801E7360EB399D46CB66
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B411E Relevance: 38.7, APIs: 4, Strings: 18, Instructions: 228COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,00000000), ref: 004B4138
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\uTorrent,00000000), ref: 004B4144
                                                                                                                                                                                • Part of subcall function 0042A0AC: GetFileSize.KERNEL32(00000000,00000000,00000080,?,0042F675,?,00000000,00414236,?,00000000,00000000), ref: 0042A0C9
                                                                                                                                                                                • Part of subcall function 0042A0AC: SetLastError.KERNEL32(00000008), ref: 0042A0E5
                                                                                                                                                                                • Part of subcall function 0042A0AC: CloseHandle.KERNEL32(00000000), ref: 0042A117
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?), ref: 004B4291
                                                                                                                                                                              Strings
                                                                                                                                                                              • V8 Bundle found, but no files in bundle!, xrefs: 004B429C
                                                                                                                                                                              • b.btapp, xrefs: 004B435D
                                                                                                                                                                              • Failed to read V8 bundle directory, xrefs: 004B4259
                                                                                                                                                                              • apps.btapp, xrefs: 004B43A6
                                                                                                                                                                              • V8 bundle: Failed to get bundle offset, xrefs: 004B41C9
                                                                                                                                                                              • ui.btapp, xrefs: 004B42CA, 004B431B
                                                                                                                                                                              • .zip, xrefs: 004B41E2
                                                                                                                                                                              • Installing bundle: %s to %s, xrefs: 004B439F
                                                                                                                                                                              • Failed to save temporary V8 bundle, xrefs: 004B4214
                                                                                                                                                                              • -- Begin bundle install --, xrefs: 004B414A
                                                                                                                                                                              • Failed to unpack bundled btapp: %s to: %s, xrefs: 004B43B4
                                                                                                                                                                              • V8 bundle: Failed to open exe, xrefs: 004B419F
                                                                                                                                                                              • INSTALLDEBUG: LoadFile of current exe failed, xrefs: 004B4172
                                                                                                                                                                              • Found V8 bundle, xrefs: 004B4243
                                                                                                                                                                              • C:\Users\user\AppData\Roaming\uTorrent, xrefs: 004B413F
                                                                                                                                                                              • Failed to find bundled btapp: %s, xrefs: 004B431F
                                                                                                                                                                              • No V8 bundle found, xrefs: 004B4236
                                                                                                                                                                              • apps, xrefs: 004B427A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateDirectoryFile$CloseErrorHandleLastModuleNameSize
                                                                                                                                                                              • String ID: -- Begin bundle install --$.zip$C:\Users\user\AppData\Roaming\uTorrent$Failed to find bundled btapp: %s$Failed to read V8 bundle directory$Failed to save temporary V8 bundle$Failed to unpack bundled btapp: %s to: %s$Found V8 bundle$INSTALLDEBUG: LoadFile of current exe failed$Installing bundle: %s to %s$No V8 bundle found$V8 Bundle found, but no files in bundle!$V8 bundle: Failed to get bundle offset$V8 bundle: Failed to open exe$apps$apps.btapp$b.btapp$ui.btapp
                                                                                                                                                                              • API String ID: 1484299634-2789703404
                                                                                                                                                                              • Opcode ID: 35fd4b27ce2b62a0154e2c42453dfbfd35ded32a3ef938c00de7b963f15f3316
                                                                                                                                                                              • Instruction ID: 0f279ccdd29a1c9c98edc86e1fcc8092215f201a936ab8d6ad0ee62aaf63e230
                                                                                                                                                                              • Opcode Fuzzy Hash: 35fd4b27ce2b62a0154e2c42453dfbfd35ded32a3ef938c00de7b963f15f3316
                                                                                                                                                                              • Instruction Fuzzy Hash: F071A431A40115ABCF18FBA6D8928EEB7B5BFA4308B10446FF402671C3DF7C5A469A59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045EDEE Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 219stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strchr$_strnicmp$atoimemchrstrrchr
                                                                                                                                                                              • String ID: btresource$btresource://$feed://$http$http://$https$https://$udp$udp://
                                                                                                                                                                              • API String ID: 1133942460-3240269518
                                                                                                                                                                              • Opcode ID: b0966b2f82e0c40bbbb49449c019e3e756c91437eaef6f97761a6a947a1e687a
                                                                                                                                                                              • Instruction ID: 50808a1c77afd2ae92d753684db3cd880fb62e2b93123fabfcb150124d0aafe0
                                                                                                                                                                              • Opcode Fuzzy Hash: b0966b2f82e0c40bbbb49449c019e3e756c91437eaef6f97761a6a947a1e687a
                                                                                                                                                                              • Instruction Fuzzy Hash: 07613872B043006BDB289E36C882A6B77E5EF60305F14443FE9469B382DF79DE498759
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004647D0 Relevance: 36.2, APIs: 5, Strings: 19, Instructions: 173COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • <html><head><title>&micro;Torrent Search</title></head><frameset rows="90px,*"><frame src="http://search.utorrent.com/bntop.html" frameborder="0" marginheight="0" marginwidth="0" scrolling="no" noresize="noresize" /><frame src="http://search.conduit.com/Result, xrefs: 004647F8
                                                                                                                                                                              • GET /favicon.ico, xrefs: 00464964
                                                                                                                                                                              • HEAD /fileserve/, xrefs: 004648A6
                                                                                                                                                                              • GET /seed/, xrefs: 00464842
                                                                                                                                                                              • POST /gui, xrefs: 00464954
                                                                                                                                                                              • GET /search?q=, xrefs: 004647D2
                                                                                                                                                                              • GET /fileserve?, xrefs: 00464892
                                                                                                                                                                              • HEAD /proxy?, xrefs: 0046486A
                                                                                                                                                                              • GET /version, xrefs: 00464914
                                                                                                                                                                              • GET /proxy?, xrefs: 0046482E
                                                                                                                                                                              • HEAD /fileserve?, xrefs: 004648BA
                                                                                                                                                                              • HEAD /proxy/, xrefs: 00464856
                                                                                                                                                                              • GET /gui, xrefs: 00464944
                                                                                                                                                                              • GET /btapp, xrefs: 00464984
                                                                                                                                                                              • GET / , xrefs: 00464974
                                                                                                                                                                              • GET /proxy/, xrefs: 0046481A
                                                                                                                                                                              • GET /gui/pair, xrefs: 004649B5
                                                                                                                                                                              • GET /js/, xrefs: 004648CE
                                                                                                                                                                              • GET /fileserve/, xrefs: 0046487E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$_strnicmp
                                                                                                                                                                              • String ID: <html><head><title>&micro;Torrent Search</title></head><frameset rows="90px,*"><frame src="http://search.utorrent.com/bntop.html" frameborder="0" marginheight="0" marginwidth="0" scrolling="no" noresize="noresize" /><frame src="http://search.conduit.com/Result$GET / $GET /btapp$GET /favicon.ico$GET /fileserve/$GET /fileserve?$GET /gui$GET /gui/pair$GET /js/$GET /proxy/$GET /proxy?$GET /search?q=$GET /seed/$GET /version$HEAD /fileserve/$HEAD /fileserve?$HEAD /proxy/$HEAD /proxy?$POST /gui
                                                                                                                                                                              • API String ID: 521044845-2547328623
                                                                                                                                                                              • Opcode ID: d68756d06afb4d03b4f63b3657a8b253f77350da9e2f7504808016502aeb6649
                                                                                                                                                                              • Instruction ID: c20404bb03eb1a48f95743ae83ddc8e9aaa16e35e4d5ee27804f3db0c129d5c9
                                                                                                                                                                              • Opcode Fuzzy Hash: d68756d06afb4d03b4f63b3657a8b253f77350da9e2f7504808016502aeb6649
                                                                                                                                                                              • Instruction Fuzzy Hash: 3B414D54380750215D15B6BA2917BBF0B420FE2F88F1D145FA8927B2D3FF4D894A82AF
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00482054 Relevance: 35.4, APIs: 1, Strings: 19, Instructions: 410COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00427BA5: memcpy.MSVCRT ref: 00427BBF
                                                                                                                                                                              • htonl.WS2_32(?), ref: 004820E9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonlmemcpy
                                                                                                                                                                              • String ID: %d:ut_app_%si%de$10:ut_commenti%de$11:lt_donthavei%de$11:upload_onlyi%de$11:upload_onlyi1e$11:ut_metadatai%de$12:complete_agoi%de$12:ut_holepunchi%de$12:ut_recommendi%de$13:metadata_sizei%de$1:md$1:pi%de4:reqqi%de%s1:v%d:%s$4:ipv44:$4:ipv616:$6:ut_pexi%de$6:yourip16:$6:yourip4:$d1:ei%de$lX\
                                                                                                                                                                              • API String ID: 337393518-1860008051
                                                                                                                                                                              • Opcode ID: abefef9a389a87de3c9c756857d40508e43eb5256b8f1af91f2bc155266ebd78
                                                                                                                                                                              • Instruction ID: 8c0913b1acd15fbd6119c877c391e6e971bc2c9ce98a991b5630054d60918f59
                                                                                                                                                                              • Opcode Fuzzy Hash: abefef9a389a87de3c9c756857d40508e43eb5256b8f1af91f2bc155266ebd78
                                                                                                                                                                              • Instruction Fuzzy Hash: 30E1F972E002189FDB11FFB4CD95BEE77B5AF01308F44086AE912A7282DAB99D49C754
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042C563 Relevance: 33.3, APIs: 10, Strings: 9, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,00000000,0042CC12,00000000), ref: 0042C578
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 0042C59A
                                                                                                                                                                              • FreeLibrary.KERNEL32 ref: 0042C5AB
                                                                                                                                                                              • GetProcAddress.KERNEL32(GetIfTable), ref: 0042C5C4
                                                                                                                                                                              • GetProcAddress.KERNEL32(GetIfEntry), ref: 0042C5DA
                                                                                                                                                                              • GetProcAddress.KERNEL32(GetBestInterface), ref: 0042C5F0
                                                                                                                                                                              • GetProcAddress.KERNEL32(GetBestInterfaceEx), ref: 0042C606
                                                                                                                                                                              • GetProcAddress.KERNEL32(GetIpAddrTable), ref: 0042C618
                                                                                                                                                                              • GetProcAddress.KERNEL32(GetAdaptersAddresses), ref: 0042C62E
                                                                                                                                                                              • GetProcAddress.KERNEL32(GetExtendedTcpTable), ref: 0042C640
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                              • String ID: GetAdaptersAddresses$GetAdaptersInfo$GetBestInterface$GetBestInterfaceEx$GetExtendedTcpTable$GetIfEntry$GetIfTable$GetIpAddrTable$Iphlpapi.dll
                                                                                                                                                                              • API String ID: 2449869053-1750937965
                                                                                                                                                                              • Opcode ID: 98d77cac657346fdc29a1dc0bab4ac951a333ddbcd852c7b41df2c29b6eb5626
                                                                                                                                                                              • Instruction ID: f9f63980fcbc97b24b16d7e1536c7ad582f1c72bbc970b89ea82cad8e549c24c
                                                                                                                                                                              • Opcode Fuzzy Hash: 98d77cac657346fdc29a1dc0bab4ac951a333ddbcd852c7b41df2c29b6eb5626
                                                                                                                                                                              • Instruction Fuzzy Hash: 85111C34A42E20AECB529FA5BC88D197FA7B6697107641817E001D2230F6B5B4C9BF44
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00486287 Relevance: 31.8, APIs: 13, Strings: 5, Instructions: 303memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysAllocString.OLEAUT32(TCP), ref: 0048634C
                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 004863AF
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 004863EE
                                                                                                                                                                              • SysFreeString.OLEAUT32(004866FA), ref: 0048640B
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0048642D
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0048643C
                                                                                                                                                                              • SysFreeString.OLEAUT32(004866FA), ref: 0048647D
                                                                                                                                                                              • SysFreeString.OLEAUT32(004866FA), ref: 004864BE
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 004864FD
                                                                                                                                                                              • SysAllocString.OLEAUT32(TCP), ref: 00486516
                                                                                                                                                                              • SysFreeString.OLEAUT32(004866FA), ref: 00486574
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00486586
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00486594
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Free$Alloc$_wcsicmp
                                                                                                                                                                              • String ID: %s (%s)$TCP$UDP$UDP$uTorrent
                                                                                                                                                                              • API String ID: 779089844-1088035690
                                                                                                                                                                              • Opcode ID: 5957bf39e8e3e61ba2ebc05c9254cdb18de0541b5a7c5253c1692c134f360155
                                                                                                                                                                              • Instruction ID: 90b6bb1a05c6c3ca09a4647dbc3af97d03c2e4e817736ec812b4cd2f2da8bf60
                                                                                                                                                                              • Opcode Fuzzy Hash: 5957bf39e8e3e61ba2ebc05c9254cdb18de0541b5a7c5253c1692c134f360155
                                                                                                                                                                              • Instruction Fuzzy Hash: 3DB16C70A0020AAFCF10EFE5D8989AEBBB9FF45304B15486AE905EB251C739DD45CF24
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00466BBE Relevance: 31.8, APIs: 4, Strings: 14, Instructions: 266COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strchr
                                                                                                                                                                              • String ID: completed$downloaded$event$info_hash$invalid event$invalid info hash and/or peer id$invalid ip$left$peer_id$port$started$stopped$uploaded$l+f
                                                                                                                                                                              • API String ID: 2830005266-1583077396
                                                                                                                                                                              • Opcode ID: e0248401e17e04abbf6bb66ea0652e3ad3ea0f6329a98651e66b1460da4f778c
                                                                                                                                                                              • Instruction ID: 9f561b51509730c8a5d2e1bd90d96e65842cdd0aa9f8ddd841feae705b8f7da1
                                                                                                                                                                              • Opcode Fuzzy Hash: e0248401e17e04abbf6bb66ea0652e3ad3ea0f6329a98651e66b1460da4f778c
                                                                                                                                                                              • Instruction Fuzzy Hash: 3191D232E04208AFDF18CF55D9405AEBBB2FF94710F26856BE405BB341E7395D428B5A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BAD63 Relevance: 31.7, APIs: 1, Strings: 17, Instructions: 206COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcsicmp
                                                                                                                                                                              • String ID: ",0$Application$Content Type$Extension$MIME\Database\Content Type\%s$Progid$Software\Classes\%s$Software\Classes\uTorrent\Content Type$Software\Classes\uTorrent\DefaultIcon$Software\Classes\uTorrent\shell$Software\Classes\uTorrent\shell\open\command$Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s$Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice$application/x-bittorrent$maindoc.ico$open$uTorrent
                                                                                                                                                                              • API String ID: 2081463915-3575297322
                                                                                                                                                                              • Opcode ID: de4d2fadcdc223c49061489e34ef82f45c1066c5ec067f0168b27087b1a9a2d2
                                                                                                                                                                              • Instruction ID: 9b45147c35c94ea057c422e59f4ac0988c5f0ecc045deab3c15138f9ba7ce4bc
                                                                                                                                                                              • Opcode Fuzzy Hash: de4d2fadcdc223c49061489e34ef82f45c1066c5ec067f0168b27087b1a9a2d2
                                                                                                                                                                              • Instruction Fuzzy Hash: C551B9705401087ACF04FB91C9529FE776A9FA530CF0440AEB806B7292EF395F1AD769
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B6CA3 Relevance: 31.7, APIs: 2, Strings: 19, Instructions: 164COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0044D85D: wcschr.MSVCRT ref: 0044D863
                                                                                                                                                                              • memcpy.MSVCRT ref: 004B6D62
                                                                                                                                                                              • _wcsicmp.MSVCRT ref: 004B6DF9
                                                                                                                                                                                • Part of subcall function 004614AB: GetModuleFileNameW.KERNEL32(?,?,00000104,066171C6), ref: 004614C8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileModuleName_wcsicmpmemcpywcschr
                                                                                                                                                                              • String ID: " /UNINSTALL$%d.%d.%d.%d$%s,0$BitTorrent Inc.$DisplayIcon$DisplayName$DisplayVersion$InstallLocation$MajorVersion$MinorVersion$NoModify$NoRepair$Publisher$Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent$URLInfoAbout$UninstallString$VersionMajor$VersionMinor$http://www.utorrent.com
                                                                                                                                                                              • API String ID: 2540840357-2014314461
                                                                                                                                                                              • Opcode ID: 9cef14d92f1c5ec511ef6e048626b15564273453d7e1d30fb324d749d8604e77
                                                                                                                                                                              • Instruction ID: 9096c7959e538c02b11e41817aa0a98799d463313feec7fc142aa564946668e8
                                                                                                                                                                              • Opcode Fuzzy Hash: 9cef14d92f1c5ec511ef6e048626b15564273453d7e1d30fb324d749d8604e77
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B519471980518BACB10EBA5CD82EDE7778EF15705F5000ABB905B71D2EBB85F48CB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0048A286 Relevance: 29.9, APIs: 1, Strings: 16, Instructions: 104COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: atof
                                                                                                                                                                              • String ID: bframes$bufsize$coder0$crf$flags2$fps$l?C$level$partitions$video_bitrate$video_codec$video_maxrate$video_x$video_y$vprofile$x264opts
                                                                                                                                                                              • API String ID: 3079814387-1240137595
                                                                                                                                                                              • Opcode ID: 3d57375e292d222ecd6491ee9010c10ff3b42fd008e253544a927b1bcd3c00ca
                                                                                                                                                                              • Instruction ID: 2b80e6671be582170fda677b0407b3e6cf28ae295080969d4652b3296e05de87
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d57375e292d222ecd6491ee9010c10ff3b42fd008e253544a927b1bcd3c00ca
                                                                                                                                                                              • Instruction Fuzzy Hash: 873172B0B40B04BF9A156A76488ADEFF9DEAED074C3D5081F7442D7A92FAA89C444714
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00472155 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 261COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • count, xrefs: 004721EF
                                                                                                                                                                              • creative, xrefs: 00472288
                                                                                                                                                                              • --AdUnitGroup %d got %d ads., xrefs: 00472216
                                                                                                                                                                              • --ParseJson failed on group id %d; check alt text!, xrefs: 004721A5
                                                                                                                                                                              • --AdUnitGroup %d made new ad id %d unit %d, xrefs: 00472412
                                                                                                                                                                              • --AdUnitGroup %d FAILED to parse ad id %d., xrefs: 00472318
                                                                                                                                                                              • --AdUnitGroup %d OVERWROTE ad unit %d w/ %d, xrefs: 004723D9
                                                                                                                                                                              • --AdUnitGroup %d OVERWRITING ad unit %d id %d w/ %d, xrefs: 0047238D
                                                                                                                                                                              • ads, xrefs: 004721DC
                                                                                                                                                                              • adid, xrefs: 00472279
                                                                                                                                                                              • alt, xrefs: 004722EA
                                                                                                                                                                              • adunitid, xrefs: 0047226C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fflushfprintf
                                                                                                                                                                              • String ID: --AdUnitGroup %d FAILED to parse ad id %d.$--AdUnitGroup %d OVERWRITING ad unit %d id %d w/ %d$--AdUnitGroup %d OVERWROTE ad unit %d w/ %d$--AdUnitGroup %d got %d ads.$--AdUnitGroup %d made new ad id %d unit %d$--ParseJson failed on group id %d; check alt text!$adid$ads$adunitid$alt$count$creative
                                                                                                                                                                              • API String ID: 1831888217-3797977326
                                                                                                                                                                              • Opcode ID: bd38cdbc162d90fb87bf5abe53520a08af54dd703b036ae0657ef5a0ad79bd1e
                                                                                                                                                                              • Instruction ID: ebab3e4e4db7eca0dee01af0b792d46ff61c65869aeed8546575b1087e44be51
                                                                                                                                                                              • Opcode Fuzzy Hash: bd38cdbc162d90fb87bf5abe53520a08af54dd703b036ae0657ef5a0ad79bd1e
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A81F331A00119EBCF05BFA5CC81CFEBB76AF44708B14845FF405A7292DB789A55CB98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00406021 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 198COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?), ref: 0040605A
                                                                                                                                                                              • GetModuleHandleA.KERNEL32(0052C6E8), ref: 00406176
                                                                                                                                                                                • Part of subcall function 0042920D: GetModuleHandleA.KERNEL32(rpcrt4.dll,?,?,0046C39B,?,?,?,?,?,0046C7D9), ref: 00429214
                                                                                                                                                                                • Part of subcall function 0042920D: LoadLibraryA.KERNEL32(rpcrt4.dll,?,?,?,?,0046C7D9), ref: 0042921F
                                                                                                                                                                                • Part of subcall function 0042920D: GetProcAddress.KERNEL32(00000000,UuidCreateSequential), ref: 0042922B
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000001), ref: 00406089
                                                                                                                                                                              • _strncoll.MSVCRT ref: 004060F5
                                                                                                                                                                              • atoi.MSVCRT ref: 00406105
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HandleModule$AddressCurrentLibraryLoadProcProcess_strncollatoi
                                                                                                                                                                              • String ID: '%s' (%s)$ '%s' (%s) (known malware!)$%s%s$0$1.00.$Buggy DLL warning: %S (%S)$SOFTWARE\NVIDIA Corporation\nForce\network management\Settings$SetProcessAffinityMask$Version$kernel32.dll
                                                                                                                                                                              • API String ID: 2108212018-4058606611
                                                                                                                                                                              • Opcode ID: f0c123df2972c6b4e7ed84686970be1543e0fa24fd9e8aace1a673c45be303d6
                                                                                                                                                                              • Instruction ID: d4cd62e5bc0565db1754629ae7056b9ad533174ca3c2a2fdd173a65f77f8713f
                                                                                                                                                                              • Opcode Fuzzy Hash: f0c123df2972c6b4e7ed84686970be1543e0fa24fd9e8aace1a673c45be303d6
                                                                                                                                                                              • Instruction Fuzzy Hash: CF614671D00228ABDF219BA5DC46ADFBBF5AF41304F05006BF806B72D2D7795954CB64
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AA982 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 197windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetIconInfo.USER32(00000000,?), ref: 004AA999
                                                                                                                                                                              • 73A1A570.USER32(00000000), ref: 004AA9AE
                                                                                                                                                                              • memset.MSVCRT ref: 004AA9C4
                                                                                                                                                                              • GetObjectA.GDI32(?,00000018,?), ref: 004AA9F6
                                                                                                                                                                                • Part of subcall function 0041984E: malloc.MSVCRT ref: 0041986D
                                                                                                                                                                                • Part of subcall function 0041984E: GetLastError.KERNEL32(75F76850,75F76854,00459837,004BA8EA,00000000,00403328,004BA8EA,?,00000000,0040559D,004BA8EA), ref: 00419884
                                                                                                                                                                              • GetDIBits.GDI32(00000010,?,00000000,?,?,00000028,00000000), ref: 004AAA57
                                                                                                                                                                              • GetDIBits.GDI32(00000010,?,00000000,?,00404D60,00000028,00000000), ref: 004AAA74
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004AAB1A
                                                                                                                                                                              • DrawIconEx.USER32(00000000,00000000,00000000,?,?,?,00000000,00000000,00000003), ref: 004AAB2F
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004AAB39
                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 004AAB3C
                                                                                                                                                                              • memcpy.MSVCRT ref: 004AAB5E
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004AAB9F
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004AABA4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Object$Delete$BitsIconSelect$A570DrawErrorInfoLastmallocmemcpymemset
                                                                                                                                                                              • String ID: $(
                                                                                                                                                                              • API String ID: 3687934969-55695022
                                                                                                                                                                              • Opcode ID: ff8e7991ae87e6c480f45a556c9e50000de8ada59143949b26a4a4f7e8e62a0f
                                                                                                                                                                              • Instruction ID: e46b28a04a256f573c4d984b9a9d1012dad386cfa1a9ca5160d4be82bd6b67e3
                                                                                                                                                                              • Opcode Fuzzy Hash: ff8e7991ae87e6c480f45a556c9e50000de8ada59143949b26a4a4f7e8e62a0f
                                                                                                                                                                              • Instruction Fuzzy Hash: C6712471D00209AFDF11DFE4C8849EEBBBAFF69304F14802AE501A7250D739AA59DB65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BC07D Relevance: 24.7, APIs: 3, Strings: 11, Instructions: 153COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004BC097
                                                                                                                                                                              Strings
                                                                                                                                                                              • REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "%s" /f, xrefs: 004BC182
                                                                                                                                                                              • RemoveCompatibilityModeKey(removal from HKLM returned %s), xrefs: 004BC238
                                                                                                                                                                              • Warning, xrefs: 004BC144
                                                                                                                                                                              • %s is running in Vista compatibility mode which is known to cause problems. Please allow %s to fix this by clicking "Yes" in the n, xrefs: 004BC153
                                                                                                                                                                              • .bat, xrefs: 004BC199
                                                                                                                                                                              • false, xrefs: 004BC232, 004BC237
                                                                                                                                                                              • Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers, xrefs: 004BC0B0
                                                                                                                                                                              • C:\Users\user\AppData\Roaming\uTorrent, xrefs: 004BC0A8
                                                                                                                                                                              • /C %s, xrefs: 004BC1F3
                                                                                                                                                                              • COMSPEC, xrefs: 004BC12E
                                                                                                                                                                              • true, xrefs: 004BC229
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileModuleName
                                                                                                                                                                              • String ID: /C %s$%s is running in Vista compatibility mode which is known to cause problems. Please allow %s to fix this by clicking "Yes" in the n$.bat$C:\Users\user\AppData\Roaming\uTorrent$COMSPEC$REG DELETE "HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "%s" /f$RemoveCompatibilityModeKey(removal from HKLM returned %s)$Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers$Warning$false$true
                                                                                                                                                                              • API String ID: 514040917-1200661252
                                                                                                                                                                              • Opcode ID: 0d2bab9483710729cc0a83582734a36937f2631be3814ce724c9666bd487ffe0
                                                                                                                                                                              • Instruction ID: 1b703acbc7eb4b22e192fdb5a645724deec331fc4e0922ff5ffc05f11c985f71
                                                                                                                                                                              • Opcode Fuzzy Hash: 0d2bab9483710729cc0a83582734a36937f2631be3814ce724c9666bd487ffe0
                                                                                                                                                                              • Instruction Fuzzy Hash: C5419471E401086ADF14F6A2DC969FE77ADAF65704F0004BFB501A3282EF789A0986A4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045ADFD Relevance: 23.2, APIs: 5, Strings: 8, Instructions: 420stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strtoul$memmove
                                                                                                                                                                              • String ID: 22NOC$2NOC$NOC$dd.dd.dd$dddd.dd.dd$eason$nXnp$pisode
                                                                                                                                                                              • API String ID: 3346146882-2033117531
                                                                                                                                                                              • Opcode ID: f0fb7618918223050021c12dbe08781a6c4ed4e904ce00fd570275ef0c8a1a57
                                                                                                                                                                              • Instruction ID: da49c0543cc0975dd39e189723cd33fd13a3c79c49d0e12be9a0441fb3ed328d
                                                                                                                                                                              • Opcode Fuzzy Hash: f0fb7618918223050021c12dbe08781a6c4ed4e904ce00fd570275ef0c8a1a57
                                                                                                                                                                              • Instruction Fuzzy Hash: F2E1E2719042899EDF218A6884517EFBBB1EF16346F18419BDC90AB343D3394D4ECB9A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B454C Relevance: 23.1, APIs: 2, Strings: 11, Instructions: 383COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 0$TwZ$die$http$info$infotype$l.url$u.msg$u.url$url$utorrent.lng
                                                                                                                                                                              • API String ID: 0-316077008
                                                                                                                                                                              • Opcode ID: 7e317740e5138249aedab5bec10415808812f5df7dfaf55ce9ac0c89e3534873
                                                                                                                                                                              • Instruction ID: 540d036b6b9248ea370a71e3ecbcfe2403801ef3496ce1289662d9f3ed9e7565
                                                                                                                                                                              • Opcode Fuzzy Hash: 7e317740e5138249aedab5bec10415808812f5df7dfaf55ce9ac0c89e3534873
                                                                                                                                                                              • Instruction Fuzzy Hash: ABD1E4B0A00249ABDF14EFA1D891AFF77B5AFA1308F10041FE44267292DF7C5949CB69
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043AA7F Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 321COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • wcsrchr.MSVCRT ref: 0043AADA
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0043AB49
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0043AB6A
                                                                                                                                                                              • wcschr.MSVCRT ref: 0043AB9A
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0043ACE1
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043AE25
                                                                                                                                                                                • Part of subcall function 0040556A: ??2@YAPAXI@Z.MSVCRT ref: 0040557A
                                                                                                                                                                                • Part of subcall function 004033B6: InterlockedDecrement.KERNEL32(00000098), ref: 004033BE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$??3@DecrementInterlockedwcschrwcsrchr
                                                                                                                                                                              • String ID: %.*S/scrape%S%cinfo_hash=%.20U$&info_hash=%.20U$/announce$2$uTorrent/3300$l+f
                                                                                                                                                                              • API String ID: 3456779290-2161184648
                                                                                                                                                                              • Opcode ID: fec38e3154155c3ae821903b920322d18b34a0cef37e2239c12ab093bcb88e82
                                                                                                                                                                              • Instruction ID: 72aa05dcd116aebef84599bc40fc832f6b00f29a8ba9f2b0adddec2f687afe7b
                                                                                                                                                                              • Opcode Fuzzy Hash: fec38e3154155c3ae821903b920322d18b34a0cef37e2239c12ab093bcb88e82
                                                                                                                                                                              • Instruction Fuzzy Hash: D9C18F71A40248AFDF10DFA5C881EEEBBB5BF08304F04506FE541AB292D739A955CB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B2707 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000000C,00000000,00000000), ref: 004B27E2
                                                                                                                                                                              • SendMessageW.USER32(?,0000000C,00000000,00000000), ref: 004B2839
                                                                                                                                                                              Strings
                                                                                                                                                                              • OnRefreshAd::background color (R, G, B) = (0x%02x, 0x%02x, 0x%02x), xrefs: 004B28F4
                                                                                                                                                                              • download size = %f, xrefs: 004B2805
                                                                                                                                                                              • OnRefreshAd::title = '%s', xrefs: 004B2784
                                                                                                                                                                              • OnRefreshAd::url = %S, xrefs: 004B2940
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: OnRefreshAd::background color (R, G, B) = (0x%02x, 0x%02x, 0x%02x)$OnRefreshAd::title = '%s'$OnRefreshAd::url = %S$download size = %f
                                                                                                                                                                              • API String ID: 3850602802-1481262397
                                                                                                                                                                              • Opcode ID: 82de37d68d8de42c65eff5f07dd5e55230963e98b3e91847872e5775d1934f21
                                                                                                                                                                              • Instruction ID: 8b4c9c9102c02373b4632be68701beb87fe96becb37e66b9d717d3bbbeb005bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 82de37d68d8de42c65eff5f07dd5e55230963e98b3e91847872e5775d1934f21
                                                                                                                                                                              • Instruction Fuzzy Hash: E8810430600205AFCB15EBB4C855AFF7BB5BF58304F04046EF55A97292DF786A09CB69
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 005242F0 Relevance: 21.2, APIs: 14, Instructions: 219COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@$malloc$memcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 920709732-0
                                                                                                                                                                              • Opcode ID: 0a2186ce34fe004e6ca404e74bb13d236f1d5776e0b9767e27717ecf0fb1eaa5
                                                                                                                                                                              • Instruction ID: f0706b192272ce72fd2095d358afe40fd5b1f63a821e3bccc95252154d1931c3
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a2186ce34fe004e6ca404e74bb13d236f1d5776e0b9767e27717ecf0fb1eaa5
                                                                                                                                                                              • Instruction Fuzzy Hash: 1571F231D0021A9BDF12EFA4D841BAEBFB5FF56314F16006AE851A7291DB359E51CF40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B8BB9 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 74synchronizationthreadwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindWindowW.USER32(0058E9D0,00000000), ref: 004B8BC7
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 004B8BEE
                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000016,00000000,00000000,00000001,00007530,?), ref: 004B8C03
                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004B8C14
                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,000000FF), ref: 004B8C1B
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004B8C26
                                                                                                                                                                              • OpenProcess.KERNEL32(00100000,00000000,?), ref: 004B8C3E
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00007530), ref: 004B8C44
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004B8C4B
                                                                                                                                                                              • FindWindowW.USER32(0058E9D0,00000000), ref: 004B8C54
                                                                                                                                                                              Strings
                                                                                                                                                                              • TerminateSessionClientInstances failed; hp:0x%X result:%d, xrefs: 004B8C6F
                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent, xrefs: 004B8BBF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$Window$CloseFindHandleOpen$MessageObjectSendSingleTerminateThreadTimeoutWait
                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent$TerminateSessionClientInstances failed; hp:0x%X result:%d
                                                                                                                                                                              • API String ID: 123419533-3947098976
                                                                                                                                                                              • Opcode ID: 0438928c91e4d2f28dfce00bc5883e1039779cb2ea3759428fa6ffc02423cc74
                                                                                                                                                                              • Instruction ID: 818cb693c2c14360f3f3c5f124403f0280ef6ce873fa88a565c8f9129f8f44fa
                                                                                                                                                                              • Opcode Fuzzy Hash: 0438928c91e4d2f28dfce00bc5883e1039779cb2ea3759428fa6ffc02423cc74
                                                                                                                                                                              • Instruction Fuzzy Hash: 6E110631601315BBE231AB509C49FEB7BACEF56B50F010529FD04A7290C7A99D0A97B6
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043CBA8 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 279COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000), ref: 0043CBDE
                                                                                                                                                                                • Part of subcall function 00434389: ??3@YAXPAX@Z.MSVCRT ref: 004343CF
                                                                                                                                                                                • Part of subcall function 00419846: ??3@YAXPAX@Z.MSVCRT ref: 00419847
                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,00000000,00000000), ref: 0043CC00
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043CCC3
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043CE0D
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043CE25
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043CE3D
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043CECE
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043CF84
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@$ErrorLast
                                                                                                                                                                              • String ID: 3.C$n.C$X\
                                                                                                                                                                              • API String ID: 1327704363-4009015381
                                                                                                                                                                              • Opcode ID: e5f22ccd201af06d24a9c87443a4561383aa6576357967160ebe8731e50ac261
                                                                                                                                                                              • Instruction ID: 7ea9b7501f3c180eaa99dcf2e04c39369c42f1ac0edd5c02c3d0dc6030123b22
                                                                                                                                                                              • Opcode Fuzzy Hash: e5f22ccd201af06d24a9c87443a4561383aa6576357967160ebe8731e50ac261
                                                                                                                                                                              • Instruction Fuzzy Hash: 52C11C34500A018BC724FF76C8D1AEAB7B2BF55308F51582EE06B67292DF387949CB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040C5B8 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 162fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0040C5D7
                                                                                                                                                                              • DragQueryFileW.SHELL32(?,?,?,00000104), ref: 0040C612
                                                                                                                                                                              • wcsrchr.MSVCRT ref: 0040C61D
                                                                                                                                                                              • DragFinish.SHELL32(?), ref: 0040C6D2
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0040C74F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Drag$FileQuery$??2@Finishwcsrchr
                                                                                                                                                                              • String ID: .btapp$.btinstall$.btkey$.btsearch$.btskin$.torrent
                                                                                                                                                                              • API String ID: 118905519-1593886273
                                                                                                                                                                              • Opcode ID: f91acd7cb6906fe89b3e21815798008edf9a0d157c65af983f83df385f44d2fd
                                                                                                                                                                              • Instruction ID: 9bf0488825b53d5499cf3642a415053c06f4f417d700e2e9024001047f071910
                                                                                                                                                                              • Opcode Fuzzy Hash: f91acd7cb6906fe89b3e21815798008edf9a0d157c65af983f83df385f44d2fd
                                                                                                                                                                              • Instruction Fuzzy Hash: B851C170900119EBCF20EBA5CC819EEBBB9FF49304F10056BE501B7281DB799D45DBA8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BA206 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 148filesleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,00000080,/AUTOMATION), ref: 004BA273
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004BA29C
                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004BA34C
                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 004BA382
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 004BA393
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 004BA3BE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$??3@CloseCreateDeleteExecuteHandlePointerShellSleepWrite
                                                                                                                                                                              • String ID: /AUTOMATION$d$open$share_offer_hash$share_offer_size
                                                                                                                                                                              • API String ID: 1452778808-2893193883
                                                                                                                                                                              • Opcode ID: 0a9f4fc1fcc701367870af1b8bc36dd98c131eaaf1eecbe72173cabbce86164d
                                                                                                                                                                              • Instruction ID: 22d06d2199d64fd8f79174d188da2376bff0287d2f74b9f6c9652c8c174c3437
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a9f4fc1fcc701367870af1b8bc36dd98c131eaaf1eecbe72173cabbce86164d
                                                                                                                                                                              • Instruction Fuzzy Hash: 0751D930A00204EBCF18FFA6C8959EE7B65BF54304B04845FF8065B281DB399E55DBA9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046C71A Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • htonl.WS2_32(?), ref: 0046C742
                                                                                                                                                                              • sendto.WS2_32(?,00000000,00000000,00000000,?,00000010), ref: 0046C8B0
                                                                                                                                                                                • Part of subcall function 0047BB45: GetVersionExW.KERNEL32(?,?,?,00000001), ref: 0047BB8E
                                                                                                                                                                                • Part of subcall function 0047BB45: GetSystemInfo.KERNEL32(?,?,?,Windows), ref: 0047BC15
                                                                                                                                                                              Strings
                                                                                                                                                                              • ssdp:alive, xrefs: 0046C7FD
                                                                                                                                                                              • native, xrefs: 0046C7A6
                                                                                                                                                                              • NOTIFY * HTTP/1.1HOST: 239.255.255.250:1900LOCATION: http://%ASERVER: %s/%s UPnP/1.1 %s/%sNTS: %sST: ut:client:service:pairingUSN: uuid:%sFRIENDLYNAME:%SHH:%s, xrefs: 0046C850
                                                                                                                                                                              • M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900ST:upnp:rootdeviceMAN:"ssdp:discover"MX:3, xrefs: 0046C75A
                                                                                                                                                                              • client, xrefs: 0046C7AB
                                                                                                                                                                              • ssdp:byebye, xrefs: 0046C804, 0046C824
                                                                                                                                                                              • 330, xrefs: 0046C825
                                                                                                                                                                              • uTorrent, xrefs: 0046C7B0
                                                                                                                                                                              • %s(%s)(%s), xrefs: 0046C7BB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoSystemVersionhtonlsendto
                                                                                                                                                                              • String ID: %s(%s)(%s)$330$M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900ST:upnp:rootdeviceMAN:"ssdp:discover"MX:3$NOTIFY * HTTP/1.1HOST: 239.255.255.250:1900LOCATION: http://%ASERVER: %s/%s UPnP/1.1 %s/%sNTS: %sST: ut:client:service:pairingUSN: uuid:%sFRIENDLYNAME:%SHH:%s$client$native$ssdp:alive$ssdp:byebye$uTorrent
                                                                                                                                                                              • API String ID: 1776293608-714477079
                                                                                                                                                                              • Opcode ID: bac5c6ad1e134426bf727c65323d2a36e473eed81432b5479c78df59b986b62b
                                                                                                                                                                              • Instruction ID: b57a7471eede4009a670d773a3c53ed02a3ef6dc9f5071d55b417bd0e50d8ad3
                                                                                                                                                                              • Opcode Fuzzy Hash: bac5c6ad1e134426bf727c65323d2a36e473eed81432b5479c78df59b986b62b
                                                                                                                                                                              • Instruction Fuzzy Hash: 27418571900119AEDB14FBA6DC92DEE7B64BF24304F00442FF406B71D2EB785A49CB99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00452AD5 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 124fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • OpenProcess.KERNEL32(00100C01,00000000,?,linebuf,00000000,suspend,00000000,trnoff,00000000,00000000,00000000,trnfile,00000000,00000000,00000000,tmpfile), ref: 00452C0A
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,0042F4E0,00000000,00000000,0000000D,00000000,?,00000000,00000000), ref: 00452C2C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateFileOpenProcess
                                                                                                                                                                              • String ID: cmdline$dstfile$linebuf$pid$srcfile$suspend$tmpfile$trnfile$trnoff
                                                                                                                                                                              • API String ID: 2556342475-2164493119
                                                                                                                                                                              • Opcode ID: 912c736001e898c3def8fad15773b8565d8156d8d91a77a482c11d3c56bbcfa6
                                                                                                                                                                              • Instruction ID: 5b10a862cdd60162e15fc6d204b7d34bb663bb4b12f1c162c1451e9b4c44a900
                                                                                                                                                                              • Opcode Fuzzy Hash: 912c736001e898c3def8fad15773b8565d8156d8d91a77a482c11d3c56bbcfa6
                                                                                                                                                                              • Instruction Fuzzy Hash: 2D41A3B1640700AFDB35EF22DCD1DBBB7ADAF943487044A6EB08352591DBB8AD49C724
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B69DA Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 96filepipeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WaitNamedPipeW.KERNEL32(00000000,00002710,00000000,00010000,00000000,00000000,004C2DA6,0040D538,auto_start,00000000,exe_path,?), ref: 004B6A3C
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 004B6A56
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004B6A64
                                                                                                                                                                              • SetNamedPipeHandleState.KERNEL32(00000000,?,00000000,00000000), ref: 004B6A70
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004B6A76
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000001,?,00000000), ref: 004B6A8A
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004B6A90
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000004,00000004,?,00000000), ref: 004B6AA4
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 004B6AB2
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 004B6AB5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$ErrorLast$HandleNamedPipeWrite$CloseCreateReadStateWait
                                                                                                                                                                              • String ID: /PIPENAME
                                                                                                                                                                              • API String ID: 735986021-3936029136
                                                                                                                                                                              • Opcode ID: 0e300232178689798e96a2fdad2ad515a1b1d79c0715b6633bb1e2f5753c4114
                                                                                                                                                                              • Instruction ID: 6036896596296c9fd19720b62a056744b3c49d4200cd02d2b740e4034424c176
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e300232178689798e96a2fdad2ad515a1b1d79c0715b6633bb1e2f5753c4114
                                                                                                                                                                              • Instruction Fuzzy Hash: B2313EB5800119BFDB10EBE5CC85DEFBB7CEF65344F00446AB501A3151DB749A56CBA1
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046C63C Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 80networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041CD9D: socket.WS2_32(00000010,00000000,00000000), ref: 0041CDAC
                                                                                                                                                                                • Part of subcall function 0041CD9D: setsockopt.WS2_32(00000000,00000029,00000017,00000017,00000004), ref: 0041CDD2
                                                                                                                                                                                • Part of subcall function 0041B1AE: bind.WS2_32(000000FF,?,0041DB86), ref: 0041B1D3
                                                                                                                                                                              • WSAGetLastError.WS2_32(00000000,00000002,00000002,00000000,00000001,00000000,00000000,00000000,?,0046DDFC,?,00000000,00000001,00000014,00000000,00000000), ref: 0046C666
                                                                                                                                                                              • setsockopt.WS2_32(?,00000000,00000009,-0000000C,00000004), ref: 0046C696
                                                                                                                                                                              • WSAGetLastError.WS2_32(?,0046DDFC,?,00000000,00000001,00000014,00000000,00000000,00534BD4,00000000,00000000), ref: 0046C69C
                                                                                                                                                                              • setsockopt.WS2_32(?,00000000,00000004,00000000,00000004), ref: 0046C6C6
                                                                                                                                                                              • WSAGetLastError.WS2_32(?,0046DDFC,?,00000000,00000001,00000014,00000000,00000000,00534BD4,00000000), ref: 0046C6CC
                                                                                                                                                                              • setsockopt.WS2_32(?,00000000,0000000A,000000FF,00000004), ref: 0046C6F6
                                                                                                                                                                              • WSAGetLastError.WS2_32(?,0046DDFC,?,00000000,00000001,00000014,00000000,00000000,00534BD4,00000000), ref: 0046C6FC
                                                                                                                                                                              Strings
                                                                                                                                                                              • UPnP: Could not set unicast TTL: %d, xrefs: 0046C6D3
                                                                                                                                                                              • UPnP: Could not setup socket to send multicast packets: %d, xrefs: 0046C6A3
                                                                                                                                                                              • UPnP: Unable to bind to UPnP port: %d, xrefs: 0046C66D
                                                                                                                                                                              • UPnP: Could not set multicast TTL: %d, xrefs: 0046C703
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastsetsockopt$bindsocket
                                                                                                                                                                              • String ID: UPnP: Could not set multicast TTL: %d$UPnP: Could not set unicast TTL: %d$UPnP: Could not setup socket to send multicast packets: %d$UPnP: Unable to bind to UPnP port: %d
                                                                                                                                                                              • API String ID: 4163718337-4018275130
                                                                                                                                                                              • Opcode ID: bd0ef27caa360f85da744782de91c7c54df71af760259c17441640b8b507d92e
                                                                                                                                                                              • Instruction ID: de550cc4c0eaf74bfbf341005ed3648769775f83e4d4ccb1601fd35f8f91be71
                                                                                                                                                                              • Opcode Fuzzy Hash: bd0ef27caa360f85da744782de91c7c54df71af760259c17441640b8b507d92e
                                                                                                                                                                              • Instruction Fuzzy Hash: 9121D8B27803047AFB2067919C47F7A379CAF55F44F040429FB04A62C2F6F5A945967A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0051C080 Relevance: 18.5, APIs: 12, Instructions: 479COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: calloc$??3@realloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3905879364-0
                                                                                                                                                                              • Opcode ID: 15c67cb2d6c8b5c82f5b3f21f0a8d2a922438fb0c7860ab89e50dddd6bfbc417
                                                                                                                                                                              • Instruction ID: 2f5c75c2ce1b6c016cb04dc7ea2289b88b4590efc9d4342bfc604230e621ad1f
                                                                                                                                                                              • Opcode Fuzzy Hash: 15c67cb2d6c8b5c82f5b3f21f0a8d2a922438fb0c7860ab89e50dddd6bfbc417
                                                                                                                                                                              • Instruction Fuzzy Hash: 95F1D575480605AFEF219F64C8417AA7FE6FF45360F14882EF869CB251EB76E980CB40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B810C Relevance: 18.1, APIs: 12, Instructions: 117pipesynchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,?,00000000,00000000,?,?), ref: 004B813A
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 004B814E
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 004B8154
                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000), ref: 004B8157
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004B8160
                                                                                                                                                                                • Part of subcall function 004F85C9: memset.MSVCRT ref: 004F85E3
                                                                                                                                                                                • Part of subcall function 004F85C9: GetCurrentProcess.KERNEL32(00000000,00000000,00000001,00000002,?,00000001,00000000), ref: 004F8604
                                                                                                                                                                                • Part of subcall function 004F85C9: GetCurrentProcess.KERNEL32(00000000,00000000,?,00000001,00000000), ref: 004F8608
                                                                                                                                                                                • Part of subcall function 004F85C9: DuplicateHandle.KERNEL32(00000000,?,00000001,00000000), ref: 004F860B
                                                                                                                                                                                • Part of subcall function 004F85C9: CreateProcessW.KERNEL32(004B2D83,00000000,00000000,00000000,00000000,00000000,00000000,004B2D83,?,004F869C,?,00000001,00000000), ref: 004F864C
                                                                                                                                                                                • Part of subcall function 004F85C9: CloseHandle.KERNEL32(00000000,?,00000001,00000000), ref: 004F8675
                                                                                                                                                                                • Part of subcall function 004F85C9: CloseHandle.KERNEL32(?,?,00000001,00000000), ref: 004F867E
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000C8), ref: 004B81A5
                                                                                                                                                                              • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 004B81FC
                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 004B8226
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004B822F
                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,?,?), ref: 004B8244
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Handle$Process$Close$Current$CreateDuplicatePipe$CodeExitNamedObjectPeekSingleWaitmemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2257401087-0
                                                                                                                                                                              • Opcode ID: c7b0053a71fcb38855641ecb9e408bf93e03016f3eac9ab47007d7fc68582fa1
                                                                                                                                                                              • Instruction ID: f82ab06c13f8cb4ccf43607299e481e0812eca18a49c2b9b2624419dbdcd92b7
                                                                                                                                                                              • Opcode Fuzzy Hash: c7b0053a71fcb38855641ecb9e408bf93e03016f3eac9ab47007d7fc68582fa1
                                                                                                                                                                              • Instruction Fuzzy Hash: 65418F71900109AFDF219FE8CC889EFBBBDEF15344F14446AF501A2260DB359E45DB65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004020F5 Relevance: 18.1, APIs: 12, Instructions: 86windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BD), ref: 0040212A
                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 0040212D
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BD), ref: 0040213C
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,?,?,004028B1,?), ref: 00402141
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BE), ref: 00402175
                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 00402178
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BE), ref: 00402196
                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 00402199
                                                                                                                                                                              • GetDlgItem.USER32(?,00FF06BE), ref: 004021A8
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,?,?,004028B1,?), ref: 004021AD
                                                                                                                                                                              • GetDlgItem.USER32(?,000006C0), ref: 004021B8
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,?,?,004028B1,?), ref: 004021BD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemWindow$ShowVisible
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 813214873-0
                                                                                                                                                                              • Opcode ID: cd47baff38fc0a29c1366abb88f9025c3bc1e05e23ac07e1cb9fc8fc13806f56
                                                                                                                                                                              • Instruction ID: 36a28a91c20a36b5fe4418db7e5b18725f50eb3f8aff3453025e316e86f1e6ec
                                                                                                                                                                              • Opcode Fuzzy Hash: cd47baff38fc0a29c1366abb88f9025c3bc1e05e23ac07e1cb9fc8fc13806f56
                                                                                                                                                                              • Instruction Fuzzy Hash: FA214FB1700309ABE624AB758E8CF2777ACEF85740F044536F645DB6D1CA78EC059B68
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00466740 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 145COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0040307B: ??2@YAPAXI@Z.MSVCRT ref: 0040308D
                                                                                                                                                                                • Part of subcall function 0040307B: memset.MSVCRT ref: 004030A2
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0046679D
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 00466878
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$??3@memset
                                                                                                                                                                              • String ID: L$complete$external ip$incomplete$interval$peer id$peers$port
                                                                                                                                                                              • API String ID: 3240444624-1867532265
                                                                                                                                                                              • Opcode ID: 86d37a7371f00d4b31c092419192be5194d377d212de8b7632d52faf447562cc
                                                                                                                                                                              • Instruction ID: 22693a43d7f035ed34e81df426ff65cf3a9c08b8e43bee4381ffdf11b0d789a9
                                                                                                                                                                              • Opcode Fuzzy Hash: 86d37a7371f00d4b31c092419192be5194d377d212de8b7632d52faf447562cc
                                                                                                                                                                              • Instruction Fuzzy Hash: E4518271900219AFCF14EFA5D8429FEB778FF44308F41442EF81197291EB78AA44CB55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004C24EE Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 134COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004C2092: CreateDirectoryW.KERNEL32(00000000,00000000,?,http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp,0040D8A0,?,74DEE7E0,00000000,?,0040D8A0,?,?,?,?,?,PERFORMINSTALL), ref: 004C2122
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00000104,install_revision,000071C6,00010000,?,00000000), ref: 004C2534
                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00000104,005A777C,00000000,00000000,00000000,00000000,00000006), ref: 004C2568
                                                                                                                                                                              Strings
                                                                                                                                                                              • toolbar_flags, xrefs: 004C25F0
                                                                                                                                                                              • install_revision, xrefs: 004C250D
                                                                                                                                                                              • autostart, xrefs: 004C2663
                                                                                                                                                                              • C:\Users\user\AppData\Roaming\uTorrent, xrefs: 004C25C4
                                                                                                                                                                              • exe_serial, xrefs: 004C2578
                                                                                                                                                                              • INSTALLDEBUG: InstallEverything failed. Return code: [%d], xrefs: 004C2676
                                                                                                                                                                              • flags, xrefs: 004C25DD
                                                                                                                                                                              • INSTALLDEBUG: InstallEverything succeeded; flags [%d], xrefs: 004C261F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateDirectoryFileInformationModuleNameVolume
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\uTorrent$INSTALLDEBUG: InstallEverything failed. Return code: [%d]$INSTALLDEBUG: InstallEverything succeeded; flags [%d]$autostart$exe_serial$flags$install_revision$toolbar_flags
                                                                                                                                                                              • API String ID: 3543676939-1157538612
                                                                                                                                                                              • Opcode ID: 8b655e5fe2e5b1c0bc190c54b635cd614d9bf112f5ab1b543d5ea3a12a175be8
                                                                                                                                                                              • Instruction ID: 9bce2ef9cb514b23b02fed300c00e07036db68a4b369734867a054449cd61804
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b655e5fe2e5b1c0bc190c54b635cd614d9bf112f5ab1b543d5ea3a12a175be8
                                                                                                                                                                              • Instruction Fuzzy Hash: E4413BB6900118BADB04FBA1ED92EEE372CEB64314F00406EF905971D1DAB89F48D799
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00422383 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 114fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00413F68: memcpy.MSVCRT ref: 00413FFD
                                                                                                                                                                                • Part of subcall function 00413F68: memcpy.MSVCRT ref: 0041402A
                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,?,00000000), ref: 004223F7
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00422405
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,thumbs.db,00000000), ref: 0042243D
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,.DS_Store,00000000,?), ref: 0042246E
                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(00000000,?), ref: 00422493
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0042249D
                                                                                                                                                                              • wcsrchr.MSVCRT ref: 004224B5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DeleteDirectoryErrorFileLastRemovememcpy$wcsrchr
                                                                                                                                                                              • String ID: .DS_Store$thumbs.db$x
                                                                                                                                                                              • API String ID: 52906473-612621449
                                                                                                                                                                              • Opcode ID: 38d660604e114ccae39110c9255d4a30e9c05fe8d75e81e6d1d1ef9eeeee9a7f
                                                                                                                                                                              • Instruction ID: 56bdb9dbe53b5d31e9934dd9920b5eb15f1a3c06d69f29f5139c5fe561e1796d
                                                                                                                                                                              • Opcode Fuzzy Hash: 38d660604e114ccae39110c9255d4a30e9c05fe8d75e81e6d1d1ef9eeeee9a7f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9241D731A40116ABDB18FBB5CC56AAEB774AF20304F4404AEE401B71D2DB7CAA45C758
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AEAEA Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 004AEB0E
                                                                                                                                                                              • _wtoi.MSVCRT ref: 004AEBB8
                                                                                                                                                                                • Part of subcall function 00423423: GetSystemTime.KERNEL32(00000000,00000000,0042A301,0041E70C), ref: 0042342D
                                                                                                                                                                                • Part of subcall function 00423423: SystemTimeToFileTime.KERNEL32(?,?), ref: 0042343B
                                                                                                                                                                              • _wcsnicmp.MSVCRT ref: 004AEC18
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Time$System$File_wcsnicmp_wtoimemset
                                                                                                                                                                              • String ID: .DEFAULT\Software\SetID\Internal$DATA$Device$ProductName$Software\BitDefender\About$expireTime="$z8fNzLy5vM7Hy8bKurnNuci+z74=
                                                                                                                                                                              • API String ID: 1681671875-1080265314
                                                                                                                                                                              • Opcode ID: f87f47ad639ce2272f93547856ecc2f0341f067e412d8e8fecda9985f6c197c3
                                                                                                                                                                              • Instruction ID: 359d255de218fc987aa52e595a4b0a15f16fd33213e843c8327ee8156f6cdafc
                                                                                                                                                                              • Opcode Fuzzy Hash: f87f47ad639ce2272f93547856ecc2f0341f067e412d8e8fecda9985f6c197c3
                                                                                                                                                                              • Instruction Fuzzy Hash: 59317062B001159BDB50E666CC46BEE72F8AB73744F10007FA806E3281DE7CDF4987A8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046E196 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 62filethreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • fopen.MSVCRT ref: 0046E1CC
                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,toolbar.log,?,toolbar.log,default_offer: %d GetActiveToolbarName: %s,00000000,00000000), ref: 0046E1D5
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0046E1DD
                                                                                                                                                                                • Part of subcall function 004291FF: GetLocalTime.KERNEL32(?,005C5A40,0043268E,?,00000000,?,WSAEnumNetworkEvents error (%d),00000000), ref: 00429203
                                                                                                                                                                                • Part of subcall function 0042A30D: GetDateFormatA.KERNEL32(00000400,00000000,00000000,yyyy'-'MM'-'dd,?,00000030,00000000,005C5A40), ref: 0042A33C
                                                                                                                                                                                • Part of subcall function 0042A30D: GetTimeFormatA.KERNEL32(00000400,00000000,00000000,HH':'mm':'ss',?,00000030), ref: 0042A35B
                                                                                                                                                                              • fprintf.MSVCRT ref: 0046E209
                                                                                                                                                                              • vfprintf.MSVCRT ref: 0046E221
                                                                                                                                                                              • fprintf.MSVCRT ref: 0046E22C
                                                                                                                                                                              • fflush.MSVCRT ref: 0046E232
                                                                                                                                                                              • fclose.MSVCRT ref: 0046E238
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentFormatTimefprintf$DateLocalProcessThreadfclosefflushfopenvfprintf
                                                                                                                                                                              • String ID: [%04u:%04u][%s] $toolbar.log
                                                                                                                                                                              • API String ID: 1551379004-3963340676
                                                                                                                                                                              • Opcode ID: 6a8ba33e752ef3a10202c5948fc7ab37a8ea3900765628fc55f619c5c52366fb
                                                                                                                                                                              • Instruction ID: 2f68ebaf4264b64d1558495c6d4a3fbfcbf6d83aca11b0a52d8c02f1319cb4ac
                                                                                                                                                                              • Opcode Fuzzy Hash: 6a8ba33e752ef3a10202c5948fc7ab37a8ea3900765628fc55f619c5c52366fb
                                                                                                                                                                              • Instruction Fuzzy Hash: 5611A379900208BBDB14FBF6DC47DEF3768AE62718F44006EF501A2192EF3C5A5586AD
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047ACCC Relevance: 16.7, APIs: 11, Instructions: 190COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2009864989-0
                                                                                                                                                                              • Opcode ID: 85803fcfa306c8dc89d39b9cbab18f3c0a129af71c2dbfa3985105ab0a4cc830
                                                                                                                                                                              • Instruction ID: 3b2f2b101e092f849e7e5ceede5e31ff757ea71b8aac1a0858976a9994c586d9
                                                                                                                                                                              • Opcode Fuzzy Hash: 85803fcfa306c8dc89d39b9cbab18f3c0a129af71c2dbfa3985105ab0a4cc830
                                                                                                                                                                              • Instruction Fuzzy Hash: 31717134500206EFCF25EF20C9849EEBBB2FF45308F10881AE84A57651DB39E965DF5A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041E0F1 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 337networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonsmemcpy$atoihtonl
                                                                                                                                                                              • String ID: CONNECT %A HTTP/1.0$CONNECT %s:%d HTTP/1.0$HTTP/1
                                                                                                                                                                              • API String ID: 3388858374-875797864
                                                                                                                                                                              • Opcode ID: a0f25126eab237aa090072b4a766bd759b0ddd7fe008824a65b5dbf496a8a40d
                                                                                                                                                                              • Instruction ID: 4d24658e9c186ca523b604652ef2067b179f0483a8892583d8dd20a37c18dde0
                                                                                                                                                                              • Opcode Fuzzy Hash: a0f25126eab237aa090072b4a766bd759b0ddd7fe008824a65b5dbf496a8a40d
                                                                                                                                                                              • Instruction Fuzzy Hash: 10B15478604248ABDB208F26CC5AFEA3BA5AF55314F18415BFD118B2D2C67DC8C8C75A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004C22A0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 190COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B411E: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,00000000), ref: 004B4138
                                                                                                                                                                                • Part of subcall function 004B411E: CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\uTorrent,00000000), ref: 004B4144
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,00000000), ref: 004C22DD
                                                                                                                                                                                • Part of subcall function 0044D85D: wcschr.MSVCRT ref: 0044D863
                                                                                                                                                                              • _wcsncoll.MSVCRT ref: 004C238B
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004C247F
                                                                                                                                                                                • Part of subcall function 004BCF6C: CopyFileW.KERNEL32(00000000,00000000,00000000,?,?), ref: 004BD043
                                                                                                                                                                                • Part of subcall function 004BD56B: _getpid.MSVCRT(?,?,?,00000000), ref: 004BD5DA
                                                                                                                                                                                • Part of subcall function 004BD56B: GetVersion.KERNEL32(secondary_offers,?,?,?,00000000), ref: 004BD6B8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$ModuleName$??2@CopyCreateDirectoryVersion_getpid_wcsncollwcschr
                                                                                                                                                                              • String ID: .exe$INSTALLDEBUG: InstallEverything() with flags [%d]$Initial download$no toolbar url$offer_urls$uTorrent.exe
                                                                                                                                                                              • API String ID: 1414891605-4127035862
                                                                                                                                                                              • Opcode ID: 6e30ecf9ccb1495da0b297dd0bca7ca07fb0c1d5fb7b256c2b563d9e8c425759
                                                                                                                                                                              • Instruction ID: 75e25ce094b906e1b44d095226b61faa6a5bc4139504fa3d4147243d36c5c749
                                                                                                                                                                              • Opcode Fuzzy Hash: 6e30ecf9ccb1495da0b297dd0bca7ca07fb0c1d5fb7b256c2b563d9e8c425759
                                                                                                                                                                              • Instruction Fuzzy Hash: AC512371A00118ABCF54EFB5DD81EEE77A5AF04318F10417FE905A72A1DBBC8A85CB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0048607E Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysAllocString.OLEAUT32(urn:schemas-upnp-org:device:InternetGatewayDevice:1), ref: 004860C8
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00486138
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00486165
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 004861B3
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 004861E5
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00486217
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00486249
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00486278
                                                                                                                                                                              Strings
                                                                                                                                                                              • urn:schemas-upnp-org:device:InternetGatewayDevice:1, xrefs: 004860C3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Free$Variant$AllocClearInit
                                                                                                                                                                              • String ID: urn:schemas-upnp-org:device:InternetGatewayDevice:1
                                                                                                                                                                              • API String ID: 3564436086-1940194930
                                                                                                                                                                              • Opcode ID: 5d742d73f029f77a5ae55dc4617fc9b3cb4d60dc4a023e68ded24fa94babc6b7
                                                                                                                                                                              • Instruction ID: 345e2ec6045180273e3bdc6b90fc36626356175e8627f1ba5c92a62b3108d74e
                                                                                                                                                                              • Opcode Fuzzy Hash: 5d742d73f029f77a5ae55dc4617fc9b3cb4d60dc4a023e68ded24fa94babc6b7
                                                                                                                                                                              • Instruction Fuzzy Hash: 2C611D70A00219EFCB40EFE5C958DAEBBBAFF89704B104899E501E7251DB349E41DB64
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040886B Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124windowsynchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(00000010,0058E9D0,005A6EC0,02CF0000,00000000,?,?,00000001), ref: 0040890D
                                                                                                                                                                              • GetSystemMetrics.USER32(00000056), ref: 00408926
                                                                                                                                                                              • GetSubMenu.USER32(?,00000001), ref: 0040894E
                                                                                                                                                                              • InsertMenuItemW.USER32(00000000,00000003,00000001,00000030), ref: 00408991
                                                                                                                                                                              • CreateMutexW.KERNEL32(00000000,00000001,0058E9FC,?,00000001), ref: 0040899F
                                                                                                                                                                              • ShowWindow.USER32(?,?,?,00000001), ref: 004089E2
                                                                                                                                                                              • ShowWindow.USER32(?,00000000,?,00000001), ref: 00408A10
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CreateMenuShow$InsertItemMetricsMutexSystem
                                                                                                                                                                              • String ID: 0$Toggle Tablet Mode
                                                                                                                                                                              • API String ID: 4244225428-1031011948
                                                                                                                                                                              • Opcode ID: a7b823317ca32441fdef63e12c96e20bafd5f8bcb79a3a39148999237fb40b96
                                                                                                                                                                              • Instruction ID: c5e7d8a10c438755903c9469c93a084464626c5cbbeaea2794546a9bfb5fcd49
                                                                                                                                                                              • Opcode Fuzzy Hash: a7b823317ca32441fdef63e12c96e20bafd5f8bcb79a3a39148999237fb40b96
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C4125B1940204AAEF34AB71DD56BBB3F65AB62304F04403EE685772D1DE7A4849BF18
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AE879 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 122processwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00411B56: GetFileAttributesW.KERNEL32(00000000,0042A150,005CB350,toolbar.log), ref: 00411B57
                                                                                                                                                                              • memset.MSVCRT ref: 004AE8FD
                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00004008,00000000,00000000,?,?), ref: 004AE967
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 004AE974
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000406,00000000,000071C6), ref: 004AE9A1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AttributesCloseCreateFileHandleMessageProcessSendmemset
                                                                                                                                                                              • String ID: %s %s$%s%s$BitTorrentAntivirus.exe$VirusGuard.exe${A4D77A09-10EA-4574-8C09-9B6E1A21C95F}
                                                                                                                                                                              • API String ID: 934562144-1901726953
                                                                                                                                                                              • Opcode ID: 2ff0b9b6815e870e1144441447db3eb840e4a64ae86fafbf11caee10a0e4810b
                                                                                                                                                                              • Instruction ID: 51c3c280848b070e218821d8b590c3e09fc22f6f2790c251dcb47a32c7117947
                                                                                                                                                                              • Opcode Fuzzy Hash: 2ff0b9b6815e870e1144441447db3eb840e4a64ae86fafbf11caee10a0e4810b
                                                                                                                                                                              • Instruction Fuzzy Hash: AD412071C40118BADB14FBA6DC468EFBB3CAE61314B4004AEB511B30D2EB386B15C699
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B2D85 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 110processCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetEnvironmentVariableW.KERNEL32(COMSPEC,?,00000104,80000001), ref: 004B2DA2
                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,00000000), ref: 004B2DBE
                                                                                                                                                                              • WinExec.KERNEL32(00000000,00000000), ref: 004B2ED4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: EnvironmentExecFolderPathSpecialVariable
                                                                                                                                                                              • String ID: /C $%s -n 2 127.0.0.1$.bat$COMSPEC$Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent$ping.exe
                                                                                                                                                                              • API String ID: 88806063-1091728652
                                                                                                                                                                              • Opcode ID: 6b3e84cbf205fccecb882f849c5ff762d4719553e0e05a9e61fe715eb9e6b8e0
                                                                                                                                                                              • Instruction ID: 9c2f807e042bce277872ec7f592ed1d1d97f53a215c13f8e8e10ca59ed94517d
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b3e84cbf205fccecb882f849c5ff762d4719553e0e05a9e61fe715eb9e6b8e0
                                                                                                                                                                              • Instruction Fuzzy Hash: AE41B431A402199BCB14FB66CD92BDE7775BF64304F4080AAE106A7191EF789F49CF54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00414213 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 108fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0042A0AC: GetFileSize.KERNEL32(00000000,00000000,00000080,?,0042F675,?,00000000,00414236,?,00000000,00000000), ref: 0042A0C9
                                                                                                                                                                                • Part of subcall function 0042A0AC: SetLastError.KERNEL32(00000008), ref: 0042A0E5
                                                                                                                                                                                • Part of subcall function 0042A0AC: CloseHandle.KERNEL32(00000000), ref: 0042A117
                                                                                                                                                                              • memmove.MSVCRT ref: 004142B2
                                                                                                                                                                              • CopyFileW.KERNEL32(?,00000000,00000000,bad,?,?,00000000,?,?,00000000,00000000), ref: 00414336
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CloseCopyErrorHandleLastSizememmove
                                                                                                                                                                              • String ID: Ignore this warning if you switched to 1.6.1 or older and back$Warning: file integrity check failed (%s): %s$bad$d10:.fileguard40:$d10:file_guard40:$hash doesn't match$malformed guard
                                                                                                                                                                              • API String ID: 127261250-433368521
                                                                                                                                                                              • Opcode ID: 1a879b0ac5bc5f7c98fc09202bdaa0f22e52de2caefcb17fa7c21d8c122b8b84
                                                                                                                                                                              • Instruction ID: 00e3ec01e09404a55f6b4e7a9523fb675de05ee168e7751d530c21dec71d6041
                                                                                                                                                                              • Opcode Fuzzy Hash: 1a879b0ac5bc5f7c98fc09202bdaa0f22e52de2caefcb17fa7c21d8c122b8b84
                                                                                                                                                                              • Instruction Fuzzy Hash: A731EA326003089BDF20EFA5DC41ADA3BA8FF64354F14416AFD24671D2DB79D889C799
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A00E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 45libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,?,?,?,?,0040C9B6), ref: 0042A01B
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 0042A02F
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetTickCount), ref: 0042A03C
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(005C5488,?,?,?,?,0040C9B6), ref: 0042A048
                                                                                                                                                                              • QueryPerformanceFrequency.KERNEL32(0040C9B6,?,?,?,?,0040C9B6), ref: 0042A052
                                                                                                                                                                              • RtlInitializeCriticalSection.NTDLL(005C5470), ref: 0042A092
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressPerformanceProcQuery$CounterCriticalFrequencyHandleInitializeModuleSection
                                                                                                                                                                              • String ID: GetTickCount$GetTickCount64$kernel32.dll
                                                                                                                                                                              • API String ID: 123423720-3524577356
                                                                                                                                                                              • Opcode ID: 5a48fb328825733031188523cfe9c1d475109e1d79837a3bc73da13fb6a0fec1
                                                                                                                                                                              • Instruction ID: 8e6f96d005743fc0382e5f81404af2b7cfd6bbc3bed36c3f8e371f805a759f91
                                                                                                                                                                              • Opcode Fuzzy Hash: 5a48fb328825733031188523cfe9c1d475109e1d79837a3bc73da13fb6a0fec1
                                                                                                                                                                              • Instruction Fuzzy Hash: F2015E71D00B18EFDB149FE5EC49A9E7FB8FB65713F10405AE414A3250EB706589DB90
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00492A3B Relevance: 15.3, APIs: 10, Instructions: 290COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 00492A8C
                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 00492B0D
                                                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 00492B42
                                                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 00492B93
                                                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 00492BD2
                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 00492C70
                                                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 00492C9A
                                                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 00492CAD
                                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,-00003A99,00000000), ref: 00492CDB
                                                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 00492D28
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$Leave$Enter$Event$MultipleObjectsWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1523377972-0
                                                                                                                                                                              • Opcode ID: fe1583ff3f9f2a954dd85e9c2c007bb3f21193e2106a4c6209fe250cfb12a4ae
                                                                                                                                                                              • Instruction ID: 1340b4333517cb30f204a5aa147b67c35af141ae9955f19e133f8eb5af7b05fb
                                                                                                                                                                              • Opcode Fuzzy Hash: fe1583ff3f9f2a954dd85e9c2c007bb3f21193e2106a4c6209fe250cfb12a4ae
                                                                                                                                                                              • Instruction Fuzzy Hash: 71B15D71A00609FFDF14DFA8C984EAE7BB8EF14304F10456AE402DB251DB78EA45CB65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00492109 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 73stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strstr
                                                                                                                                                                              • String ID: Duration:$Error$Input $Output $Stream #$frame$time=
                                                                                                                                                                              • API String ID: 1392478783-2086738423
                                                                                                                                                                              • Opcode ID: ecb3b721e9d2d66f104cb0edeca181385c09b51f76f4637d8ffbad7116a1b295
                                                                                                                                                                              • Instruction ID: 1ee8baf28d3e352c73a5ba82ea3b6071178489d0bd8398dbb4ff87cc6b60860a
                                                                                                                                                                              • Opcode Fuzzy Hash: ecb3b721e9d2d66f104cb0edeca181385c09b51f76f4637d8ffbad7116a1b295
                                                                                                                                                                              • Instruction Fuzzy Hash: C111A92574873172DD2872722E27A6E09865B8275CB14083FBA06AF3C6DDEDCC52424F
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043A7C8 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 233COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0040307B: ??2@YAPAXI@Z.MSVCRT ref: 0040308D
                                                                                                                                                                                • Part of subcall function 0040307B: memset.MSVCRT ref: 004030A2
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043AA60
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@??3@memset
                                                                                                                                                                              • String ID: HTTP Error 404$complete$downloaded$failure reason$files$incomplete$l+f
                                                                                                                                                                              • API String ID: 808632339-4183137521
                                                                                                                                                                              • Opcode ID: 7015cc8333067767909c325fca3e4d5ebf168d02d4f82871f2cd65ef51070768
                                                                                                                                                                              • Instruction ID: dd3c77e7e4fc7e4a66ccb72a7ad0b81c195f6c5db04d50d47536dcf6afaee0f1
                                                                                                                                                                              • Opcode Fuzzy Hash: 7015cc8333067767909c325fca3e4d5ebf168d02d4f82871f2cd65ef51070768
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B91CE71A00209EFCB14EFA5C8C19AE77B5FF48308F10542EE59297351DB38AD65CB4A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042ACA5 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 218COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: tcp$udp
                                                                                                                                                                              • API String ID: 0-3725065008
                                                                                                                                                                              • Opcode ID: e248dcf964b98834664920c9be110e538d1313e0eb4a3114fefb03a1eca85e40
                                                                                                                                                                              • Instruction ID: 85335c635189c1f3e53c8589f1014ae5b66a30596d76f4d4ea9d004db9e6710a
                                                                                                                                                                              • Opcode Fuzzy Hash: e248dcf964b98834664920c9be110e538d1313e0eb4a3114fefb03a1eca85e40
                                                                                                                                                                              • Instruction Fuzzy Hash: 7E819E71E002299BCF21CF95E9446AEBBB1EF54301F95806BEC40A7250D33C8AA1DB96
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BCCCF Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 192fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0046B708: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0046B724
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,004C22D0), ref: 004BCD1D
                                                                                                                                                                              • MoveFileW.KERNEL32(00000000,00000000), ref: 004BCE11
                                                                                                                                                                              Strings
                                                                                                                                                                              • Bundled btapp "%s" is ill formed: %s, xrefs: 004BCE56
                                                                                                                                                                              • Failed to install bundled btapp: %s to: %s, xrefs: 004BCE2D
                                                                                                                                                                              • Failed to unpack bundled btapp: %s to: %s, xrefs: 004BCE7F
                                                                                                                                                                              • .btapp, xrefs: 004BCD3F
                                                                                                                                                                              • apps, xrefs: 004BCD06
                                                                                                                                                                              • init_data, xrefs: 004BCE8E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CreateDirectoryModuleMoveName
                                                                                                                                                                              • String ID: .btapp$Bundled btapp "%s" is ill formed: %s$Failed to install bundled btapp: %s to: %s$Failed to unpack bundled btapp: %s to: %s$apps$init_data
                                                                                                                                                                              • API String ID: 643206854-409367887
                                                                                                                                                                              • Opcode ID: 9ad94bd76b64f4443e037d327c5a4369a8d9e3dbf98954601461940db98d5c01
                                                                                                                                                                              • Instruction ID: 0d565d3d6dad6fea2e459556c7afc7d0b37080fb63358223791f804b5b9023c5
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ad94bd76b64f4443e037d327c5a4369a8d9e3dbf98954601461940db98d5c01
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E514471A001159BCB05FBA6C8D28FFB77AAEA4308B54046FE40277292DF3D5E05D7A9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004069B4 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 180windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 004069C7
                                                                                                                                                                              • _wtoi.MSVCRT ref: 00406A11
                                                                                                                                                                              • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00406B3A
                                                                                                                                                                              • AppendMenuW.USER32(?,00000000,?,00000000), ref: 00406B82
                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,?,?,00000000,00000000), ref: 00406BBA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$Append$CheckCreateItemPopupRadio_wtoi
                                                                                                                                                                              • String ID: %d %s$0$`
                                                                                                                                                                              • API String ID: 480207893-4201796428
                                                                                                                                                                              • Opcode ID: 20a596c14e42262731fde7392786d01cbfd52e9eec039bd8b898f2b11e9ab790
                                                                                                                                                                              • Instruction ID: 8c7cf87ce000bb1ea495e9664cb175f1fb5cc341ec7db3d0fcc6ebe7562dde3a
                                                                                                                                                                              • Opcode Fuzzy Hash: 20a596c14e42262731fde7392786d01cbfd52e9eec039bd8b898f2b11e9ab790
                                                                                                                                                                              • Instruction Fuzzy Hash: F5616B71A002199BDF14EF99C881AAEB7B0FF45310F11846BE812BB291D7789A51DF54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046E4B1 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 147encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CertGetCertificateChain.CRYPT32(00000000,?,00000000,00540704,?,00000000,00000000,?), ref: 0046E541
                                                                                                                                                                              • CertFreeCertificateChain.CRYPT32(?), ref: 0046E553
                                                                                                                                                                              • CertVerifyCertificateChainPolicy.CRYPT32(00000004,?,?,?), ref: 0046E5B2
                                                                                                                                                                              • CertFreeCertificateChain.CRYPT32(?), ref: 0046E615
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CertCertificateChain$Free$PolicyVerify
                                                                                                                                                                              • String ID: 1.3.6.1.4.1.311.10.3.3$1.3.6.1.5.5.7.3.1$1.3.6.1.5.5.7.3.2$2.16.840.1.113730.4.1
                                                                                                                                                                              • API String ID: 3721233588-1227942565
                                                                                                                                                                              • Opcode ID: d6d6855108797b582bd87fcce0daf1ea34becce448baedbe2e4e3c3d10767239
                                                                                                                                                                              • Instruction ID: 66b932e0a3a32f5533fcf8c916afeea2cea08a6b21e649f5ebbcd667924175e1
                                                                                                                                                                              • Opcode Fuzzy Hash: d6d6855108797b582bd87fcce0daf1ea34becce448baedbe2e4e3c3d10767239
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A515BB9D00208BFDF11DFE9C8849DEBBF8BF18304F14846AE501A7251E374AA49DB52
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047AA61 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl
                                                                                                                                                                              • String ID: $
                                                                                                                                                                              • API String ID: 2009864989-3993045852
                                                                                                                                                                              • Opcode ID: 342c6243676635f7393f92120ebec483e53674eae740e218e4928c6102a27284
                                                                                                                                                                              • Instruction ID: 03678d5e34a4d5ac1609e7c2987ee4c33a1d172319b15f98377b092baa94cf3f
                                                                                                                                                                              • Opcode Fuzzy Hash: 342c6243676635f7393f92120ebec483e53674eae740e218e4928c6102a27284
                                                                                                                                                                              • Instruction Fuzzy Hash: B3419830A00205EFCB24EFA5C984DAEBBF6FF84304B14842EE51A97251D734AA55CB01
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045A36F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 102networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAGetLastError.WS2_32(?,?,00000002,00000000,00000000,00AFAF58,00000000,00000000,00000000,00AFAF30,?,00417796,00000000,?,?,?), ref: 0045A3E6
                                                                                                                                                                              • setsockopt.WS2_32(?,0000FFFF,00001002,?,00000004), ref: 0045A43A
                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 0045A441
                                                                                                                                                                              • setsockopt.WS2_32(?,0000FFFF,00001001,00200000,00000004), ref: 0045A46E
                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 0045A475
                                                                                                                                                                              Strings
                                                                                                                                                                              • UDP setsockopt(SO_SNDBUF, %d) failed: %d, xrefs: 0045A47F
                                                                                                                                                                              • UDP setsockopt(SO_RCVBUF, %d) failed: %d, xrefs: 0045A44B
                                                                                                                                                                              • UDP port bind failed %A: (%d) %s, xrefs: 0045A3F8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$setsockopt
                                                                                                                                                                              • String ID: UDP port bind failed %A: (%d) %s$UDP setsockopt(SO_RCVBUF, %d) failed: %d$UDP setsockopt(SO_SNDBUF, %d) failed: %d
                                                                                                                                                                              • API String ID: 3136324617-2727696618
                                                                                                                                                                              • Opcode ID: f54322d3d51eb3482c5fe3ab1340f0bfb46a6d3dac961f2b25b49dae4e6b1838
                                                                                                                                                                              • Instruction ID: 45a893cfafaf6d443a44e01bef03255a46bf6d9a7759405aaabb5a4aec76ff94
                                                                                                                                                                              • Opcode Fuzzy Hash: f54322d3d51eb3482c5fe3ab1340f0bfb46a6d3dac961f2b25b49dae4e6b1838
                                                                                                                                                                              • Instruction Fuzzy Hash: C6313071600204ABDF209FB08C46FBE3764AF45325F10032EFA119B2C3D7B88D9997A6
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B09FF Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateSolidBrush.GDI32 ref: 004B0A17
                                                                                                                                                                              • CreateSolidBrush.GDI32 ref: 004B0A22
                                                                                                                                                                              • FrameRect.USER32(?,?,?), ref: 004B0A96
                                                                                                                                                                              • FillRect.USER32(?,?,00000000), ref: 004B0ABA
                                                                                                                                                                              • SetRect.USER32(?,?,?,?,?), ref: 004B0AD0
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 004B0AF6
                                                                                                                                                                              • DeleteObject.GDI32(00000028), ref: 004B0AFB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Rect$BrushCreateDeleteObjectSolid$FillFrame
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 1447925082-3887548279
                                                                                                                                                                              • Opcode ID: bc4293e83c9d2646fbf844482b079752ceed05afef81b4d1894c11dea909006f
                                                                                                                                                                              • Instruction ID: 1bcd8f51b02389910d459760803bbf70218ed90fc27dc7cf6d3c922933bbd9cd
                                                                                                                                                                              • Opcode Fuzzy Hash: bc4293e83c9d2646fbf844482b079752ceed05afef81b4d1894c11dea909006f
                                                                                                                                                                              • Instruction Fuzzy Hash: 6C41F47190020AEFCF10CFA9C9849DEBBF5FF58314F14482AE915A3210E735AA55DF60
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004746EE Relevance: 13.7, APIs: 9, Instructions: 201stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(00AFAF30,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,0047B0CA), ref: 00474768
                                                                                                                                                                              • memcpy.MSVCRT ref: 00474796
                                                                                                                                                                              • strrchr.MSVCRT ref: 004747A0
                                                                                                                                                                              • atoi.MSVCRT ref: 004747DF
                                                                                                                                                                              • strrchr.MSVCRT ref: 00474806
                                                                                                                                                                              • strchr.MSVCRT ref: 0047483D
                                                                                                                                                                              • GetLastError.KERNEL32(00AFAF30,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,0047B0CA), ref: 00474860
                                                                                                                                                                              • memcpy.MSVCRT ref: 00474887
                                                                                                                                                                              • atoi.MSVCRT ref: 004748AA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastatoimemcpystrrchr$strchr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 851569736-0
                                                                                                                                                                              • Opcode ID: 08dcd1bbcb376014ca790f262acec1e71a4d8d27838ace4d7cdb5f483b06df7d
                                                                                                                                                                              • Instruction ID: 43bbcf48ab07772e14b9179959871a0d748a8bedad434cc58dbe2fa194ef3dcd
                                                                                                                                                                              • Opcode Fuzzy Hash: 08dcd1bbcb376014ca790f262acec1e71a4d8d27838ace4d7cdb5f483b06df7d
                                                                                                                                                                              • Instruction Fuzzy Hash: 7561F575D042989FCB12EFB4C841AFF77A5AF82304F06805BF845AB241DB7D9A06C796
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00478821 Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 149COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • [DISTSHARE] Authentication key does not exist!, xrefs: 00478886
                                                                                                                                                                              • [DISTSHARE] Distributed Share Server did not like our request., xrefs: 004789B4
                                                                                                                                                                              • [DISTSHARE] Invalid Distributed Share response command %c, xrefs: 004789A0
                                                                                                                                                                              • [DISTSHARE] announce verification failed, code %i, xrefs: 00478976
                                                                                                                                                                              • [DISTSHARE] Server signature could not be obtained., xrefs: 004788EC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                              • String ID: [DISTSHARE] Authentication key does not exist!$[DISTSHARE] Distributed Share Server did not like our request.$[DISTSHARE] Invalid Distributed Share response command %c$[DISTSHARE] Server signature could not be obtained.$[DISTSHARE] announce verification failed, code %i
                                                                                                                                                                              • API String ID: 3510742995-2133512705
                                                                                                                                                                              • Opcode ID: 7e5718b3d53f2b697135a956e925e05740d6ce4386444e3cb5cb8c33c6da4090
                                                                                                                                                                              • Instruction ID: 26e59954093c7623aee3ecc538b0e8fab83384f84c1823c3f97175e66df23dbb
                                                                                                                                                                              • Opcode Fuzzy Hash: 7e5718b3d53f2b697135a956e925e05740d6ce4386444e3cb5cb8c33c6da4090
                                                                                                                                                                              • Instruction Fuzzy Hash: 0A51E5B1640209ABCF10EF65DC85EFE77B9BF55308F00401EF915672A1DB789E059B1A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045AA32 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 144stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _strnicmpstrtoul$_strcmpi
                                                                                                                                                                              • String ID: $$JanFebMarAprMayJunJulAugSepOctNovDec
                                                                                                                                                                              • API String ID: 4054529845-997455405
                                                                                                                                                                              • Opcode ID: c9185987eafa199b5d9943728dfc03a59c4510d58031438b586c0dd6781e66ff
                                                                                                                                                                              • Instruction ID: 0eb0a43d6553a0fa0258429946d3cd2f39d4af5e62288258c51dcc68da70f9af
                                                                                                                                                                              • Opcode Fuzzy Hash: c9185987eafa199b5d9943728dfc03a59c4510d58031438b586c0dd6781e66ff
                                                                                                                                                                              • Instruction Fuzzy Hash: 2F4114259041086FDF228A588A517FBB7A69B17316F240227EDC257203D23C5E6FE79F
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 005009E6 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 91stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • strncpy.MSVCRT ref: 00500A25
                                                                                                                                                                                • Part of subcall function 00407E0F: ??2@YAPAXI@Z.MSVCRT ref: 00407E1E
                                                                                                                                                                              • strncpy.MSVCRT ref: 00500A6C
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,1.2,75C05540,?,http://apps.bittorrent.com/utorrent-onboarding/player.btapp,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00500ADD
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,?,?,?), ref: 00500AE5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeLibrarystrncpy$??2@
                                                                                                                                                                              • String ID: 1.2$TX\$http://apps.bittorrent.com/utorrent-onboarding/player.btapp
                                                                                                                                                                              • API String ID: 4167094504-3932722513
                                                                                                                                                                              • Opcode ID: b08f2930d357a1bee0762ed0dccd11d462a4704b028df104db460b6e4ca87c47
                                                                                                                                                                              • Instruction ID: 99e35d5f6bdbe4fbde2628d8d4438d402d3027892c9cd4b39dbda414bfeec687
                                                                                                                                                                              • Opcode Fuzzy Hash: b08f2930d357a1bee0762ed0dccd11d462a4704b028df104db460b6e4ca87c47
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E31D6309002056ADB24FFE6DD52FFE7B64BF20308F44056FA501A20D2DF786A08DB55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A61B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?,?,?), ref: 0042A63A
                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0042A647
                                                                                                                                                                              • GetDateFormatA.KERNEL32(00000400,00000000,?,yyyy'-'MM'-'dd,?,00000030), ref: 0042A664
                                                                                                                                                                              • GetTimeFormatA.KERNEL32(00000400,00000000,?,HH':'mm':'ss',?,00000030), ref: 0042A686
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Time$File$Format$DateLocalSystem
                                                                                                                                                                              • String ID: $HH':'mm':'ss'$yyyy'-'MM'-'dd
                                                                                                                                                                              • API String ID: 4010208002-3930022183
                                                                                                                                                                              • Opcode ID: d9efcf9e49c37f149689bc85de19a6cba047cd51d855113655c654409ac275d3
                                                                                                                                                                              • Instruction ID: 52d136e6fafb3d768e301de08a8a2b78126ce9ec683be9697749bd62db0a6b66
                                                                                                                                                                              • Opcode Fuzzy Hash: d9efcf9e49c37f149689bc85de19a6cba047cd51d855113655c654409ac275d3
                                                                                                                                                                              • Instruction Fuzzy Hash: C5018076600218BBEB10EBA59C49FEF7B6CFF45744F140429BA05D7190D774AA0A8BA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00460A5C Relevance: 12.3, APIs: 8, Instructions: 284memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00460B16
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00460B6B
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00460BF1
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00460C0B
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00460C5E
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00460C72
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00460CC3
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00460CD9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Free$Alloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 986138563-0
                                                                                                                                                                              • Opcode ID: 5fad6d48bbf37b4151d0060ed3536b20e3d435fa8c18fc1bf8573a43d7901040
                                                                                                                                                                              • Instruction ID: 4160c116198886440640ab9cbc59f106a926920dce9ebab19336b66c6a410273
                                                                                                                                                                              • Opcode Fuzzy Hash: 5fad6d48bbf37b4151d0060ed3536b20e3d435fa8c18fc1bf8573a43d7901040
                                                                                                                                                                              • Instruction Fuzzy Hash: 4AA13975A002099FCB14DFE4C888CAFB7B9FF8931471449A9E506EB350DB39AC82CB55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00448691 Relevance: 12.2, APIs: 1, Strings: 7, Instructions: 238COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _strcmpi
                                                                                                                                                                              • String ID: %s%S$activation response (%d): body = %s, err = %S$activation.log$license_key$maximum activations$signature$successfully activated
                                                                                                                                                                              • API String ID: 1439213657-631466188
                                                                                                                                                                              • Opcode ID: 6f3333eb2a25fcdc4ee13b5df96d9e696947fc73bcaccc9da1531c838372f2cc
                                                                                                                                                                              • Instruction ID: b9b6073873244b9bb13e96c7bfcbe25ae6e2204802f2dc17ef765bd9925fcd51
                                                                                                                                                                              • Opcode Fuzzy Hash: 6f3333eb2a25fcdc4ee13b5df96d9e696947fc73bcaccc9da1531c838372f2cc
                                                                                                                                                                              • Instruction Fuzzy Hash: F9711131A00218ABDF25FB61DC92EEE7B65AB51308F10406FF40167292DF789E89CB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0050457B Relevance: 12.2, APIs: 8, Instructions: 237COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(?,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,004C9B71,?), ref: 005045AE
                                                                                                                                                                              • SetWindowPos.USER32(?,?,?,?,00000000,00000000,00000000,?,00000000,00000000), ref: 005045D9
                                                                                                                                                                              • EqualRect.USER32(00000008), ref: 0050464C
                                                                                                                                                                              • IntersectRect.USER32(?,00000018,00000008), ref: 0050468B
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00504779
                                                                                                                                                                              • ShowWindow.USER32(?,00000005,?,00000000,00000000,?,?,?,?,?,?,?,?,004C9B71,?), ref: 005047B0
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,?,?,00000000,00000000), ref: 005047D9
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 005047ED
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$RectShow$??3@EqualIntersect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3456752435-0
                                                                                                                                                                              • Opcode ID: dc9eb97afeab87a96830ae3b5a1a87a417d31f5e8a0d44a59350c979755d8089
                                                                                                                                                                              • Instruction ID: aaf5977a1926cfe52b6dfb42336cb6671092d6a678745ff6a8c7659dbfab6096
                                                                                                                                                                              • Opcode Fuzzy Hash: dc9eb97afeab87a96830ae3b5a1a87a417d31f5e8a0d44a59350c979755d8089
                                                                                                                                                                              • Instruction Fuzzy Hash: 1E91EEB19002059FEF21DF55C981AAEFBB1FF81304B148918EA86672D5E730BD46CF90
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040289D Relevance: 12.2, APIs: 8, Instructions: 187windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004020F5: GetDlgItem.USER32(?,00FF06BD), ref: 0040212A
                                                                                                                                                                                • Part of subcall function 004020F5: IsWindowVisible.USER32(00000000), ref: 0040212D
                                                                                                                                                                                • Part of subcall function 004020F5: GetDlgItem.USER32(?,00FF06BD), ref: 0040213C
                                                                                                                                                                                • Part of subcall function 004020F5: ShowWindow.USER32(00000000,00000000,?,?,?,004028B1,?), ref: 00402141
                                                                                                                                                                                • Part of subcall function 004020F5: GetDlgItem.USER32(?,00FF06BE), ref: 00402175
                                                                                                                                                                                • Part of subcall function 004020F5: IsWindowVisible.USER32(00000000), ref: 00402178
                                                                                                                                                                                • Part of subcall function 004020F5: GetDlgItem.USER32(?,000006C0), ref: 004021B8
                                                                                                                                                                                • Part of subcall function 004020F5: ShowWindow.USER32(00000000,00000000,?,?,?,004028B1,?), ref: 004021BD
                                                                                                                                                                              • GetDlgItem.USER32(?,000006BF), ref: 00402939
                                                                                                                                                                              • SendMessageW.USER32(?,0000000C,00000000,00000000), ref: 0040294E
                                                                                                                                                                              • GetDlgItem.USER32(?,000006BF), ref: 00402961
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402966
                                                                                                                                                                              • GetDlgItem.USER32(?,000006C0), ref: 004029F3
                                                                                                                                                                              • SendMessageW.USER32(?,0000000C,00000000,00000000), ref: 00402A08
                                                                                                                                                                              • GetDlgItem.USER32(?,000006C0), ref: 00402A1B
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402A20
                                                                                                                                                                                • Part of subcall function 004027BA: GetDlgItem.USER32(?,?), ref: 004027CC
                                                                                                                                                                                • Part of subcall function 004027BA: 73A1A570.USER32(00000000), ref: 004027D5
                                                                                                                                                                                • Part of subcall function 004027BA: DrawTextW.USER32(00000000,00000000,00000000,?,00000400), ref: 0040281D
                                                                                                                                                                                • Part of subcall function 004027BA: SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000002), ref: 00402841
                                                                                                                                                                                • Part of subcall function 00401C29: GetDlgItem.USER32(?,?), ref: 00401C43
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$Window$Show$MessageSendVisible$A570DrawText
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2379731705-0
                                                                                                                                                                              • Opcode ID: 9ac5e95ee97871a29a0d0ffee751d553538ac3ba6d5b9ecb32c86e771e595f73
                                                                                                                                                                              • Instruction ID: 839fdc52909fbf4f53f277b11024cf7615ea41d8d590531e969756ab8ba532c9
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ac5e95ee97871a29a0d0ffee751d553538ac3ba6d5b9ecb32c86e771e595f73
                                                                                                                                                                              • Instruction Fuzzy Hash: F051B470A00205BBDB14EBA6CD49EAFBBB9EF54304F10446AF505B72E1DB789E41CB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004C802D Relevance: 12.2, APIs: 8, Instructions: 179COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,0000001A), ref: 004C8093
                                                                                                                                                                              • GetDlgItem.USER32(?,00000633), ref: 004C80B1
                                                                                                                                                                              • GetDlgItem.USER32(?,00000024), ref: 004C810A
                                                                                                                                                                              • GetDlgItem.USER32(?,000005BB), ref: 004C8163
                                                                                                                                                                              • GetDlgItem.USER32(?,0000063B), ref: 004C81A5
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004C81E3
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,-00000003,004C9AC3,?,0000005A,00000210,?,?,00000000,?,?,?,004C9B69,?), ref: 004C820B
                                                                                                                                                                              • AnimateWindow.USER32(?,000000C8,00040008), ref: 004C8226
                                                                                                                                                                                • Part of subcall function 0050452B: memset.MSVCRT ref: 00504558
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$Window$AnimateClientRectmemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1579412808-0
                                                                                                                                                                              • Opcode ID: 01496fc11dc155ead2ce3b4813d39974035ca75d110b1191acfeb4097ef2ffbf
                                                                                                                                                                              • Instruction ID: 8542fe5c1d3764d5cce88fa7e21c0ceac12f7cd57cdfb21eccdb1e5cb9f9220a
                                                                                                                                                                              • Opcode Fuzzy Hash: 01496fc11dc155ead2ce3b4813d39974035ca75d110b1191acfeb4097ef2ffbf
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B61DE74600605ABDB20EF64DD89F9B7BF5BF8A301F14840EEA568B391CB34E906CB10
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040634D Relevance: 12.2, APIs: 8, Instructions: 170windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ceil.MSVCRT ref: 004063E5
                                                                                                                                                                              • MulDiv.KERNEL32(00000007,00000060,00000007), ref: 004063FF
                                                                                                                                                                              • GetDlgItem.USER32(?,000001BC), ref: 00406487
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000040A,00000005,?), ref: 0040649B
                                                                                                                                                                                • Part of subcall function 004D72F6: SendMessageW.USER32(?,00000434,00000000,?), ref: 004D7328
                                                                                                                                                                              • GetDlgItem.USER32(?,000001BC), ref: 004064B6
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000040A,00000001,?), ref: 004064C4
                                                                                                                                                                              • GetDlgItem.USER32(?,000001BC), ref: 004064DF
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000040A,00000006,?), ref: 004064ED
                                                                                                                                                                                • Part of subcall function 00404290: GetClientRect.USER32(?,?), ref: 004042A7
                                                                                                                                                                                • Part of subcall function 00404290: GetDlgItem.USER32(?,000001BC), ref: 004042BB
                                                                                                                                                                                • Part of subcall function 00404290: GetClientRect.USER32(00000000,?), ref: 004042C6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemMessageSend$ClientRect$ceil
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1629622506-0
                                                                                                                                                                              • Opcode ID: c83be16c98951e580d574506c806441072cb494dd82e0b9d6b0b2d7bf3b1f71d
                                                                                                                                                                              • Instruction ID: 9d7323d414cb5ce566bb72226b7cf9b2c9ddddfe192f05af6543d8de20ea3f3a
                                                                                                                                                                              • Opcode Fuzzy Hash: c83be16c98951e580d574506c806441072cb494dd82e0b9d6b0b2d7bf3b1f71d
                                                                                                                                                                              • Instruction Fuzzy Hash: 4751B571E00219AFDF14DFA9C9959AEBBB4EF49304F11016EF901F7291E674AE40CB94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042C64C Relevance: 12.1, APIs: 8, Instructions: 126networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0042C563: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,00000000,0042CC12,00000000), ref: 0042C578
                                                                                                                                                                              • GetExtendedTcpTable.IPHLPAPI(00000000,?,00000001,00000002,00000004,00000000), ref: 0042C695
                                                                                                                                                                              • memset.MSVCRT ref: 0042C6CA
                                                                                                                                                                              • GetExtendedTcpTable.IPHLPAPI(?,?,00000001,00000002,00000004,00000000), ref: 0042C6E1
                                                                                                                                                                              • htons.WS2_32(?), ref: 0042C708
                                                                                                                                                                              • htons.WS2_32(?), ref: 0042C714
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExtendedTablehtons$LibraryLoadmemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3042349060-0
                                                                                                                                                                              • Opcode ID: 6c0905459b63f0c88a1f5e76fa3b3a51f607fb3eaf4ffbe02118cadc937a4546
                                                                                                                                                                              • Instruction ID: 34be5d91ae8fbcb18cc4243758e6957549caaa6606606a37deb46a85f7865523
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c0905459b63f0c88a1f5e76fa3b3a51f607fb3eaf4ffbe02118cadc937a4546
                                                                                                                                                                              • Instruction Fuzzy Hash: 68415070E00229ABCF20EB95D985AEEB7B8AF55704F50045BF505B7281D7789E80CB69
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00504432 Relevance: 12.1, APIs: 8, Instructions: 98COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 00504470
                                                                                                                                                                              • GetWindowRect.USER32(?,00000008), ref: 0050449B
                                                                                                                                                                              • SetRect.USER32(00000028,00000000,?,004C9861,?), ref: 005044D2
                                                                                                                                                                              • GetParent.USER32(00000000), ref: 005044F7
                                                                                                                                                                              • ClientToScreen.USER32(00000000), ref: 005044FA
                                                                                                                                                                              • GetParent.USER32(00000000), ref: 00504506
                                                                                                                                                                              • ClientToScreen.USER32(00000000), ref: 00504509
                                                                                                                                                                              • SetRect.USER32(-00000018,004C9861,?,00000000,?), ref: 0050451F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Rect$ClientParentScreen$Windowmemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 346976334-0
                                                                                                                                                                              • Opcode ID: 343a356e618d9fced1d23530ebbb7c1285139d6ab114d464caa682c32dccbf0e
                                                                                                                                                                              • Instruction ID: 43b2561c52fbb3ea176aa93521a19971d024fc72748dd7a7caf7e71c712822de
                                                                                                                                                                              • Opcode Fuzzy Hash: 343a356e618d9fced1d23530ebbb7c1285139d6ab114d464caa682c32dccbf0e
                                                                                                                                                                              • Instruction Fuzzy Hash: 883148B6900609AFDB20DF69C984AAEBBF8FF58300B148529E955E7251D334ED15CFA0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AABAE Relevance: 12.1, APIs: 8, Instructions: 94windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • 73A1A570.USER32 ref: 004AABC0
                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004AABD0
                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 004AABE0
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004AABEC
                                                                                                                                                                              • MulDiv.KERNEL32(00000056,00000060), ref: 004AAC13
                                                                                                                                                                              • DrawTextW.USER32(?,005633F8,?,?,00000C10), ref: 004AAC67
                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 004AAC73
                                                                                                                                                                              • MulDiv.KERNEL32(?,00000060,00000008), ref: 004AAC94
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ObjectSelect$A570ClientDrawMessageRectSendText
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 151209708-0
                                                                                                                                                                              • Opcode ID: 3a7ad73a9e61345e676c1dcdfadb8322d98fed2a11bcc70707de89fb5b48d33b
                                                                                                                                                                              • Instruction ID: 35dc2086f6df416ea5b156c05114d9b4d7f0385ca5954438e2c3d7cbfffb6e5f
                                                                                                                                                                              • Opcode Fuzzy Hash: 3a7ad73a9e61345e676c1dcdfadb8322d98fed2a11bcc70707de89fb5b48d33b
                                                                                                                                                                              • Instruction Fuzzy Hash: 83318E36A00209AFEB20DFA4DC05BAE7B7AEF59310F148116F601A72A0D775AE55DB50
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004F85C9 Relevance: 12.1, APIs: 8, Instructions: 84processCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 004F85E3
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000001,00000002,?,00000001,00000000), ref: 004F8604
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,?,00000001,00000000), ref: 004F8608
                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00000001,00000000), ref: 004F860B
                                                                                                                                                                              • CreateProcessW.KERNEL32(004B2D83,00000000,00000000,00000000,00000000,00000000,00000000,004B2D83,?,004F869C,?,00000001,00000000), ref: 004F864C
                                                                                                                                                                              • CloseHandle.KERNEL32(004F869C,?,00000001,00000000), ref: 004F8670
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000001,00000000), ref: 004F8675
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000001,00000000), ref: 004F867E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Handle$CloseProcess$Current$CreateDuplicatememset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 882071121-0
                                                                                                                                                                              • Opcode ID: 785b33aa29565edf4f192d9c8a1652874703f4982a017293b3a4bdb9ad4862b3
                                                                                                                                                                              • Instruction ID: 7ceb8e3a31320d1fc083e6eafec3e4750b1fb3bf39481c1d628e7418beef31f4
                                                                                                                                                                              • Opcode Fuzzy Hash: 785b33aa29565edf4f192d9c8a1652874703f4982a017293b3a4bdb9ad4862b3
                                                                                                                                                                              • Instruction Fuzzy Hash: A0217771D0021CABDB219FA5CC89DEFBFB9EF84710F04842AFA04EA250D7359941DBA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00442987 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 347COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • l+f, xrefs: 00442CCC
                                                                                                                                                                              • uTorrent/3300, xrefs: 00442CF8
                                                                                                                                                                              • &ipv6=%U, xrefs: 00442AD7
                                                                                                                                                                              • %S%cinfo_hash=%.20U&peer_id=%.20U&port=%d&uploaded=%Ld&downloaded=%Ld&left=%Ld&corrupt=%Ld&key=%.8X%s&numwant=%d&compact=1&no_peer_id=1%s%s, xrefs: 00442C9A
                                                                                                                                                                              • &ip=%U, xrefs: 00442A52
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %S%cinfo_hash=%.20U&peer_id=%.20U&port=%d&uploaded=%Ld&downloaded=%Ld&left=%Ld&corrupt=%Ld&key=%.8X%s&numwant=%d&compact=1&no_peer_id=1%s%s$&ip=%U$&ipv6=%U$uTorrent/3300$l+f
                                                                                                                                                                              • API String ID: 0-3181035344
                                                                                                                                                                              • Opcode ID: 0e7dc831e639b1c5ec644ddef4ee65990ea07b1e5fa893d0c203d5279061b03e
                                                                                                                                                                              • Instruction ID: 32b5b6ca32ba29dd87ac445f6e92d4779a4065b07003c63180b4d985d3cd685d
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e7dc831e639b1c5ec644ddef4ee65990ea07b1e5fa893d0c203d5279061b03e
                                                                                                                                                                              • Instruction Fuzzy Hash: 9ED12471500248AFEF24DFA4C891EEA3BA9FF58304F04412EFD559B292DB79E948CB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004C2092 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00407E0F: ??2@YAPAXI@Z.MSVCRT ref: 00407E1E
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp,0040D8A0,?,74DEE7E0,00000000,?,0040D8A0,?,?,?,?,?,PERFORMINSTALL), ref: 004C2122
                                                                                                                                                                                • Part of subcall function 00405600: InterlockedDecrement.KERNEL32(000000D8), ref: 0040560B
                                                                                                                                                                                • Part of subcall function 00405600: ??3@YAXPAX@Z.MSVCRT ref: 00405623
                                                                                                                                                                                • Part of subcall function 004BC5CB: memset.MSVCRT ref: 004BC5ED
                                                                                                                                                                                • Part of subcall function 004BC5CB: strncpy.MSVCRT ref: 004BC5FB
                                                                                                                                                                                • Part of subcall function 004BC5CB: InterlockedExchangeAdd.KERNEL32(005CB320,00000001), ref: 004BC64E
                                                                                                                                                                                • Part of subcall function 004BC5CB: CloseHandle.KERNEL32(00000000,DownloadThread,00000000,00000000,Function_000B6F21,00000000,00000000,?,?,?,?,00000000,00000000,00000002,?,005A00F8), ref: 004BC66C
                                                                                                                                                                                • Part of subcall function 004033B6: InterlockedDecrement.KERNEL32(00000098), ref: 004033BE
                                                                                                                                                                              Strings
                                                                                                                                                                              • http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp, xrefs: 004C20AE, 004C20F9
                                                                                                                                                                              • TX\, xrefs: 004C209E
                                                                                                                                                                              • http://apps.bittorrent.com/utorrent-onboarding/player.btapp, xrefs: 004C21CF, 004C2215
                                                                                                                                                                              • http://apps.bittorrent.com/utorrent-onboarding/plus2.btapp, xrefs: 004C2239, 004C223E
                                                                                                                                                                              • http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp, xrefs: 004C2165, 004C21AB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Interlocked$Decrement$??2@??3@CloseCreateDirectoryExchangeHandlememsetstrncpy
                                                                                                                                                                              • String ID: TX\$http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp$http://apps.bittorrent.com/utorrent-onboarding/player.btapp$http://apps.bittorrent.com/utorrent-onboarding/plus2.btapp$http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp
                                                                                                                                                                              • API String ID: 2060497741-2936358049
                                                                                                                                                                              • Opcode ID: 1b3a904512a6fe714e53297124c3daf6d4ec5826dec2e10c8a7ee878c824e8c8
                                                                                                                                                                              • Instruction ID: 59197669e859230e7fbad71da89e2ecfad5c442eb00c1e04cd3a26a52fb09b81
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b3a904512a6fe714e53297124c3daf6d4ec5826dec2e10c8a7ee878c824e8c8
                                                                                                                                                                              • Instruction Fuzzy Hash: 0B518639B415087ACB04EAE2C9D2FEE7769AF44704F4404BEA602771C1DFB86A49C755
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BAB34 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetParent.USER32(?), ref: 004BABF4
                                                                                                                                                                              • GetDlgItem.USER32(?,00000536), ref: 004BAC0F
                                                                                                                                                                              • GetDlgItem.USER32(?,00000536), ref: 004BAC38
                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 004BAC3E
                                                                                                                                                                                • Part of subcall function 004A75E1: IsDlgButtonChecked.USER32(?,?), ref: 004A75EB
                                                                                                                                                                                • Part of subcall function 004A75FA: GetDlgItem.USER32(?,00000000), ref: 004A7604
                                                                                                                                                                                • Part of subcall function 004A75FA: EnableWindow.USER32(00000000,00000000), ref: 004A7611
                                                                                                                                                                                • Part of subcall function 004A75C5: CheckDlgButton.USER32(?,?,00000000), ref: 004A75D8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$ButtonWindow$CheckCheckedEnableParentText
                                                                                                                                                                              • String ID: checkboxes$depends_on
                                                                                                                                                                              • API String ID: 4158941470-3247144423
                                                                                                                                                                              • Opcode ID: 91718cc929e07344cbda397b18714f74464f2a206912a555444feb006d174734
                                                                                                                                                                              • Instruction ID: 7174cbb0397853b7406082c38f5167f4506a3982a0054b15866112fd3423dc49
                                                                                                                                                                              • Opcode Fuzzy Hash: 91718cc929e07344cbda397b18714f74464f2a206912a555444feb006d174734
                                                                                                                                                                              • Instruction Fuzzy Hash: 22513431B00604BBCB14AB76CC51AEF7B7AAFA6345F00401FF80657791DA3C9E459B6A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B03BE Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,?,?), ref: 004B052A
                                                                                                                                                                                • Part of subcall function 00458A25: ??2@YAPAXI@Z.MSVCRT ref: 00458A36
                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,00000000), ref: 004B055C
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 004B0570
                                                                                                                                                                              • InterlockedDecrement.KERNEL32(005CB10C), ref: 004B0583
                                                                                                                                                                                • Part of subcall function 00407E0F: ??2@YAPAXI@Z.MSVCRT ref: 00407E1E
                                                                                                                                                                              Strings
                                                                                                                                                                              • TX\, xrefs: 004B040A
                                                                                                                                                                              • The install of %s failed. %s(%d). [%s] [%s], xrefs: 004B050E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@Message$DecrementDeleteFileInterlocked
                                                                                                                                                                              • String ID: TX\$The install of %s failed. %s(%d). [%s] [%s]
                                                                                                                                                                              • API String ID: 3205285444-3815849028
                                                                                                                                                                              • Opcode ID: fbaf2f0d418c81be9cb542aae3feef93dda91c88629c877987f3ea6410296000
                                                                                                                                                                              • Instruction ID: dd00c8dd792ae63b347463ee236dc213a95feb5a706b6d6baee2840a1be2258c
                                                                                                                                                                              • Opcode Fuzzy Hash: fbaf2f0d418c81be9cb542aae3feef93dda91c88629c877987f3ea6410296000
                                                                                                                                                                              • Instruction Fuzzy Hash: A9511271940109AADB14FBE2DC928FFB77DAE60304B5045BEA502720E2DF396F19CB64
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00412A31 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                                              • String ID: .$0$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                              • API String ID: 1302938615-1972522466
                                                                                                                                                                              • Opcode ID: 719a45dfc4a38f6dd1a3f024b378f72643402d2d943a6f2541fac910709cec79
                                                                                                                                                                              • Instruction ID: bcd3d918833e9ca48311df455bbbcd4a0e0a14cddc524e7e88062b5a1c4f40c0
                                                                                                                                                                              • Opcode Fuzzy Hash: 719a45dfc4a38f6dd1a3f024b378f72643402d2d943a6f2541fac910709cec79
                                                                                                                                                                              • Instruction Fuzzy Hash: 54510B302083495AEF229EA8CB85BDF3B54AF15388F04456AED41C73C2D3F899E5C399
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041437E Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 137memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 0041439C
                                                                                                                                                                                • Part of subcall function 00413D55: HeapWalk.KERNEL32(00000000,00000838,?,?,00000000,004143BC,?,?,?,00000000,0000082C), ref: 00413D7B
                                                                                                                                                                                • Part of subcall function 00413D55: GetLastError.KERNEL32(?,?,00000000,004143BC,?,?,?,00000000,0000082C), ref: 00413D81
                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,0000000C), ref: 0041440F
                                                                                                                                                                              • LocalFree.KERNEL32(00000001,?,?,00000004,00414350), ref: 004144C7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Local$AllocErrorFreeHeapLastWalkmemset
                                                                                                                                                                              • String ID: %5d: %s: %d$%d/%d blocks. %d/%d bytes.$FREE$USED
                                                                                                                                                                              • API String ID: 1190838450-2685599970
                                                                                                                                                                              • Opcode ID: 1d68d13080b31e87b97ed17b4f06ce25b16c133892f61ed033b1b70c19b32f66
                                                                                                                                                                              • Instruction ID: f754cd6b9c1123bc93ce4cdd12f5625ebe3c5abc1e075393260bc557ae09bc0c
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d68d13080b31e87b97ed17b4f06ce25b16c133892f61ed033b1b70c19b32f66
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F410472E00219EFDB14DF95C981AEEB7B6FF84304F24406EE516E3291DB399D828B54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402BD5 Relevance: 10.6, APIs: 7, Instructions: 135windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,000006B1), ref: 00402C62
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000461,00000000,00000000), ref: 00402C7F
                                                                                                                                                                              • GetDlgItem.USER32(?,000006B1), ref: 00402C8A
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000043F,00000001,00000000), ref: 00402C97
                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000), ref: 00402C9E
                                                                                                                                                                              • EnableMenuItem.USER32(00000000,0000F060,-00000001), ref: 00402CBE
                                                                                                                                                                                • Part of subcall function 00401A63: GetDlgItem.USER32(?,000006B1), ref: 00401A77
                                                                                                                                                                                • Part of subcall function 00401A63: IsWindowVisible.USER32(00000000), ref: 00401A7E
                                                                                                                                                                                • Part of subcall function 00401A63: GetClientRect.USER32(?,?), ref: 00401A90
                                                                                                                                                                              • InvalidateRect.USER32(?,?,00000000,?), ref: 00402D32
                                                                                                                                                                                • Part of subcall function 004A75C5: CheckDlgButton.USER32(?,?,00000000), ref: 004A75D8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$MenuMessageRectSend$ButtonCheckClientEnableInvalidateSystemVisibleWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3923702586-0
                                                                                                                                                                              • Opcode ID: e7b0ea7e86ff033d81d4988255a3b32e10344c60ed6b66e7d4bdc3c12f4eb0cb
                                                                                                                                                                              • Instruction ID: b978cf47dcc0798cb8049ed66cc471be07609a257c59484e0767d863b01884d6
                                                                                                                                                                              • Opcode Fuzzy Hash: e7b0ea7e86ff033d81d4988255a3b32e10344c60ed6b66e7d4bdc3c12f4eb0cb
                                                                                                                                                                              • Instruction Fuzzy Hash: 79419571A00204ABDB24FBB6DD96CAE73B9AF95704B04443EF502B71D2DF7C69058B18
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00522CF7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@mallocmemcpystrchr
                                                                                                                                                                              • String ID: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./$t?S
                                                                                                                                                                              • API String ID: 3620176865-101077517
                                                                                                                                                                              • Opcode ID: a37c03e58d8e790faf1be915e59c413adc6a2e3e87e785fdd914075c99a08a1d
                                                                                                                                                                              • Instruction ID: 506854af95c2209536c11082f4b2088bc5945cd8f15c57db1f4e4f925288938a
                                                                                                                                                                              • Opcode Fuzzy Hash: a37c03e58d8e790faf1be915e59c413adc6a2e3e87e785fdd914075c99a08a1d
                                                                                                                                                                              • Instruction Fuzzy Hash: 4841563A2099A1BFD7164F2DA850BF67FA4FF53314F68418AD4818B293C531D947C3A0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045A781 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 118networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0045A7A6
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0045A8F0
                                                                                                                                                                                • Part of subcall function 0045A2F6: GetTickCount.KERNEL32 ref: 0045A300
                                                                                                                                                                                • Part of subcall function 0045A2F6: WSAGetLastError.WS2_32(00000000,?,?,00000000,?,?,0045A7BF,00000000,000003E8), ref: 0045A33C
                                                                                                                                                                                • Part of subcall function 0045A2F6: ??3@YAXPAX@Z.MSVCRT ref: 0045A358
                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 0045A7F5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountTick$ErrorLast$??3@
                                                                                                                                                                              • String ID: :$d$e
                                                                                                                                                                              • API String ID: 1794260698-2165143774
                                                                                                                                                                              • Opcode ID: cd743c6ca81e5e256a13765d36b6f81e00818c3e191122d871c464e018e9f9e0
                                                                                                                                                                              • Instruction ID: de6e7dc2ef2888449b6a7a17434a7dc4e3e94767758dcbda48f609c237accc2b
                                                                                                                                                                              • Opcode Fuzzy Hash: cd743c6ca81e5e256a13765d36b6f81e00818c3e191122d871c464e018e9f9e0
                                                                                                                                                                              • Instruction Fuzzy Hash: 1D41C971D042599EEF20EAA0D840AEF7779DF45309F00815BEE09A3143D7385E9E8B6A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004EADC7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                              • String ID: VBArray$toArray
                                                                                                                                                                              • API String ID: 2610073882-2368779641
                                                                                                                                                                              • Opcode ID: 4959821007da35a3d0f6b9906e28bed0d74f2d4adab7e9e036f34b9701eae66a
                                                                                                                                                                              • Instruction ID: 83eaa2d7cb2616f39b7bae08964f3627b6e45ee58c8058f0cab2a4bf44192248
                                                                                                                                                                              • Opcode Fuzzy Hash: 4959821007da35a3d0f6b9906e28bed0d74f2d4adab7e9e036f34b9701eae66a
                                                                                                                                                                              • Instruction Fuzzy Hash: 1741F8B1D00209AFDB14CFE9D884DDFBBB9EF89310F108559E515F7250E370AA058BA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004C65A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 114COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 004C66D8
                                                                                                                                                                                • Part of subcall function 0042797A: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000002,?,00000000,?,0041243F,?,00000000,004327DB,000000FF,74D65D50), ref: 004279AD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiTextWideWindow
                                                                                                                                                                              • String ID: <A HREF="%s">%s</A>$Take our survey.$http://update.utorrent.com/survey$main$uTorrent
                                                                                                                                                                              • API String ID: 190194728-4185351903
                                                                                                                                                                              • Opcode ID: cd9a9f66e4a639a4cddbf86a8d0d2d6eb12d7caf421a7185d38194844d95a54f
                                                                                                                                                                              • Instruction ID: 5023afdc520c0841e0f46a62bc371cf6ea47b558f51c321446b85e071c1176ff
                                                                                                                                                                              • Opcode Fuzzy Hash: cd9a9f66e4a639a4cddbf86a8d0d2d6eb12d7caf421a7185d38194844d95a54f
                                                                                                                                                                              • Instruction Fuzzy Hash: 10411975D00209AADF04FBE2D852AEEB7B4BF24304F50446EE40177292EF785A09CB99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042CC77 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl
                                                                                                                                                                              • String ID: 10.0.0.0$127.0.0.0$169.254.0.0$172.16.0.0$192.168.0.0
                                                                                                                                                                              • API String ID: 2009864989-708011033
                                                                                                                                                                              • Opcode ID: c8f18dd50be80d4ce2a89e2b228f54c93df2d5855ef6ccb8b3b1fe1bfa435fa3
                                                                                                                                                                              • Instruction ID: c6980f70c85613805f13978a4e38a3cfca463f6cf7e8360c1795e70d0fe65593
                                                                                                                                                                              • Opcode Fuzzy Hash: c8f18dd50be80d4ce2a89e2b228f54c93df2d5855ef6ccb8b3b1fe1bfa435fa3
                                                                                                                                                                              • Instruction Fuzzy Hash: 5D412A70B10E144EDF10DFA6A8C576F7FA15B65318FC4402BC44297351E63869CAEB9C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AEC46 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00411B56: GetFileAttributesW.KERNEL32(00000000,0042A150,005CB350,toolbar.log), ref: 00411B57
                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 004AECED
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004AED06
                                                                                                                                                                              • 73A1A570.USER32(?), ref: 004AED0F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: A570AttributesClientFileObjectRect
                                                                                                                                                                              • String ID: %s%s$BitTorrentAntivirus.exe$VirusGuard.exe
                                                                                                                                                                              • API String ID: 935103779-296448845
                                                                                                                                                                              • Opcode ID: 65a2cac92617b21601859e3df90467a240a38a9ecf4ffdb788b57941a64a3ab8
                                                                                                                                                                              • Instruction ID: 177c8b53c636fece6d8e79138293c0c0775e2f1b57eb4d03bc56e44e6ca7cad0
                                                                                                                                                                              • Opcode Fuzzy Hash: 65a2cac92617b21601859e3df90467a240a38a9ecf4ffdb788b57941a64a3ab8
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C311071900509AFDB14FBA6DD46CAFBBB8AF65304B00446EF412B3191EB38BA15DB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A4A5 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 79COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 0042A4C9
                                                                                                                                                                                • Part of subcall function 004523C2: RegOpenKeyExW.KERNEL32(?,?,00000000,00429CE6,?,Software\Wine,00429C64,80000002,Software\Wine,00020019,?,00000019,?), ref: 004523D9
                                                                                                                                                                                • Part of subcall function 00401D62: wcschr.MSVCRT ref: 00401D8D
                                                                                                                                                                              • wcstol.MSVCRT ref: 0042A553
                                                                                                                                                                              • _errno.MSVCRT ref: 0042A565
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Open_errnomemsetwcschrwcstol
                                                                                                                                                                              • String ID: Software\Microsoft\Internet Explorer$Version$content_offer_url
                                                                                                                                                                              • API String ID: 1156148893-3870382248
                                                                                                                                                                              • Opcode ID: a8d9eabed25c2abc5e81ef46ec1421a8f024a6cd8f9b18f7cf1d510bb8f97afb
                                                                                                                                                                              • Instruction ID: b464fbc701b60eab1af9c9cc4788eefd7e71b81c65d5f13d6515366b85685dbb
                                                                                                                                                                              • Opcode Fuzzy Hash: a8d9eabed25c2abc5e81ef46ec1421a8f024a6cd8f9b18f7cf1d510bb8f97afb
                                                                                                                                                                              • Instruction Fuzzy Hash: DB2181729402186ADB20FEF5DD829DF335CAF25304F10062FBD25B71D2EA789A19C6A5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0049421E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77encryptionmemoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,00000000), ref: 00494241
                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000000,?,00000004,00000000,00000000,00000000,00000000,0058A2B0,00000018,004944B3,?,00409A4F,00000000,00000000,00000004), ref: 00494277
                                                                                                                                                                              • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,00000000), ref: 00494292
                                                                                                                                                                              Strings
                                                                                                                                                                              • Unable to allocate memory for subject name., xrefs: 00494284
                                                                                                                                                                              • CertGetNameString failed., xrefs: 0049424D
                                                                                                                                                                              • BitTorrent Inc, xrefs: 0049429C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CertNameString$AllocLocal
                                                                                                                                                                              • String ID: BitTorrent Inc$CertGetNameString failed.$Unable to allocate memory for subject name.
                                                                                                                                                                              • API String ID: 174099292-1720966756
                                                                                                                                                                              • Opcode ID: 2c75860a646fe4e597768504b733b51f833f4de1a089248ccce459ce176cdb4c
                                                                                                                                                                              • Instruction ID: 8a4186f26cd144851b86c3f897c48b19ac9b80cc22eefcb2b7c32e7f25b89af5
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c75860a646fe4e597768504b733b51f833f4de1a089248ccce459ce176cdb4c
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C21A4B19002099EEF14AFA1CC81DBE7AB9FB59758B5002BEF111B22D0E6394D429629
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043282D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75filestringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _errno$fopenstrerror
                                                                                                                                                                              • String ID: Can't open log file '%s': %d %s$bt.log
                                                                                                                                                                              • API String ID: 445376529-1913546531
                                                                                                                                                                              • Opcode ID: c67a20c086cefc19641e6070a3671648ce00214eeec5a62db97c65f5e45ed861
                                                                                                                                                                              • Instruction ID: 983ee3dbaa3bed78d2e5073a8a56caaf7211fb53ee27b7bde4e93305eeb36509
                                                                                                                                                                              • Opcode Fuzzy Hash: c67a20c086cefc19641e6070a3671648ce00214eeec5a62db97c65f5e45ed861
                                                                                                                                                                              • Instruction Fuzzy Hash: DC214C30A043446AEF18BBB6D5525AE77A4AF29318F14966FF40157283DFFD4A84835C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040A101 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(?,00000006), ref: 0040A16F
                                                                                                                                                                                • Part of subcall function 00407A84: ShowWindow.USER32(?,?,?,00000000,00408632,00000001,00408784), ref: 00407AD0
                                                                                                                                                                                • Part of subcall function 00407A84: SetForegroundWindow.USER32(?), ref: 00407AD9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Show$Foreground
                                                                                                                                                                              • String ID: 0$WM_CLOSE$WM_ENDSESSION$WM_QUERYENDSESSION$WM_QUIT
                                                                                                                                                                              • API String ID: 184593246-2462547745
                                                                                                                                                                              • Opcode ID: 52ab3a390af0fc6c5d77c6c79fcf399cec8c26725348d33463c6090891f45d67
                                                                                                                                                                              • Instruction ID: 3505a9317fcfe3a4cdba552a3cd81f54c93b8a492152c55c17ecd53577464f7a
                                                                                                                                                                              • Opcode Fuzzy Hash: 52ab3a390af0fc6c5d77c6c79fcf399cec8c26725348d33463c6090891f45d67
                                                                                                                                                                              • Instruction Fuzzy Hash: 32112B715043119BDF285F59BC4197A3A99AB26344F18013FE403BE2C1C73D8869975F
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 005007ED Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(00000000,libvlc.dll,75C05540,?,?,?,005009FE,?,00000004,75C08FB0,00000000,?,?,?), ref: 0050084A
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,005009FE,?,00000004,75C08FB0,00000000,?,?,?), ref: 00500859
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,005009FE,?,00000004,75C08FB0,00000000,?,?,?), ref: 00500884
                                                                                                                                                                              • memset.MSVCRT ref: 00500897
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$ErrorFreeLastLoadmemset
                                                                                                                                                                              • String ID: libvlc.dll$libvlc_new
                                                                                                                                                                              • API String ID: 828483970-324028101
                                                                                                                                                                              • Opcode ID: 0ca5ba9c1ae91f8df9236405ae054d446a48eb03521fcd914a3e37e14764bc23
                                                                                                                                                                              • Instruction ID: ba42b857b4ce8c7c2885dcaac0f4903ffdb0a7b2879d6599a50239e2014d4d57
                                                                                                                                                                              • Opcode Fuzzy Hash: 0ca5ba9c1ae91f8df9236405ae054d446a48eb03521fcd914a3e37e14764bc23
                                                                                                                                                                              • Instruction Fuzzy Hash: 27112671940504ABDB20FFA0DD869AE7B68BF72304F10547EE101531D2EB742E4DEA94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B0D91 Relevance: 10.6, APIs: 7, Instructions: 67windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • 73A1A570.USER32(?), ref: 004B0DA2
                                                                                                                                                                                • Part of subcall function 004A9212: GetWindowTextLengthW.USER32 ref: 004A9220
                                                                                                                                                                                • Part of subcall function 004A9212: GetWindowTextW.USER32(?,00000000,00000001), ref: 004A9245
                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004B0DCC
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 004B0DDA
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004B0DE9
                                                                                                                                                                              • DrawTextW.USER32(00000000,00000000,00000000,?,00000402), ref: 004B0E0B
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004B0E15
                                                                                                                                                                              • MoveWindow.USER32(?,?,00000010,?,?,00000000), ref: 004B0E47
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: TextWindow$ObjectSelect$A570ClientDrawLengthMessageMoveRectSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 397678153-0
                                                                                                                                                                              • Opcode ID: cb47bf0f9f080eee19727307f8a9070bef763b49301277c731ef6446487e59a2
                                                                                                                                                                              • Instruction ID: ce9054bf95519819ac0a1094b1b3a311cd36c21f1caec98d9805eab1fd133514
                                                                                                                                                                              • Opcode Fuzzy Hash: cb47bf0f9f080eee19727307f8a9070bef763b49301277c731ef6446487e59a2
                                                                                                                                                                              • Instruction Fuzzy Hash: F2213E71500209BFEB11EBB5CD46EEFBBBCEF64304F000569F202A21A1DB756E159B50
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B0CCF Relevance: 10.6, APIs: 7, Instructions: 64windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • 73A1A570.USER32(?), ref: 004B0CE0
                                                                                                                                                                                • Part of subcall function 004A9212: GetWindowTextLengthW.USER32 ref: 004A9220
                                                                                                                                                                                • Part of subcall function 004A9212: GetWindowTextW.USER32(?,00000000,00000001), ref: 004A9245
                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004B0D0A
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 004B0D18
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004B0D27
                                                                                                                                                                              • DrawTextW.USER32(00000000,00000000,00000000,?,00000400), ref: 004B0D49
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 004B0D53
                                                                                                                                                                              • MoveWindow.USER32(?,00000003,0000000E,?,?,00000000), ref: 004B0D7C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: TextWindow$ObjectSelect$A570ClientDrawLengthMessageMoveRectSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 397678153-0
                                                                                                                                                                              • Opcode ID: 15dd761aef940aafeb797cdeb05b2ab891908c6cfb20ebc3f28a82aa9dd53c6d
                                                                                                                                                                              • Instruction ID: e4368fcf33dd059b126dbee3a396963f1dcd92cf22bc5df093a4a5c7cdb9bcc0
                                                                                                                                                                              • Opcode Fuzzy Hash: 15dd761aef940aafeb797cdeb05b2ab891908c6cfb20ebc3f28a82aa9dd53c6d
                                                                                                                                                                              • Instruction Fuzzy Hash: 53212E71540209BFEB21ABA5DD46FEFBBBCEF68304F100469F202A21A1DB756A15DB50
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A30D Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDateFormatA.KERNEL32(00000400,00000000,00000000,yyyy'-'MM'-'dd,?,00000030,00000000,005C5A40), ref: 0042A33C
                                                                                                                                                                              • GetTimeFormatA.KERNEL32(00000400,00000000,00000000,HH':'mm':'ss',?,00000030), ref: 0042A35B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Format$DateTime
                                                                                                                                                                              • String ID: $%.2d:%.2d:%.2d$HH':'mm':'ss'$yyyy'-'MM'-'dd
                                                                                                                                                                              • API String ID: 2545834208-2972950147
                                                                                                                                                                              • Opcode ID: d82c01ada4995cd98241b91b35d314eb503bf3268a39d7e36b8e2bc3d109d9a7
                                                                                                                                                                              • Instruction ID: 7582f106159f08d669cd7d39a761369a48b6c0333c095d8f95d59bc137259eff
                                                                                                                                                                              • Opcode Fuzzy Hash: d82c01ada4995cd98241b91b35d314eb503bf3268a39d7e36b8e2bc3d109d9a7
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E11A072640318BAD720EB96DC05FAF3BACAF55704F00406AB905AA1D1D778AA45C765
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A8409 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 53COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0042920D: GetModuleHandleA.KERNEL32(rpcrt4.dll,?,?,0046C39B,?,?,?,?,?,0046C7D9), ref: 00429214
                                                                                                                                                                                • Part of subcall function 0042920D: LoadLibraryA.KERNEL32(rpcrt4.dll,?,?,?,?,0046C7D9), ref: 0042921F
                                                                                                                                                                                • Part of subcall function 0042920D: GetProcAddress.KERNEL32(00000000,UuidCreateSequential), ref: 0042922B
                                                                                                                                                                              • GetSystemMetrics.USER32(00000000), ref: 004A8475
                                                                                                                                                                              • GetSystemMetrics.USER32(00000001), ref: 004A847C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MetricsSystem$AddressHandleLibraryLoadModuleProc
                                                                                                                                                                              • String ID: ($GetMonitorInfoA$MonitorFromRect$user32
                                                                                                                                                                              • API String ID: 1407476281-3733725165
                                                                                                                                                                              • Opcode ID: 5eeacf96346e5c45863ea6740f37036dad41130e59f2f2ab0976205910a4fe96
                                                                                                                                                                              • Instruction ID: 9b0eb8ce874a8876e246c87ad3132bd1f73c3b25c423ac54d924b428a7e9d36b
                                                                                                                                                                              • Opcode Fuzzy Hash: 5eeacf96346e5c45863ea6740f37036dad41130e59f2f2ab0976205910a4fe96
                                                                                                                                                                              • Instruction Fuzzy Hash: 3201B571E00629ABDB10DBB5884599FBEE9EF59350F10843BE904E7240EAB89C018FE4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A81F2 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetPropA.USER32(?,MsgBoxData), ref: 004A8207
                                                                                                                                                                              • GetDlgItem.USER32(?,00000064), ref: 004A8222
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 004A823A
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 004A8252
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$ItemProp
                                                                                                                                                                              • String ID: MsgBoxData$d
                                                                                                                                                                              • API String ID: 3014033113-2167314668
                                                                                                                                                                              • Opcode ID: f3d601efea6020a4f463f8d281151a00c79069da4135ec1d309f139dfd815981
                                                                                                                                                                              • Instruction ID: 809a07091aa852c7573a0ddd1078e7c962b48b43f82cd262855d6c821bb5624d
                                                                                                                                                                              • Opcode Fuzzy Hash: f3d601efea6020a4f463f8d281151a00c79069da4135ec1d309f139dfd815981
                                                                                                                                                                              • Instruction Fuzzy Hash: 0801D632280249BBEF254F11DC06FBA3F64EF52BA0F044015FA04590E0CBB59952EB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B0EE8 Relevance: 10.5, APIs: 7, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(?,00000000,?,?,00000000,004B1889), ref: 004B0F0B
                                                                                                                                                                              • ShowWindow.USER32(?,00000000,?,00000000,004B1889), ref: 004B0F21
                                                                                                                                                                              • ShowWindow.USER32(?,00000000,?,00000000,004B1889), ref: 004B0F2A
                                                                                                                                                                              • ShowWindow.USER32(?,?,?,00000000,004B1889), ref: 004B0F40
                                                                                                                                                                              • ShowWindow.USER32(?,00000000,?,00000000,004B1889), ref: 004B0F4A
                                                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 004B0F5A
                                                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 004B0F64
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Show$Enable
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2939132127-0
                                                                                                                                                                              • Opcode ID: 17e75cd9818d0da16387bd88e705d2962b1fff7b6979503e2c3ff91a5d245a1b
                                                                                                                                                                              • Instruction ID: cb3bfddbfd4a50fceecc5f45839ead54e8af2ec47a9a75d5d384bd1de4158582
                                                                                                                                                                              • Opcode Fuzzy Hash: 17e75cd9818d0da16387bd88e705d2962b1fff7b6979503e2c3ff91a5d245a1b
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B018132254A49AED7212B36CC46FF7FBE9DFD1306F050839F1A9D11B0C6696C549E20
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0049A04A Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 265COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memset
                                                                                                                                                                              • String ID: (right here) ------^$ error$lexical$parse$unknown
                                                                                                                                                                              • API String ID: 2221118986-2467276436
                                                                                                                                                                              • Opcode ID: 558f365624fcc2300789c6928955afb21c12f3dca65213b71f02a3cfb5fddeb1
                                                                                                                                                                              • Instruction ID: 44a8ae3ef6608f418e8088cf4a2db80404ef1bb4c703c867e98a7170f4562dd8
                                                                                                                                                                              • Opcode Fuzzy Hash: 558f365624fcc2300789c6928955afb21c12f3dca65213b71f02a3cfb5fddeb1
                                                                                                                                                                              • Instruction Fuzzy Hash: 7B81573160464A8FCF15CE6884A87ABBFE2BF55304F1441BAC886DB341DA769D49C7C5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045C145 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 217COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                              • _strcmpi.MSVCRT ref: 0045C212
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentThread_strcmpi
                                                                                                                                                                              • String ID: ,$T$Torrent File Added$addcount$l+f
                                                                                                                                                                              • API String ID: 1949828769-3273385226
                                                                                                                                                                              • Opcode ID: 2be47b8e74ef522f45f60def1dc022f91db2670b4eea6cbf84decdc7e951c41c
                                                                                                                                                                              • Instruction ID: d312465828c023925e3ac565eb6a51e76c4ce8b3c09be303945d623691b3c8f3
                                                                                                                                                                              • Opcode Fuzzy Hash: 2be47b8e74ef522f45f60def1dc022f91db2670b4eea6cbf84decdc7e951c41c
                                                                                                                                                                              • Instruction Fuzzy Hash: E3818B74A007059FCB28DF66C4C0A6ABBF1BF58305F14856EED4587392DB38E848DB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00462A76 Relevance: 9.2, APIs: 6, Instructions: 168COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                                                              • Opcode ID: 67b072d660ed16f8e5af096619668a0fa23890a0b90633fb0d472f32fbce92b3
                                                                                                                                                                              • Instruction ID: f2c59c5df836c8d6a1918a2fd82c9f64deb8d11d8e2062e7c9259d3dd8aaad4c
                                                                                                                                                                              • Opcode Fuzzy Hash: 67b072d660ed16f8e5af096619668a0fa23890a0b90633fb0d472f32fbce92b3
                                                                                                                                                                              • Instruction Fuzzy Hash: AA51C071A00605FFCB15DFA5C991AAEBBB9FF08304F10412EE9099B351E779E910CB96
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00452D1E Relevance: 9.1, APIs: 6, Instructions: 138stringfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strchr$FileReadmemmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4120803536-0
                                                                                                                                                                              • Opcode ID: 5a9c385097d2178bb68fb9cb407910e489266c34c017838ec2c3c0f8e604f45c
                                                                                                                                                                              • Instruction ID: 3b1764db70bc5552c9149b80478a2d7dadf48b7aac97ad6558ac0cf236aff82e
                                                                                                                                                                              • Opcode Fuzzy Hash: 5a9c385097d2178bb68fb9cb407910e489266c34c017838ec2c3c0f8e604f45c
                                                                                                                                                                              • Instruction Fuzzy Hash: 5C411531500205AFDB14DF68DA45BAB77B8EF52355F14406FE842E7282DE78EA0DC768
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00492DE2 Relevance: 9.1, APIs: 6, Instructions: 102synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 00492DEB
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 00492E29
                                                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 00492E70
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 00492E88
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8,00000000,00000000,00000000,00000000), ref: 00492ECD
                                                                                                                                                                                • Part of subcall function 00492D50: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,74DF30D0,?,00492E9C,?,00000000), ref: 00492D72
                                                                                                                                                                                • Part of subcall function 00492D50: CreateThread.KERNEL32(00000000,00000000,Function_00092A3B,00000000,00000000,00000010), ref: 00492D88
                                                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 00492EC3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$CreateCriticalSection$EnterEventLeaveObjectSingleThreadWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1375185409-0
                                                                                                                                                                              • Opcode ID: fcfee1c5f8122ff3e7d685dbd374cf39e72be582fb83b5beb477d3013697f05c
                                                                                                                                                                              • Instruction ID: 89a4f2f4da2b94fc2155ff56a76e88ad4e5c9d2c4598730d2b579248d4f98cc8
                                                                                                                                                                              • Opcode Fuzzy Hash: fcfee1c5f8122ff3e7d685dbd374cf39e72be582fb83b5beb477d3013697f05c
                                                                                                                                                                              • Instruction Fuzzy Hash: 6931AF31600205BBEF14AB76CD85EAB3BADAF45308B04043FB406CB291DFA8EC41D668
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047EE5C Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                              • String ID: 3:numi%de$6:filter%d:$8:msg_typei%de$d$l+f
                                                                                                                                                                              • API String ID: 3510742995-1500958903
                                                                                                                                                                              • Opcode ID: 1dad3b3570b796e281be51d5f0c819ad7491bbcb3fdb2214d18a842ff56dbafc
                                                                                                                                                                              • Instruction ID: e10b98aa1405eb2f7e4aba0321b34667eecbbb76fa6e5dc07438d1bfdbb5c70a
                                                                                                                                                                              • Opcode Fuzzy Hash: 1dad3b3570b796e281be51d5f0c819ad7491bbcb3fdb2214d18a842ff56dbafc
                                                                                                                                                                              • Instruction Fuzzy Hash: 7E31FCB2A003456FE714DB7DDC41FEABBE9AB84308F0444AEE519D7382D7B85B448B54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00412080 Relevance: 9.1, APIs: 6, Instructions: 89synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • wcschr.MSVCRT ref: 0041209D
                                                                                                                                                                              • memset.MSVCRT ref: 004120D9
                                                                                                                                                                              • ShellExecuteExW.SHELL32(?), ref: 004120FD
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000493E0,?,00000000), ref: 00412114
                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00412125
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000000), ref: 00412142
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCodeExecuteExitHandleObjectProcessShellSingleWaitmemsetwcschr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1288696947-0
                                                                                                                                                                              • Opcode ID: f5baa430a8b50dda2f02a86b62914a779ed3cca2d8713d466b7e2e48fff52a7e
                                                                                                                                                                              • Instruction ID: ac0917bb577df32cf907c33a7578f5c1754de639b8f2e0a01d97d51b56865542
                                                                                                                                                                              • Opcode Fuzzy Hash: f5baa430a8b50dda2f02a86b62914a779ed3cca2d8713d466b7e2e48fff52a7e
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A21D071A00214BBEB20DF90DE45BEEB7B9EF54714F20012BEA42E2240E3B49D96C718
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00408790 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CD535: ??2@YAPAXI@Z.MSVCRT ref: 004CD546
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004087A9
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 004087B3
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,00000001), ref: 004087D7
                                                                                                                                                                                • Part of subcall function 00407B14: GetWindowRect.USER32(?,?), ref: 00407B24
                                                                                                                                                                              • SetMenu.USER32(?,?), ref: 00408806
                                                                                                                                                                              • SendMessageW.USER32(?,00000005,00000002,00000000), ref: 0040882B
                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00408839
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Rect$??2@CursorMenuMessageMoveSendShow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3049966935-0
                                                                                                                                                                              • Opcode ID: 0c639c71f71a2b405795d92f612de997e3be572243baf04ba5a9f5f48769156d
                                                                                                                                                                              • Instruction ID: 2553032fa113a6a4d8b9c502ef77d957a1710e18dc5905d31489eced922cd251
                                                                                                                                                                              • Opcode Fuzzy Hash: 0c639c71f71a2b405795d92f612de997e3be572243baf04ba5a9f5f48769156d
                                                                                                                                                                              • Instruction Fuzzy Hash: DE21F932640614ABEB211B70DD0AFAE7BB9FF15B00F004429F686A61E0DB75A805AF94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00526260 Relevance: 9.1, APIs: 6, Instructions: 63windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00526164: MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,00000000,000004FF), ref: 005261A2
                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(?,?,00000001,000003E8,000004FF), ref: 00526294
                                                                                                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 005262A5
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 005262AF
                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 005262B9
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,004AE298,?,?,?,?,?,{E3DC5C2B-082C-4800-8C52-B9F655B94D2C},?,?), ref: 005262D8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$MultipleObjectsWait$CloseDispatchHandleTranslate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4020387020-0
                                                                                                                                                                              • Opcode ID: cf407a881065830d2d74dd21f09c3c8155c587544cb71de4a4943ceeea1ae7ed
                                                                                                                                                                              • Instruction ID: db484ed006ac3448b26d953b2243a5e98dfed0057e8a4d0c241956cf060de5b0
                                                                                                                                                                              • Opcode Fuzzy Hash: cf407a881065830d2d74dd21f09c3c8155c587544cb71de4a4943ceeea1ae7ed
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C119475900756EFEB31AB64ADC886B7FADFF66745704083AF18292891D730FC4A9B10
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004ECCF6 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SafeArrayCreate.OLEAUT32(0000000C,00000001,?), ref: 004ECD16
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004ECD29
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004ECD47
                                                                                                                                                                              • VariantCopy.OLEAUT32(?,00000000), ref: 004ECD56
                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 004ECD67
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004ECD71
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ArrayInitSafe$ClearCopyCreateElement
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3108522287-0
                                                                                                                                                                              • Opcode ID: bd3632f5bd7b8e5f76c7bda471e809372b7e0178656ed95a8a72b862a513b231
                                                                                                                                                                              • Instruction ID: a75d4a26c00c657a6eb1b7a0caa20f88b743e683e73f877f265a8fc1b6df50f5
                                                                                                                                                                              • Opcode Fuzzy Hash: bd3632f5bd7b8e5f76c7bda471e809372b7e0178656ed95a8a72b862a513b231
                                                                                                                                                                              • Instruction Fuzzy Hash: 7D11D872A00218ABDF10DFA5CC84EDEBBB8FF08355F14442AE905EB200E774EA458B90
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004FC5A6 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                              • rand.MSVCRT ref: 004FC5DC
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004FC661
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004FC6B2
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004FC736
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$CountCurrentThreadTickrand
                                                                                                                                                                              • String ID: hostname
                                                                                                                                                                              • API String ID: 3141265122-3847340049
                                                                                                                                                                              • Opcode ID: 587a017c12122c920c32f50727dd521a5c76598bd5c19f67c6844c00598ff6c1
                                                                                                                                                                              • Instruction ID: 1bd9b7e0bcbad643d20f1a2ddd1a11e5f01337f4af31b1ae51fc5ff416d6acc4
                                                                                                                                                                              • Opcode Fuzzy Hash: 587a017c12122c920c32f50727dd521a5c76598bd5c19f67c6844c00598ff6c1
                                                                                                                                                                              • Instruction Fuzzy Hash: 3371707290010DAFDB14FBE5D9918FEB7B9AF54304B04046EE502B7291DB386E09CB68
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004FCB73 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 201COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004FCBE6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountCurrentThreadTick
                                                                                                                                                                              • String ID: btapp$remove$session$session has expired
                                                                                                                                                                              • API String ID: 1733964446-2759294940
                                                                                                                                                                              • Opcode ID: 0cefd2434f0c7f7f2eb83eb74b3aaa0eac1c47d61f25ce145b8266e34e7a216c
                                                                                                                                                                              • Instruction ID: 553a2acbc6f5ce423865f324172f0dd60ac9a9e33cdf2e23bfeec6ed5d9ef5c0
                                                                                                                                                                              • Opcode Fuzzy Hash: 0cefd2434f0c7f7f2eb83eb74b3aaa0eac1c47d61f25ce145b8266e34e7a216c
                                                                                                                                                                              • Instruction Fuzzy Hash: 55714C7150014C9BDB28FF66D992CED3BA9BF54308B10042FF916932A2DF79E949CB58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B00D4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 195windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MessageBoxW.USER32(00000000,0052DAA8,00000000), ref: 004B0144
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(?), ref: 004B02FF
                                                                                                                                                                              • SendMessageW.USER32(0000802C,00000000,?), ref: 004B031F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$IncrementInterlockedSend
                                                                                                                                                                              • String ID: * $$
                                                                                                                                                                              • API String ID: 1998375713-3954286860
                                                                                                                                                                              • Opcode ID: ea564a2ae030869e6a0819c30eaec7d529a5fee0352231eb20865bd9ff437720
                                                                                                                                                                              • Instruction ID: 0d4241fea94d245b3c0309f12e466d2c8432ef1c5e53ce174ccd32e8321572bd
                                                                                                                                                                              • Opcode Fuzzy Hash: ea564a2ae030869e6a0819c30eaec7d529a5fee0352231eb20865bd9ff437720
                                                                                                                                                                              • Instruction Fuzzy Hash: CF718E32E101189BDB58CFE9CC46AEFBBF5FB98315F14806AE500B7251CB799D058BA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00474CD8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: isspace
                                                                                                                                                                              • String ID: IpFilter invalid line: [%S]$ipfilter.dat
                                                                                                                                                                              • API String ID: 3785662208-2540145257
                                                                                                                                                                              • Opcode ID: e9bb6e047113e27b24214c9d2f90b68c566b6a8cf6acc916cc77cd6f3a1a6cb8
                                                                                                                                                                              • Instruction ID: c302529fcec6364fd729fcbf1b1ee97e86bcf724e458e2a0bc3ab78a59e25922
                                                                                                                                                                              • Opcode Fuzzy Hash: e9bb6e047113e27b24214c9d2f90b68c566b6a8cf6acc916cc77cd6f3a1a6cb8
                                                                                                                                                                              • Instruction Fuzzy Hash: C0612631C042589EDF21DBA5D841BFFBBF5AF95314F04808BE884AB281DBBC4A49C759
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040A1C1 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 171windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0040A2B2
                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000001,00000006), ref: 0040A2F1
                                                                                                                                                                                • Part of subcall function 00406D89: memset.MSVCRT ref: 00406DCF
                                                                                                                                                                                • Part of subcall function 00406D89: Shell_NotifyIconW.SHELL32(00000000,000003A8), ref: 00406F0C
                                                                                                                                                                                • Part of subcall function 00404847: UnregisterHotKey.USER32(?,00000001,00407247,00000000,00000000,0041783A), ref: 0040487C
                                                                                                                                                                                • Part of subcall function 00403673: PostMessageW.USER32(00008004,00000135,00000000,0043A46D), ref: 00403680
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$IconNotifyPostRectSendShell_UnregisterWindowmemset
                                                                                                                                                                              • String ID: @$uTorrent$l+f
                                                                                                                                                                              • API String ID: 1463350379-2719073362
                                                                                                                                                                              • Opcode ID: 053242a6768d50bb494068839e78bb9213323b30e4dace52b229e94f41ebd6b5
                                                                                                                                                                              • Instruction ID: 0cfa90f813cef4b35d8c4a133dadf3aa3c9ba1cca9f5d4351e59cc3d285bf618
                                                                                                                                                                              • Opcode Fuzzy Hash: 053242a6768d50bb494068839e78bb9213323b30e4dace52b229e94f41ebd6b5
                                                                                                                                                                              • Instruction Fuzzy Hash: 42511170600744AFD710EB76DC92FAE7BEAAF55308F00042FF556A72D2CB782909AB55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00436A93 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl$??3@
                                                                                                                                                                              • String ID: l+f
                                                                                                                                                                              • API String ID: 268964763-3090352694
                                                                                                                                                                              • Opcode ID: 6bdae0a27548ac6127d7bc21586a71d93f1b1dd390f7e832830c4e7c7c107cc9
                                                                                                                                                                              • Instruction ID: d05fd2c709abec22ecfd8f71c94825f4faf9b950296dded1841bfe96b2fa2265
                                                                                                                                                                              • Opcode Fuzzy Hash: 6bdae0a27548ac6127d7bc21586a71d93f1b1dd390f7e832830c4e7c7c107cc9
                                                                                                                                                                              • Instruction Fuzzy Hash: 28616A34A00212EFDB20EF99C591A5DF7B1FF08304F16A06AE951AB752DB38A954CF58
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0044E13C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 150windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • AppendMenuW.USER32(?,00000800,00000000,00533090), ref: 0044E19E
                                                                                                                                                                              • AppendMenuW.USER32(?,00000000,?,00000000), ref: 0044E2D5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AppendMenu
                                                                                                                                                                              • String ID: %s%s$.D$tD
                                                                                                                                                                              • API String ID: 3048259833-1311902298
                                                                                                                                                                              • Opcode ID: 2ed90f4eabf13656cfacfbd0aac8f7b8e87bc4c383ea5789073a91eceaad68f6
                                                                                                                                                                              • Instruction ID: 0850973c05538f369d5bdd231a9b60f8efc346e1b739c6e2836d6cb227cac7c2
                                                                                                                                                                              • Opcode Fuzzy Hash: 2ed90f4eabf13656cfacfbd0aac8f7b8e87bc4c383ea5789073a91eceaad68f6
                                                                                                                                                                              • Instruction Fuzzy Hash: BF512370900209AFEF14DF99C881BFEBBB4FF15300F04809AE451B72A2C778AA49DB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0049A2BB Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 134COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • abort.MSVCRT(?,00000000,?,00000000,?,?,?,00000001,00000000), ref: 0049A850
                                                                                                                                                                              Strings
                                                                                                                                                                              • trailing garbage, xrefs: 0049A32F
                                                                                                                                                                              • invalid token, internal error, xrefs: 0049A631
                                                                                                                                                                              • client cancelled parse via callback return value, xrefs: 0049A870
                                                                                                                                                                              • unallowed token at this point in JSON text, xrefs: 0049A61A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: abort
                                                                                                                                                                              • String ID: client cancelled parse via callback return value$invalid token, internal error$trailing garbage$unallowed token at this point in JSON text
                                                                                                                                                                              • API String ID: 4206212132-4206377903
                                                                                                                                                                              • Opcode ID: 0bee440ffed839cc43a62b835be856be75bfb0fe718107863a7970a4275a35c3
                                                                                                                                                                              • Instruction ID: 3343c71b68a3ade08b9157d0db93b82d4820b0582c783dbdef0d8469bec43ee4
                                                                                                                                                                              • Opcode Fuzzy Hash: 0bee440ffed839cc43a62b835be856be75bfb0fe718107863a7970a4275a35c3
                                                                                                                                                                              • Instruction Fuzzy Hash: DB518C74604744DFDB24DF15C484E66BBF4BF09310B048A6ED88687B62D779F80ACBA6
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047A917 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl$??2@htons
                                                                                                                                                                              • String ID: $
                                                                                                                                                                              • API String ID: 4229476549-3993045852
                                                                                                                                                                              • Opcode ID: c382c8b8528d799279cf6810b1dab1f6f55becafd3c54422dace995e48deecad
                                                                                                                                                                              • Instruction ID: 73e4b2c73130e658e097435f58894cae8108a1716dbd9a3b54a3d0350676f3ad
                                                                                                                                                                              • Opcode Fuzzy Hash: c382c8b8528d799279cf6810b1dab1f6f55becafd3c54422dace995e48deecad
                                                                                                                                                                              • Instruction Fuzzy Hash: DE41A2B1E00208EFCF18CF95D5846AEBBB1BF88314F2580AED605AB342D734A955CB55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AAD33 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,00000000,00000001), ref: 004AAE97
                                                                                                                                                                                • Part of subcall function 00401E78: wcsstr.MSVCRT ref: 00401EA6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExecuteShellwcsstr
                                                                                                                                                                              • String ID: http://$http://127.0.0.1:%d/search?q=%%s$http://www.bittorrent.com$https://
                                                                                                                                                                              • API String ID: 3824754012-3544209351
                                                                                                                                                                              • Opcode ID: 41d32067573963d6ae74b08bff69960f04a9db498dd01c2328e21340321bd60b
                                                                                                                                                                              • Instruction ID: 2b30ebe94031e70c1a68fd0bd99f18d59605624f3944cc3355be0e251f0e081d
                                                                                                                                                                              • Opcode Fuzzy Hash: 41d32067573963d6ae74b08bff69960f04a9db498dd01c2328e21340321bd60b
                                                                                                                                                                              • Instruction Fuzzy Hash: 93414071D401096ADF08FBE2D9928EEB778AF61304B10447FA402B72D2EF385F59C659
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00472DCE Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: wcschr$memcpy
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\uTorrent
                                                                                                                                                                              • API String ID: 2559618953-122624917
                                                                                                                                                                              • Opcode ID: f3e9947a5eb95adb9a98a5abd4d6fc18510ee4b36c2693d01f25d2ba42afb553
                                                                                                                                                                              • Instruction ID: 3e259626a84c81c52102b71d7167b5c1cb278210a137ae53769cc1942e67af6e
                                                                                                                                                                              • Opcode Fuzzy Hash: f3e9947a5eb95adb9a98a5abd4d6fc18510ee4b36c2693d01f25d2ba42afb553
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D313537500211ABCF269F54CA81DFBB7B8DF55394754C02BE84ADB240EBB4EE41C2A8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046C1C2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00429019: __aulldiv.LIBCMT ref: 0042903B
                                                                                                                                                                                • Part of subcall function 00429019: __aulldiv.LIBCMT ref: 00429066
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0046C1F7
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File__aulldiv$CreateCurrentPointerThread
                                                                                                                                                                              • String ID: %S [%d]: %S$%s: %s$Opening UPnP logfile$upnp_log.txt
                                                                                                                                                                              • API String ID: 4104914528-1961632578
                                                                                                                                                                              • Opcode ID: a65aff7765480f0ec72e676486bf2073c9e099c0907e2da2313aa395258b22b7
                                                                                                                                                                              • Instruction ID: 03ad13ae5147e89fa42caa4f41b7ebc3fa16df05654d41e14fd4940dcf2b5810
                                                                                                                                                                              • Opcode Fuzzy Hash: a65aff7765480f0ec72e676486bf2073c9e099c0907e2da2313aa395258b22b7
                                                                                                                                                                              • Instruction Fuzzy Hash: A6316071C00209AACB14FBE6DD96AEE7774BF10308F10496FA411771D2EB786A49CA59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AC985 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 004AC9A8
                                                                                                                                                                              • PostMessageW.USER32(00008036,00000000,00000000,badge), ref: 004ACA5F
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 004ACA71
                                                                                                                                                                                • Part of subcall function 0041EB7F: ??3@YAXPAX@Z.MSVCRT ref: 0041EB85
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@$MessagePost
                                                                                                                                                                              • String ID: badge$interval
                                                                                                                                                                              • API String ID: 160855325-2850146669
                                                                                                                                                                              • Opcode ID: 46254087bc430a82921e80971a317e10dda1c93b94f359005d70de1590252e0b
                                                                                                                                                                              • Instruction ID: d99ac5dc7073a8dd472954985acdb849987f6f1cd19620bac9acfb9d31a713a9
                                                                                                                                                                              • Opcode Fuzzy Hash: 46254087bc430a82921e80971a317e10dda1c93b94f359005d70de1590252e0b
                                                                                                                                                                              • Instruction Fuzzy Hash: CF31E375A00B04AFD764DB29DC82BAAB7F5BB65704F14851FE402D3780EBB8B9448A48
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B258C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 004B25A0
                                                                                                                                                                                • Part of subcall function 004A8488: GetWindowRect.USER32(00000000,?), ref: 004A8490
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,00000000,?,?,00000010), ref: 004B2609
                                                                                                                                                                                • Part of subcall function 004B24B2: SendMessageW.USER32(?,00000461,?,00000000), ref: 004B2561
                                                                                                                                                                                • Part of subcall function 004B24B2: SendMessageW.USER32(?,0000043F,00000001,00000000), ref: 004B257B
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,00000000,00000000,00000000,00000011), ref: 004B263E
                                                                                                                                                                              • SetRect.USER32(?,?,0000000F,?,?), ref: 004B2674
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$MessageRectSend$Show
                                                                                                                                                                              • String ID: rcTitle.right = %d
                                                                                                                                                                              • API String ID: 1036570083-1203016127
                                                                                                                                                                              • Opcode ID: cef5c2ad138d3d7bcc70c9f83cb21c6f0e5ee4026e41b5b5c9e26c4dc14f5234
                                                                                                                                                                              • Instruction ID: 33fd4accce84509c9c8960146a57de1131660bd2c121e3079679f4ab04705075
                                                                                                                                                                              • Opcode Fuzzy Hash: cef5c2ad138d3d7bcc70c9f83cb21c6f0e5ee4026e41b5b5c9e26c4dc14f5234
                                                                                                                                                                              • Instruction Fuzzy Hash: 57318E71A0060EAFDB20EBA5CD81DEFB7B9EF48308F104429F546A3251CA35AE15DB64
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00470BAB Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00423423: GetSystemTime.KERNEL32(00000000,00000000,0042A301,0041E70C), ref: 0042342D
                                                                                                                                                                                • Part of subcall function 00423423: SystemTimeToFileTime.KERNEL32(?,?), ref: 0042343B
                                                                                                                                                                              • fprintf.MSVCRT ref: 00470C62
                                                                                                                                                                              • fflush.MSVCRT ref: 00470C6D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Time$System$Filefflushfprintf
                                                                                                                                                                              • String ID: "%s":%Ld,$%s: %s$%s: %s
                                                                                                                                                                              • API String ID: 3970128186-3606852690
                                                                                                                                                                              • Opcode ID: 40304afab6f6c5d7956fa3d3ad841b2a1a6f380e51d47cd0f37e49bd3c1c3f90
                                                                                                                                                                              • Instruction ID: eaf384f7fff8022869fe49c1d823da7077a040acc7abf61ab4d6078df0cbefc0
                                                                                                                                                                              • Opcode Fuzzy Hash: 40304afab6f6c5d7956fa3d3ad841b2a1a6f380e51d47cd0f37e49bd3c1c3f90
                                                                                                                                                                              • Instruction Fuzzy Hash: 5711A171D00108AACB19FBA2D9529EE7B689B21348F04847EB406661D2EF7D5B1986C9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004D6292 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000003,80000000,80000000,80000000,80000000,?,00000000,00000000,0052C944), ref: 004D62BE
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000001,00000000), ref: 004D62D5
                                                                                                                                                                              • SendMessageW.USER32(0052C944,00000403,00000003,000001F4), ref: 004D62E5
                                                                                                                                                                              • SendMessageW.USER32(0052C944,00000418,00000000,0000012C), ref: 004D62F4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CreateWindow
                                                                                                                                                                              • String ID: tooltips_class32
                                                                                                                                                                              • API String ID: 2286652126-1918224756
                                                                                                                                                                              • Opcode ID: eb2696a86c31330be6916087e4d46cb3e32a25e3d7470fd221a5abda32dc4dac
                                                                                                                                                                              • Instruction ID: 3b448f4a3e21128ec0bbec9e6e742bf8dc86d7145ccec208e57af10127f372f5
                                                                                                                                                                              • Opcode Fuzzy Hash: eb2696a86c31330be6916087e4d46cb3e32a25e3d7470fd221a5abda32dc4dac
                                                                                                                                                                              • Instruction Fuzzy Hash: 77019EF1640305BFF3209F159C80E2BBBECEB98744F11482EFA88E32A0C2705C418B60
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AA3CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: fclosefopenfwrite
                                                                                                                                                                              • String ID: app$tmp
                                                                                                                                                                              • API String ID: 699583605-3198413074
                                                                                                                                                                              • Opcode ID: 38874f6e8408c2f15ca3b862ea5af1c77008b74e344e524d3b71b8a66880f125
                                                                                                                                                                              • Instruction ID: 0501c847b9456c0c2bc19cfebcf3f7819cde81328434e57135c152d6d39afd6f
                                                                                                                                                                              • Opcode Fuzzy Hash: 38874f6e8408c2f15ca3b862ea5af1c77008b74e344e524d3b71b8a66880f125
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E11E53160020466DB15B7A6C846ADFBBA99FA1718F0484AFF402273C1EFBE9F55C259
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A8860 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004A788B: GetClassNameA.USER32(?,?,00000040), ref: 004A789B
                                                                                                                                                                              • GetParent.USER32(?), ref: 004A8886
                                                                                                                                                                                • Part of subcall function 004A8488: GetWindowRect.USER32(00000000,?), ref: 004A8490
                                                                                                                                                                              • GetParent.USER32(?), ref: 004A8896
                                                                                                                                                                              • GetClientRect.USER32(00000000), ref: 004A8899
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 004A88C7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ParentRectWindow$ClassClientName
                                                                                                                                                                              • String ID: Button
                                                                                                                                                                              • API String ID: 2536788621-1034594571
                                                                                                                                                                              • Opcode ID: e1577225363ebb0babba6376dfc7e21518626efafd5601960920a0903d80704a
                                                                                                                                                                              • Instruction ID: 05267b762494cea724e6b74b32ec156256e0e76e035bd7a58fd8c5264414ec43
                                                                                                                                                                              • Opcode Fuzzy Hash: e1577225363ebb0babba6376dfc7e21518626efafd5601960920a0903d80704a
                                                                                                                                                                              • Instruction Fuzzy Hash: 09014071A00009AFDB10EBA8CC45DBE77BDEF5A310F084419F901E3240DB78F8068B50
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043257E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • fprintf.MSVCRT ref: 004325BD
                                                                                                                                                                              • fprintf.MSVCRT ref: 004325D7
                                                                                                                                                                              • fflush.MSVCRT ref: 004325E2
                                                                                                                                                                                • Part of subcall function 0042A30D: GetDateFormatA.KERNEL32(00000400,00000000,00000000,yyyy'-'MM'-'dd,?,00000030,00000000,005C5A40), ref: 0042A33C
                                                                                                                                                                                • Part of subcall function 0042A30D: GetTimeFormatA.KERNEL32(00000400,00000000,00000000,HH':'mm':'ss',?,00000030), ref: 0042A35B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Formatfprintf$DateTimefflush
                                                                                                                                                                              • String ID: %s$[%s] %s
                                                                                                                                                                              • API String ID: 3996786454-4130830515
                                                                                                                                                                              • Opcode ID: 6168e380b917906ac5f98a326f13e6125eb7fc93c75a47fcdf4a466363ded99e
                                                                                                                                                                              • Instruction ID: 135829933463104ad1c5b366ed224ac93e10135599eed972cac6904f23c76482
                                                                                                                                                                              • Opcode Fuzzy Hash: 6168e380b917906ac5f98a326f13e6125eb7fc93c75a47fcdf4a466363ded99e
                                                                                                                                                                              • Instruction Fuzzy Hash: 69F0A432500604F7CB24BB62DC16A9F77A9AF24318F14052FB406661E2EEBDAB54C69D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00432071 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlInitializeCriticalSection.NTDLL(005C595C), ref: 0043207E
                                                                                                                                                                              • RtlEnterCriticalSection.NTDLL(005C595C), ref: 00432085
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004320B1
                                                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(005C595C), ref: 004320D7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$CurrentEnterInitializeLeaveThread
                                                                                                                                                                              • String ID: \Y\
                                                                                                                                                                              • API String ID: 669643636-2470704388
                                                                                                                                                                              • Opcode ID: 5fba93bf9860fce43e5e2a8442f9285ea1dad9b499f6ebc46d918fb472b1f411
                                                                                                                                                                              • Instruction ID: 459b8e788ce80b9c7a791360f0acb3f8e7fffae8ac8a361421314dbe3ae96906
                                                                                                                                                                              • Opcode Fuzzy Hash: 5fba93bf9860fce43e5e2a8442f9285ea1dad9b499f6ebc46d918fb472b1f411
                                                                                                                                                                              • Instruction Fuzzy Hash: 23F0BBB5803A04DFA3209F9AAD0899EBFECEEB5360740019BE10596220E7B42589EA55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004320E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlEnterCriticalSection.NTDLL(005C595C), ref: 004320FF
                                                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(005C595C), ref: 00432124
                                                                                                                                                                              • RtlInitializeCriticalSection.NTDLL(005C5534), ref: 0043212B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                              • String ID: \Y\$dns
                                                                                                                                                                              • API String ID: 3991485460-4253489778
                                                                                                                                                                              • Opcode ID: 04427d39352a15411a9bec7546214ba0cbfac92ccbdeef503dd83c745154697e
                                                                                                                                                                              • Instruction ID: a5f6e9fbbae14f6bb51d2505f785ceb9b35620dc96afa72305ab0c568982e2d7
                                                                                                                                                                              • Opcode Fuzzy Hash: 04427d39352a15411a9bec7546214ba0cbfac92ccbdeef503dd83c745154697e
                                                                                                                                                                              • Instruction Fuzzy Hash: 3AE0EC36501114ABE71163E89C84FEF7B7CDF59714F000069F20192051DB641D0692B5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00450DEF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _strcmpi$strrchr
                                                                                                                                                                              • String ID: .com$.net
                                                                                                                                                                              • API String ID: 2110963804-1120753515
                                                                                                                                                                              • Opcode ID: 58411fc5e388c1791de9a47876ea882669dc5f3f26bc6e9c76bf912ea3a8d9b9
                                                                                                                                                                              • Instruction ID: 517ba2c07b54099f0766c49654c59d1d8f769e455f93742e5bdf3a97beb18013
                                                                                                                                                                              • Opcode Fuzzy Hash: 58411fc5e388c1791de9a47876ea882669dc5f3f26bc6e9c76bf912ea3a8d9b9
                                                                                                                                                                              • Instruction Fuzzy Hash: B0E0122B65DB2329A5683235BC039AF0B88DB17775B2A081FF840E81C6ED4DCC41409C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B613D Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 226COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004B61A6
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004B6333
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$CurrentThread
                                                                                                                                                                              • String ID: .btapp$TX\$http://apps.bittorrent.com
                                                                                                                                                                              • API String ID: 3520734267-700123122
                                                                                                                                                                              • Opcode ID: e422e40f7ade01a5830201480bb9c113f72f3c4e533b63e5b98ea01f0863c7f2
                                                                                                                                                                              • Instruction ID: e3f9c3a8e2f9dcdc18b50907ad2fab124fb4086b05d3214b4ecc254f0b5c210f
                                                                                                                                                                              • Opcode Fuzzy Hash: e422e40f7ade01a5830201480bb9c113f72f3c4e533b63e5b98ea01f0863c7f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 27815E719001099BCB14FFE2C9928EEBBB9AF54304B14446FE402772D2DF3CAA45CB68
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045C607 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 200COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@ErrorLastmemcpy
                                                                                                                                                                              • String ID: @$magnet:?
                                                                                                                                                                              • API String ID: 2881741357-993954933
                                                                                                                                                                              • Opcode ID: ba854fcc571e054ed8a055117c6f94ce136e86cafa4dbb1178524755f3edda79
                                                                                                                                                                              • Instruction ID: 36602ee73a1dd0f32de8ef4e4ba33f699ff05f50beac319a4fd8a2fa7f32f5ca
                                                                                                                                                                              • Opcode Fuzzy Hash: ba854fcc571e054ed8a055117c6f94ce136e86cafa4dbb1178524755f3edda79
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F818F74A007059FCB14EF7AC09169ABBF1BF48305B04846FE8198B752EB38E955CF89
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00502419 Relevance: 7.7, APIs: 5, Instructions: 184windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 005024A6
                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00502689), ref: 005024E2
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000007,?), ref: 00502569
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000000,?), ref: 00502592
                                                                                                                                                                                • Part of subcall function 0040E39D: memcpy.MSVCRT ref: 0040E3DB
                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 005025F6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$memcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3619243682-0
                                                                                                                                                                              • Opcode ID: ccc4948afa7f4204a4b1592393f35c41f6daaf087dc36828a6b180abe3182409
                                                                                                                                                                              • Instruction ID: cdde4338b794cb73f52881733da7afaa854d5b5d1273cf4f292c930d8f53e78f
                                                                                                                                                                              • Opcode Fuzzy Hash: ccc4948afa7f4204a4b1592393f35c41f6daaf087dc36828a6b180abe3182409
                                                                                                                                                                              • Instruction Fuzzy Hash: CA617A71A00348AFDF21DF64CC99BEE7BA9BF08314F04842DE656AA5D0D775E948CB24
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0044E8F3 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strchr
                                                                                                                                                                              • String ID: %Ld$false$true
                                                                                                                                                                              • API String ID: 2830005266-3753899566
                                                                                                                                                                              • Opcode ID: 6276530431b455279d2a410f9f818d5f597cbea64bac2426963922853316c06f
                                                                                                                                                                              • Instruction ID: 1687a80ac3b4b043a3f975b26b787cef0258d5b7230d3486552d448e2f702a22
                                                                                                                                                                              • Opcode Fuzzy Hash: 6276530431b455279d2a410f9f818d5f597cbea64bac2426963922853316c06f
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E5118B2A00209ABFB24DFAACC95AE97BA5FF44314F14401BFD05A73C1E639DE408759
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004806B8 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • Got Request while choked: %d:%d->%d, xrefs: 004807AB
                                                                                                                                                                              • Got Request: %d:%d->%d, xrefs: 004807CF
                                                                                                                                                                              • Got PieceRequest I don't have: %d:%d->%d, xrefs: 00480738
                                                                                                                                                                              • Got Bad Request in SS mode: %d:%d->%d, xrefs: 00480774
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@
                                                                                                                                                                              • String ID: Got Bad Request in SS mode: %d:%d->%d$Got PieceRequest I don't have: %d:%d->%d$Got Request while choked: %d:%d->%d$Got Request: %d:%d->%d
                                                                                                                                                                              • API String ID: 1033339047-3383152919
                                                                                                                                                                              • Opcode ID: e3fece4a9813bed44371d021180d91b0a5f5dd0b2914a4b8aaaae7aa8050f01e
                                                                                                                                                                              • Instruction ID: ce60c59addc86bcb293c349ae451fa739b09c0c38fcb59e80d4c11e3253f7fbb
                                                                                                                                                                              • Opcode Fuzzy Hash: e3fece4a9813bed44371d021180d91b0a5f5dd0b2914a4b8aaaae7aa8050f01e
                                                                                                                                                                              • Instruction Fuzzy Hash: B541F470110B48ABCB65EF25CC85FEF37A4BF0A304F04085EF859432A1C778A844DB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00434559 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 121stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004220B4: _wcsicmp.MSVCRT ref: 004220CD
                                                                                                                                                                                • Part of subcall function 0042A0AC: GetFileSize.KERNEL32(00000000,00000000,00000080,?,0042F675,?,00000000,00414236,?,00000000,00000000), ref: 0042A0C9
                                                                                                                                                                                • Part of subcall function 0042A0AC: SetLastError.KERNEL32(00000008), ref: 0042A0E5
                                                                                                                                                                                • Part of subcall function 0042A0AC: CloseHandle.KERNEL32(00000000), ref: 0042A117
                                                                                                                                                                              • strchr.MSVCRT ref: 004345DA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseErrorFileHandleLastSize_wcsicmpstrchr
                                                                                                                                                                              • String ID: "%S\$"%s\%S"$%S %S$run.txt
                                                                                                                                                                              • API String ID: 1897485748-2377998687
                                                                                                                                                                              • Opcode ID: a6aa20cb6140bebc4051962f0cb5af7563ac9e67bfd7590fcfb826c5ad398a4c
                                                                                                                                                                              • Instruction ID: 18060fa4c02dfd40b24612f72800c22283149a92dfca290cf2e08a8f5fc58747
                                                                                                                                                                              • Opcode Fuzzy Hash: a6aa20cb6140bebc4051962f0cb5af7563ac9e67bfd7590fcfb826c5ad398a4c
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A418271A00204ABCB08FFE6D896CEE7779EF94314F40046EF50267192EF796A45C758
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004643EB Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • ::0, xrefs: 004644F1
                                                                                                                                                                              • Unable to listen for HTTP traffic on v6 port %d, xrefs: 00464524
                                                                                                                                                                              • Unable to listen for HTTP traffic on port %d, xrefs: 004644BD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@
                                                                                                                                                                              • String ID: ::0$Unable to listen for HTTP traffic on port %d$Unable to listen for HTTP traffic on v6 port %d
                                                                                                                                                                              • API String ID: 1033339047-270136205
                                                                                                                                                                              • Opcode ID: 8f014fa5c5b7d947f8aff3b5b2c712546302d3640310af90e6faab9db40c5273
                                                                                                                                                                              • Instruction ID: ecce04bceee3ddc6ac3faa0a47a55c6678b32aefcd99da6ccc3e0a1747ab7cfc
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f014fa5c5b7d947f8aff3b5b2c712546302d3640310af90e6faab9db40c5273
                                                                                                                                                                              • Instruction Fuzzy Hash: EA31F635648B10AFDE10DB55BC96BBA7358ABA0718F14001FE500673E1EF682C499B9E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004DA9FE Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,00000572), ref: 004DAA24
                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000572,?), ref: 004DAA7B
                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000573,?), ref: 004DAA9E
                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000575,?), ref: 004DAAC9
                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000576,?), ref: 004DAAF9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$Text
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1601838975-0
                                                                                                                                                                              • Opcode ID: d97700539dc43740999e238030e4f890243f818feb83ef789f54495ed0545179
                                                                                                                                                                              • Instruction ID: 9304234dc32fc6e5ce2b063b66472fef8f589b274baac46f666b2a4329e4d7bd
                                                                                                                                                                              • Opcode Fuzzy Hash: d97700539dc43740999e238030e4f890243f818feb83ef789f54495ed0545179
                                                                                                                                                                              • Instruction Fuzzy Hash: CB3154F2D002096BDB14EFB5DC46EEF7BACAF04744F040127F619A2251E678E955CBA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004923B0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 92stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strstr
                                                                                                                                                                              • String ID: ?%I$Audio:$Video:
                                                                                                                                                                              • API String ID: 1392478783-508822851
                                                                                                                                                                              • Opcode ID: 190afe506a609fce6c076a6759e2e0325f943a8b53774e362ac8d4a7b79b3bda
                                                                                                                                                                              • Instruction ID: 92ea80a1d8c5dcffa8b5a66d844999b2d1364d2a4cf064da2b528ac001ef6421
                                                                                                                                                                              • Opcode Fuzzy Hash: 190afe506a609fce6c076a6759e2e0325f943a8b53774e362ac8d4a7b79b3bda
                                                                                                                                                                              • Instruction Fuzzy Hash: 8121E871A0011877CF04E6A5CE81EEE7BADAB55314F10407BA801E7282EEBC9E06C799
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046E6A9 Relevance: 7.6, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1035511824-0
                                                                                                                                                                              • Opcode ID: 9f1e6b9a2b55ad2d81fbc950f9d2f92712ceed16c887b16f557022703108f625
                                                                                                                                                                              • Instruction ID: 65515cc017d20a399d5f95eead4379c0eb67a9a0a1993c54bddc57a6e3c3ffcd
                                                                                                                                                                              • Opcode Fuzzy Hash: 9f1e6b9a2b55ad2d81fbc950f9d2f92712ceed16c887b16f557022703108f625
                                                                                                                                                                              • Instruction Fuzzy Hash: A631B471600B019FD324DF2AC886917BBE1AF15324B05C62EF1AA8B7F1EB75E845CB05
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402269 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040227B
                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 004022A0
                                                                                                                                                                              • GetSysColor.USER32(0000000E), ref: 004022BA
                                                                                                                                                                                • Part of subcall function 004AC217: FillRect.USER32(?,?,?), ref: 004AC230
                                                                                                                                                                              • GetSysColor.USER32(0000000A), ref: 004022D4
                                                                                                                                                                                • Part of subcall function 004AC217: SetBkColor.GDI32(?,?), ref: 004AC242
                                                                                                                                                                                • Part of subcall function 004AC217: ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004AC253
                                                                                                                                                                                • Part of subcall function 004AC217: SetBkColor.GDI32(?,?), ref: 004AC25E
                                                                                                                                                                              • EndPaint.USER32(?,?,?,00000000), ref: 0040233C
                                                                                                                                                                                • Part of subcall function 00401A63: GetDlgItem.USER32(?,000006B1), ref: 00401A77
                                                                                                                                                                                • Part of subcall function 00401A63: IsWindowVisible.USER32(00000000), ref: 00401A7E
                                                                                                                                                                                • Part of subcall function 00401A63: GetClientRect.USER32(?,?), ref: 00401A90
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Color$Rect$ClientPaint$BeginFillItemTextVisibleWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 63458918-0
                                                                                                                                                                              • Opcode ID: b3f69f664d7b20543adeaa6130a72231e028c2d5b606aa9de5bc9a6a8ef530ef
                                                                                                                                                                              • Instruction ID: 37dd2ffb22fba94b5671f14834c8d7109226e2b06654385f8a75fbadd7fe9b22
                                                                                                                                                                              • Opcode Fuzzy Hash: b3f69f664d7b20543adeaa6130a72231e028c2d5b606aa9de5bc9a6a8ef530ef
                                                                                                                                                                              • Instruction Fuzzy Hash: A2316B72900109EFCB15EBE1DC85DDFBBB8EF48304F00812AE516A61A0DB74AA05DB50
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004D452E Relevance: 7.6, APIs: 5, Instructions: 79windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004D454B
                                                                                                                                                                              • SendMessageW.USER32(?,0000108C,000000FF,00000000), ref: 004D4580
                                                                                                                                                                              • SendMessageW.USER32(?,0000120B,?,00000004), ref: 004D45A6
                                                                                                                                                                              • SendMessageW.USER32(?,0000120C,?,00000004), ref: 004D45E6
                                                                                                                                                                              • SendMessageW.USER32(?,0000108C,?,00000000), ref: 004D45FB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: 8b8507c7ffc9a58a684ab5e77d00fc1ad24ab61b451ca414218c66ce91866e50
                                                                                                                                                                              • Instruction ID: 5c0919d530cf95002430dae02b8af1328058e969453b1e06c626c625267abf8a
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b8507c7ffc9a58a684ab5e77d00fc1ad24ab61b451ca414218c66ce91866e50
                                                                                                                                                                              • Instruction Fuzzy Hash: F7216871A00209FBDF11DF98DD90E9DBBB4EB08324F108227E615A62A1C774AE55DB64
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047A0EC Relevance: 7.6, APIs: 5, Instructions: 77networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • htonl.WS2_32(00000008), ref: 0047A10D
                                                                                                                                                                              • htonl.WS2_32(00000014), ref: 0047A115
                                                                                                                                                                              • htonl.WS2_32(00000000), ref: 0047A11D
                                                                                                                                                                              • htons.WS2_32(?), ref: 0047A16D
                                                                                                                                                                              • htonl.WS2_32(?), ref: 0047A17D
                                                                                                                                                                                • Part of subcall function 0047440E: htonl.WS2_32(00000010), ref: 0047442B
                                                                                                                                                                                • Part of subcall function 0040E39D: memcpy.MSVCRT ref: 0040E3DB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl$htonsmemcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1741595619-0
                                                                                                                                                                              • Opcode ID: db0cda21b6c0d53b08b44dccaa4b8a0875ba58e91d751db2a5399c3c2bca4748
                                                                                                                                                                              • Instruction ID: a5e524acbedff9059f7ec223b82953c2c7755bf0c0d11dd616bbc21969a6cebc
                                                                                                                                                                              • Opcode Fuzzy Hash: db0cda21b6c0d53b08b44dccaa4b8a0875ba58e91d751db2a5399c3c2bca4748
                                                                                                                                                                              • Instruction Fuzzy Hash: 92218171600208AFDB14DF69CC81AAEBBF9EF84314F14C46AE949CB391E774D955CB60
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B862D Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcsicmp
                                                                                                                                                                              • String ID: "%s"$"%s" %s$Software\Microsoft\Windows\CurrentVersion\Run$uTorrent
                                                                                                                                                                              • API String ID: 2081463915-2549705978
                                                                                                                                                                              • Opcode ID: 747af7b40c99c2272c1893d723589fabc41c39fe9ec6c8a7366e21d33ec8dd59
                                                                                                                                                                              • Instruction ID: 04f774c01d2ca429de6891668fadc15464e4237ac28d6184bd07e7b2c0e5e336
                                                                                                                                                                              • Opcode Fuzzy Hash: 747af7b40c99c2272c1893d723589fabc41c39fe9ec6c8a7366e21d33ec8dd59
                                                                                                                                                                              • Instruction Fuzzy Hash: 32117A7214011A5BCB146A149C15AE7279CCB42358F08411BEC06DB381EDB8DE45C7FC
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BA920 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004BA931
                                                                                                                                                                                • Part of subcall function 004A7866: GetDlgItem.USER32(?,?), ref: 004A7873
                                                                                                                                                                              • DrawEdge.USER32(?,?,00000002,0000000F), ref: 004BA97B
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004BA984
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 004BA99D
                                                                                                                                                                              • DrawEdge.USER32(?,00000009,00000002,0000000F), ref: 004BA9D7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientDrawEdgeRect$ItemScreenWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4061803126-0
                                                                                                                                                                              • Opcode ID: 87a8869c9668823f87b2f971c13789530cad15a9759ad0dffd41c52e5e6b8c26
                                                                                                                                                                              • Instruction ID: 301e0e874d9418a2efbae65641100008f29efa45ef1df9a696c118c56fe77248
                                                                                                                                                                              • Opcode Fuzzy Hash: 87a8869c9668823f87b2f971c13789530cad15a9759ad0dffd41c52e5e6b8c26
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F212FB1A00209AFDF10EFA5DC46DEEBBB8EF54714F004026E901E7250D774AA46DFA1
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00404290 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004042A7
                                                                                                                                                                              • GetDlgItem.USER32(?,000001BC), ref: 004042BB
                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 004042C6
                                                                                                                                                                              • GetDlgItem.USER32(?,000001BC), ref: 004042CA
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 004042D3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientItemRect$ShowWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1660335662-0
                                                                                                                                                                              • Opcode ID: 08b620ae04ff617dd0f120dc3cf19b069a3a0b87b54599229accdbeeb29a08c9
                                                                                                                                                                              • Instruction ID: 103165e2f1c6fc39d8c7544b247f59da6f4cba1f93120fd17c64f832e99736fd
                                                                                                                                                                              • Opcode Fuzzy Hash: 08b620ae04ff617dd0f120dc3cf19b069a3a0b87b54599229accdbeeb29a08c9
                                                                                                                                                                              • Instruction Fuzzy Hash: A9011B719007199FDB20EFA5CD45BAABBF8FF49704F044419E545A7290D774B905CFA0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004D44CD Relevance: 7.5, APIs: 5, Instructions: 40windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 004D44E9
                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 004D44F8
                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00FF00FF), ref: 004D450D
                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00FF00FF), ref: 004D451A
                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,00FF00FF), ref: 004D4527
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Color
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3922397608-0
                                                                                                                                                                              • Opcode ID: 697a64366ed994215515174b81858efe7759f1877d5d8303589107f9193b0a11
                                                                                                                                                                              • Instruction ID: aa39e50c332953a9e856fbf40c33a8eeb3eea8b3c10dcef9f33a794da5f67fa0
                                                                                                                                                                              • Opcode Fuzzy Hash: 697a64366ed994215515174b81858efe7759f1877d5d8303589107f9193b0a11
                                                                                                                                                                              • Instruction Fuzzy Hash: 04F0543178021C7BE7315655DC45F56B799EB58F61F104122F704A6290CEA1BC505794
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AE9DA Relevance: 7.5, APIs: 5, Instructions: 38synchronizationthreadwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004AE534: FindWindowW.USER32(avhelper4823DF041B0,00000000), ref: 004AE53B
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 004AE9F4
                                                                                                                                                                              • OpenProcess.KERNEL32(00100000,00000000,?,?,004ADFE0,00002710,{A4D77A09-10EA-4574-8C09-9B6E1A21C95F},?,{E3DC5C2B-082C-4800-8C52-B9F655B94D2C},?,?), ref: 004AEA04
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000012,00000000,00000000), ref: 004AEA13
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,?,?,004ADFE0,00002710,{A4D77A09-10EA-4574-8C09-9B6E1A21C95F},?,{E3DC5C2B-082C-4800-8C52-B9F655B94D2C},?,?), ref: 004AEA1D
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,004ADFE0,00002710,{A4D77A09-10EA-4574-8C09-9B6E1A21C95F},?,{E3DC5C2B-082C-4800-8C52-B9F655B94D2C},?,?), ref: 004AEA26
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ProcessWindow$CloseFindHandleMessageObjectOpenPostSingleThreadWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 709601270-0
                                                                                                                                                                              • Opcode ID: 9f4a353a9e12d3ff9c4a8561485dccdc84ab44144aa2f8ed953c18a25eed624e
                                                                                                                                                                              • Instruction ID: a0c680a0485b058ec2095676e4e99285dde61ea2b6fc17d68c52bb6131999528
                                                                                                                                                                              • Opcode Fuzzy Hash: 9f4a353a9e12d3ff9c4a8561485dccdc84ab44144aa2f8ed953c18a25eed624e
                                                                                                                                                                              • Instruction Fuzzy Hash: 94F09A37500205BBEA2157A5AC0AF9E3BACAFAB750F100011F601D6090EBB8D902A765
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00496402 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 242COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aullrem
                                                                                                                                                                              • String ID: Could not send request to HTTP peer!$Requesting %d:%d->%d$keep-alive
                                                                                                                                                                              • API String ID: 3758378126-375052568
                                                                                                                                                                              • Opcode ID: 327ef3409118717a7de3a8ed58444e68554097408a20c540aa65361dac3377c0
                                                                                                                                                                              • Instruction ID: 4cfb20b32f4c14e1cec4dce64889ee36b737a2a526c9a306255f0af789dc5b0b
                                                                                                                                                                              • Opcode Fuzzy Hash: 327ef3409118717a7de3a8ed58444e68554097408a20c540aa65361dac3377c0
                                                                                                                                                                              • Instruction Fuzzy Hash: B4B10475E00209EFCB15CF99C580AAEFBF1BF48324F25856AE819A7351C774A941CF98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042679B Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                              • String ID: router.bittorrent.com$router.utorrent.com$l+f
                                                                                                                                                                              • API String ID: 613200358-2304823646
                                                                                                                                                                              • Opcode ID: 22a6e64ec437d8c437ff06dbc501484d058e0a5950d2ac82c5cdc3412e48ca9d
                                                                                                                                                                              • Instruction ID: 31eb676f6f3fbe223f100ac93ec26fb50677573b8872c294343cac1d37dacc65
                                                                                                                                                                              • Opcode Fuzzy Hash: 22a6e64ec437d8c437ff06dbc501484d058e0a5950d2ac82c5cdc3412e48ca9d
                                                                                                                                                                              • Instruction Fuzzy Hash: BE51DEB4700EA18FD714DFA9F884E1177E1E764314B96492FE442C7361EA78B8C8EB48
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00408A62 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: wcschr
                                                                                                                                                                              • String ID: http://
                                                                                                                                                                              • API String ID: 1497570035-1121587658
                                                                                                                                                                              • Opcode ID: a81a0451b80653473e0a08ae478bc0c0a47a4916b30ba5eb263ff92992732d94
                                                                                                                                                                              • Instruction ID: b3a95b4f2e833badc72ef72c61d9848e44c91669c86cb91771c0cc20186e2f68
                                                                                                                                                                              • Opcode Fuzzy Hash: a81a0451b80653473e0a08ae478bc0c0a47a4916b30ba5eb263ff92992732d94
                                                                                                                                                                              • Instruction Fuzzy Hash: CE51B3719001159FCB18EFA5C9519BFB3B4EF50304B54446EE482BB2D1EF78AE45CB98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00502D11 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004A7E94: ??2@YAPAXI@Z.MSVCRT ref: 004A7E9D
                                                                                                                                                                              • ShowWindow.USER32(?,00000000,00000000,00000200,00000001,00000000,?,?,00000000,00000000,00000000,00000000,?,00502EE8,00000001,00000000), ref: 00502E4C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@ShowWindow
                                                                                                                                                                              • String ID: bitdefender.btinstall$player.btinstall$transcode.btinstall
                                                                                                                                                                              • API String ID: 2327584742-1372724886
                                                                                                                                                                              • Opcode ID: 361e2b8a04a8d122e143d3c33da263fc2a905a0fa0194c5b6ae1d4f7d107ff81
                                                                                                                                                                              • Instruction ID: 8e500358fcc44e5b30aa005fde83c017bc976d77e7dab06885fcee1b8f1dada2
                                                                                                                                                                              • Opcode Fuzzy Hash: 361e2b8a04a8d122e143d3c33da263fc2a905a0fa0194c5b6ae1d4f7d107ff81
                                                                                                                                                                              • Instruction Fuzzy Hash: B941F8722442854ACB329F35CCA49BA7FEBBF22314F58096EE0D6876D2D622DC49D750
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0047498C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • %I.in-addr.arpa, xrefs: 004749AD
                                                                                                                                                                              • %c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.ip6.arpa, xrefs: 00474A81
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonl
                                                                                                                                                                              • String ID: %I.in-addr.arpa$%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.ip6.arpa
                                                                                                                                                                              • API String ID: 2009864989-3018543966
                                                                                                                                                                              • Opcode ID: 9c83f14ff364c5e6b0834340f3ae79f236f7203efef6260ad071389e39fe9992
                                                                                                                                                                              • Instruction ID: 1650ba9a1aba7de3f9e746ba2cb8ea0b73d149ec3eb0b6204e9d7b5d8d531b94
                                                                                                                                                                              • Opcode Fuzzy Hash: 9c83f14ff364c5e6b0834340f3ae79f236f7203efef6260ad071389e39fe9992
                                                                                                                                                                              • Instruction Fuzzy Hash: 0731E296108AE13DD3B29AFE4C21A77BFFD4D4E116308499BF6F6D1982D40CE604AB74
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00470D6F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00411ED6: GetTempPathW.KERNEL32(00000104,?,?,?), ref: 00411EF4
                                                                                                                                                                                • Part of subcall function 00411ED6: GetTempFileNameW.KERNEL32(00000000,utt,00000000,?,?,?), ref: 00411F0F
                                                                                                                                                                                • Part of subcall function 00411ED6: rand.MSVCRT ref: 00411F19
                                                                                                                                                                                • Part of subcall function 00411ED6: rand.MSVCRT ref: 00411F1F
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 00470E07
                                                                                                                                                                              • PostMessageW.USER32(0000808A,00000001,00000000,00000000), ref: 00470E7C
                                                                                                                                                                              Strings
                                                                                                                                                                              • --AdUnitGroup LoadAdTorrent Sending click to OpenX with cookie: %s., xrefs: 00470E55
                                                                                                                                                                              • torrent, xrefs: 00470E37
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Temprand$??2@FileMessageNamePathPost
                                                                                                                                                                              • String ID: --AdUnitGroup LoadAdTorrent Sending click to OpenX with cookie: %s.$torrent
                                                                                                                                                                              • API String ID: 2725416375-3498159682
                                                                                                                                                                              • Opcode ID: f3828fe269fc67eed4528ce845356c31664338a24542b10c31e45719d81e7af8
                                                                                                                                                                              • Instruction ID: 6d35dc9ef163a38b68d38f8f3e2df8e1c42802e33f535a56bbda136f6707ef23
                                                                                                                                                                              • Opcode Fuzzy Hash: f3828fe269fc67eed4528ce845356c31664338a24542b10c31e45719d81e7af8
                                                                                                                                                                              • Instruction Fuzzy Hash: CA318471E00219AADB14FBF2DC928EEBB79AF60308F04447EB501B71D2EF785A598654
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0048084A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • Got Cancel Unrequested: %d:%d->%d, xrefs: 00480924
                                                                                                                                                                              • Got Cancel In Queue: %d:%d->%d, xrefs: 0048094A
                                                                                                                                                                              • Got Cancel: %d:%d->%d, xrefs: 004808A1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                              • String ID: Got Cancel In Queue: %d:%d->%d$Got Cancel Unrequested: %d:%d->%d$Got Cancel: %d:%d->%d
                                                                                                                                                                              • API String ID: 613200358-2847145755
                                                                                                                                                                              • Opcode ID: 5f706c59cf18ea574d628d6d02cc1769fcbb225c8822c2adc2307b1b25ace897
                                                                                                                                                                              • Instruction ID: 2894556becf06f8fa22b555eaee32a85f03e3c021a65647a8f6017e1d8c02e9d
                                                                                                                                                                              • Opcode Fuzzy Hash: 5f706c59cf18ea574d628d6d02cc1769fcbb225c8822c2adc2307b1b25ace897
                                                                                                                                                                              • Instruction Fuzzy Hash: 773110B0620205AFEB64BF05CC81FAF3368AF14318F50881AF90516292D378AD85DB98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00422EFB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00422F99
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00422F9F
                                                                                                                                                                                • Part of subcall function 00422709: GetFileAttributesW.KERNEL32(0044549A,00000000,0044549A,00000000,00000000,?,0044549A,00000001,?,?,00000000,00428695), ref: 004227A7
                                                                                                                                                                                • Part of subcall function 0042A209: memcpy.MSVCRT ref: 0042A258
                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00422FD2
                                                                                                                                                                              Strings
                                                                                                                                                                              • Moving files from '%s' to '%s', xrefs: 00422F80
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Move$AttributesErrorLastmemcpy
                                                                                                                                                                              • String ID: Moving files from '%s' to '%s'
                                                                                                                                                                              • API String ID: 2710465471-632417994
                                                                                                                                                                              • Opcode ID: d95eb2730ba138f7e1f64859a7cf9b43ce67d1234a897f377616befa052aa813
                                                                                                                                                                              • Instruction ID: f103a1f6913eec4778b8ffa16ae4a108f3c0447f6887e67f442ebe01e0dead1a
                                                                                                                                                                              • Opcode Fuzzy Hash: d95eb2730ba138f7e1f64859a7cf9b43ce67d1234a897f377616befa052aa813
                                                                                                                                                                              • Instruction Fuzzy Hash: A2315831300120BBCB21AF56EE50EAE3B72AF54358F91401FF5454B2A2CBBADD45E359
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B23AC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00401E78: wcsstr.MSVCRT ref: 00401EA6
                                                                                                                                                                              • SendMessageW.USER32(?,00000461,?,00000000), ref: 004B247B
                                                                                                                                                                                • Part of subcall function 004B18C5: IsWindowVisible.USER32(?), ref: 004B18D5
                                                                                                                                                                                • Part of subcall function 004B18C5: SendMessageW.USER32(?,00000445,00000000,00040000), ref: 004B1909
                                                                                                                                                                                • Part of subcall function 004B18C5: GetSystemMetrics.USER32(00000010), ref: 004B191F
                                                                                                                                                                                • Part of subcall function 004B18C5: MoveWindow.USER32(?,00000000,00000000,00000000,00000001,00000000), ref: 004B194D
                                                                                                                                                                                • Part of subcall function 004B18C5: SendMessageW.USER32(?,00000441,00000000,00000000), ref: 004B1960
                                                                                                                                                                                • Part of subcall function 004B18C5: MoveWindow.USER32(?,00000000,00000000,?,00000001,00000000), ref: 004B19B4
                                                                                                                                                                                • Part of subcall function 004B18C5: SendMessageW.USER32(?,000000B3,00000000,?), ref: 004B19CA
                                                                                                                                                                                • Part of subcall function 004B18C5: SendMessageW.USER32(?,00000441,00000000,00000000), ref: 004B19D9
                                                                                                                                                                              • SendMessageW.USER32(?,0000043F,00000001,00000000), ref: 004B24A1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$Move$MetricsSystemVisiblewcsstr
                                                                                                                                                                              • String ID: .$:
                                                                                                                                                                              • API String ID: 3844966078-4202072812
                                                                                                                                                                              • Opcode ID: 2db7f6251bffff8c8a99b5e8ec1881cd10c84dc8a29e6060b45c326e28f9f027
                                                                                                                                                                              • Instruction ID: aca4bde0866cbb2d40d06a5a755911c71f899f6f2ea2558b4c3921b1f43d7551
                                                                                                                                                                              • Opcode Fuzzy Hash: 2db7f6251bffff8c8a99b5e8ec1881cd10c84dc8a29e6060b45c326e28f9f027
                                                                                                                                                                              • Instruction Fuzzy Hash: DC31B471500108BBDB10EFA9C881DEF7BADAF55348F10812FB506A71D1DBB89B45C7A9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004865D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysAllocString.OLEAUT32(TCP), ref: 0048666B
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0048668B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                                              • String ID: TCP$UDP
                                                                                                                                                                              • API String ID: 344208780-1097902612
                                                                                                                                                                              • Opcode ID: 9849c0b83394515eab3e4702f4ae34b626a6319ab6bdac2fe37f0c94a3a0525e
                                                                                                                                                                              • Instruction ID: 24ed083fc108d16b402d242ecbf5e4982d85e955ca93abd7ad9e1cd4febc8531
                                                                                                                                                                              • Opcode Fuzzy Hash: 9849c0b83394515eab3e4702f4ae34b626a6319ab6bdac2fe37f0c94a3a0525e
                                                                                                                                                                              • Instruction Fuzzy Hash: A2318171900284AFCF10AFA4C8989AEBBB8EF45314B1544ADE445E7311DB399D46CF14
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045A5B6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • htonl.WS2_32(?), ref: 0045A62B
                                                                                                                                                                              • htons.WS2_32(?), ref: 0045A642
                                                                                                                                                                              • recvfrom.WS2_32(?,?,00000240,00000000,?,00000001), ref: 0045A699
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonlhtonsrecvfrom
                                                                                                                                                                              • String ID: 8
                                                                                                                                                                              • API String ID: 3744731215-4194326291
                                                                                                                                                                              • Opcode ID: 6ec3dd08515962f754f873731ec46c1ff3dc553ee9083e1352f74dfe0a70a3c6
                                                                                                                                                                              • Instruction ID: d8673f5f2c4d6bba2db0e0893147d4d50696792dde795c8b94509ab3fec09804
                                                                                                                                                                              • Opcode Fuzzy Hash: 6ec3dd08515962f754f873731ec46c1ff3dc553ee9083e1352f74dfe0a70a3c6
                                                                                                                                                                              • Instruction Fuzzy Hash: 24212772800268ABDF20CF50CC44BFEBBB9BF01305F14425AED85A2182D3789AA9DB55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00422C54 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldiv$__aullrem
                                                                                                                                                                              • String ID: lA
                                                                                                                                                                              • API String ID: 2022606265-2320377057
                                                                                                                                                                              • Opcode ID: da9fa4ef4a80fbf2de8dada54cfca1f5ae39083eeac5c82f17a88b78cef193ac
                                                                                                                                                                              • Instruction ID: 4fc8d7fac23e89d3af420f1e0b4d227a5497737c0d7249b8c36ccd401f06a5e4
                                                                                                                                                                              • Opcode Fuzzy Hash: da9fa4ef4a80fbf2de8dada54cfca1f5ae39083eeac5c82f17a88b78cef193ac
                                                                                                                                                                              • Instruction Fuzzy Hash: 89115176200615AFC716CF59CD80C66F7A9FF49368355862AFC159B3A5C771AC20CBA0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B8574 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00452380: RegDeleteKeyW.ADVAPI32(00000000,00000000), ref: 00452399
                                                                                                                                                                              • SHChangeNotify.SHELL32(08000000,00002000,00000000,00000000), ref: 004B8614
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ChangeDeleteNotify
                                                                                                                                                                              • String ID: %s\OpenWithProgids$Software\Classes\%s$uTorrent
                                                                                                                                                                              • API String ID: 3372569710-3343436071
                                                                                                                                                                              • Opcode ID: 53caa6253d2cb37e004768ecae3989d349f2d0cc6f80891c93d6179723c6cc99
                                                                                                                                                                              • Instruction ID: 723143e7d8a868b73ccd07e5c50757a35bab2bb58163b2024378ebf0be712e49
                                                                                                                                                                              • Opcode Fuzzy Hash: 53caa6253d2cb37e004768ecae3989d349f2d0cc6f80891c93d6179723c6cc99
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D11217198010876DB14F7A2CD43FDE776C9F61308F0004AEB901B61C7EFB86B198599
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040EC58 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RemovePropW.USER32(?,00000000), ref: 0040EC9A
                                                                                                                                                                              • SetPropW.USER32(?,00000000,?), ref: 0040ECAD
                                                                                                                                                                              • GetPropW.USER32(?,00000000), ref: 0040ECC4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Prop$Remove
                                                                                                                                                                              • String ID: LTimer:%p
                                                                                                                                                                              • API String ID: 722682530-2758368644
                                                                                                                                                                              • Opcode ID: 5539a719e1f35f351a838b11846772cc2e47829a784810badab46e06696d337f
                                                                                                                                                                              • Instruction ID: b9ec260226e30766b63c90c0214d1950d0a00327e671362ba02c2795c3898e25
                                                                                                                                                                              • Opcode Fuzzy Hash: 5539a719e1f35f351a838b11846772cc2e47829a784810badab46e06696d337f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9401D871A08028BBD710AF66EC558EF7BBCEE01344B95807FF415F2190DB384F099664
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B2CBB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 004B2D3A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExecuteShell
                                                                                                                                                                              • String ID: /AUTOUPDATE "%s"$/AUTOUPDATE "%s" -1$open
                                                                                                                                                                              • API String ID: 587946157-2141477691
                                                                                                                                                                              • Opcode ID: 50ce99496af75cadd8a63da28884d8cf644e5e7325aac42a3669e81d34fdde42
                                                                                                                                                                              • Instruction ID: c470c80d9f70103154441d2f9591c5fc8bfb7fe3e1d45920515b595eb41abc39
                                                                                                                                                                              • Opcode Fuzzy Hash: 50ce99496af75cadd8a63da28884d8cf644e5e7325aac42a3669e81d34fdde42
                                                                                                                                                                              • Instruction Fuzzy Hash: E801C431D40218BAEB14F799CD87FEE7B78AF10304F14056AA011760D2DBBC6A4886A4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BC310 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42registryfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(80000001,Software\Conduit\ISM), ref: 004BC320
                                                                                                                                                                                • Part of subcall function 00401E78: wcsstr.MSVCRT ref: 00401EA6
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000,0053243C,00000000), ref: 004BC378
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Delete$Filewcsstr
                                                                                                                                                                              • String ID: END$Software\Conduit\ISM
                                                                                                                                                                              • API String ID: 2022427864-2549383058
                                                                                                                                                                              • Opcode ID: 2954bdb81fd7c28e9ad9bdb8469659caa7a37b03f89496238e99808e08a99b7f
                                                                                                                                                                              • Instruction ID: 57e5dcf180a6f4761ea3255a0af8af0185c1352af2ec55e1f9eaf0c0a96704ea
                                                                                                                                                                              • Opcode Fuzzy Hash: 2954bdb81fd7c28e9ad9bdb8469659caa7a37b03f89496238e99808e08a99b7f
                                                                                                                                                                              • Instruction Fuzzy Hash: FCF04460A40105BAEB18B7A2DC57EFE7B6C9F60708F40056E7902A61C2DF786B4586A8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A83B9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0042920D: GetModuleHandleA.KERNEL32(rpcrt4.dll,?,?,0046C39B,?,?,?,?,?,0046C7D9), ref: 00429214
                                                                                                                                                                                • Part of subcall function 0042920D: LoadLibraryA.KERNEL32(rpcrt4.dll,?,?,?,?,0046C7D9), ref: 0042921F
                                                                                                                                                                                • Part of subcall function 0042920D: GetProcAddress.KERNEL32(00000000,UuidCreateSequential), ref: 0042922B
                                                                                                                                                                              • GetSystemMetrics.USER32(00000000), ref: 004A83D7
                                                                                                                                                                              • GetSystemMetrics.USER32(00000001), ref: 004A83E5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MetricsSystem$AddressHandleLibraryLoadModuleProc
                                                                                                                                                                              • String ID: MonitorFromRect$user32
                                                                                                                                                                              • API String ID: 1407476281-2349534969
                                                                                                                                                                              • Opcode ID: f9b9e21c5d7f97be239bd20d765461d1305753c52a72ff758fb4e48264cbfa9e
                                                                                                                                                                              • Instruction ID: 0134576f1633bd1eb112cc40e31193c1302ad32461be7bcb4d4f5dbf1afb9846
                                                                                                                                                                              • Opcode Fuzzy Hash: f9b9e21c5d7f97be239bd20d765461d1305753c52a72ff758fb4e48264cbfa9e
                                                                                                                                                                              • Instruction Fuzzy Hash: F0F0A73164061696DF302679AC0077732D4DBB2B49F00843FD442DA1C2DE6ADC8647DD
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00424C73 Relevance: 6.6, APIs: 5, Instructions: 319COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@ErrorLastmemcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2881741357-0
                                                                                                                                                                              • Opcode ID: 55ebf10d55bab9c0bbf09faac588215430d123b5992ad909d4d99debc910ff0a
                                                                                                                                                                              • Instruction ID: ed3a0902a68c872c8c4550488456655ba09596bac3c3fdfb7f1e68d0222e5ec1
                                                                                                                                                                              • Opcode Fuzzy Hash: 55ebf10d55bab9c0bbf09faac588215430d123b5992ad909d4d99debc910ff0a
                                                                                                                                                                              • Instruction Fuzzy Hash: A2C19030B006259BDF28DF65E5807AE77B5EF84304F45801FE8069B281DB79DE45CB99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0045485F Relevance: 6.2, APIs: 4, Instructions: 215stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strtoul$_strcmpi
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 384229154-0
                                                                                                                                                                              • Opcode ID: ebceba5397900efd3b2cf0ebc2b274c8270c161efe59709df678e05fa714f8a7
                                                                                                                                                                              • Instruction ID: 3a974dd80f7d593cd03d2d259e315058f80b2ece6d8cb4f484466c6bcd30b024
                                                                                                                                                                              • Opcode Fuzzy Hash: ebceba5397900efd3b2cf0ebc2b274c8270c161efe59709df678e05fa714f8a7
                                                                                                                                                                              • Instruction Fuzzy Hash: 98718E70240601ABDB14AF26C495B7AB7A1AF8130EF18404AEC464F6D3D76DECE9C798
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00410117 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 205COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0040FAA6: ??2@YAPAXI@Z.MSVCRT ref: 0040FAB1
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0041029F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@
                                                                                                                                                                              • String ID: AdStats$adid$installedAds
                                                                                                                                                                              • API String ID: 1033339047-3431371720
                                                                                                                                                                              • Opcode ID: 25ba8fbf58376b68c9ef602de2634f3dc27efa81f552d0b2445b9163c934f940
                                                                                                                                                                              • Instruction ID: 59d2714dcb5dc8ade97a8e7e24c1b91965e4293a045004bd555f1ad52b5b2d5f
                                                                                                                                                                              • Opcode Fuzzy Hash: 25ba8fbf58376b68c9ef602de2634f3dc27efa81f552d0b2445b9163c934f940
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C617272D00118ABCF15FBE1D891CEEB7B9AF45344F10407FE512A7291EE789A85CB98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0051C606 Relevance: 6.2, APIs: 4, Instructions: 178COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??3@malloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3530088491-0
                                                                                                                                                                              • Opcode ID: de5ef015496849cbfb90c661c461f6b178b52391d4b13102345e98dd8b4c3ffc
                                                                                                                                                                              • Instruction ID: 510e53213f7c12ea5563f44906ee96b2d1afef3a08e51d4f3ab47e2855213d34
                                                                                                                                                                              • Opcode Fuzzy Hash: de5ef015496849cbfb90c661c461f6b178b52391d4b13102345e98dd8b4c3ffc
                                                                                                                                                                              • Instruction Fuzzy Hash: AC616672940208EFEF25DF98DC84AED7FB5FB08704F20441AFA159A290D7B69980DF90
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004620C3 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: wcsrchr$__aulldiv
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3297335345-0
                                                                                                                                                                              • Opcode ID: d4a0bfe4d3f041dcd24586178fddf1f350b1324dcec47a17c3565812e677aa98
                                                                                                                                                                              • Instruction ID: c3ec3bd12a56890ffc23ac0cda3a38bd2993f5abcd4c4a8d66218b9d3c746fe7
                                                                                                                                                                              • Opcode Fuzzy Hash: d4a0bfe4d3f041dcd24586178fddf1f350b1324dcec47a17c3565812e677aa98
                                                                                                                                                                              • Instruction Fuzzy Hash: D551E234704B02AFC714EF36C991A9BB3A5BF56314B10042FF55687391EB78E911CB99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004526CE Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 149stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: strchr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2830005266-3688684798
                                                                                                                                                                              • Opcode ID: 3a307eedc3b38840baede223fca9f6fb679110bd6151f3b0f3890b3ff00cce2c
                                                                                                                                                                              • Instruction ID: 355cdb98947c8d01bf48cb3d141a52d5f97ab4ab342d146580bf6c3de02d77b5
                                                                                                                                                                              • Opcode Fuzzy Hash: 3a307eedc3b38840baede223fca9f6fb679110bd6151f3b0f3890b3ff00cce2c
                                                                                                                                                                              • Instruction Fuzzy Hash: 395146319042569BCB21DF68C6806BEBBA5EF5B312F28415BDC8197343C3B88D49CB99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00438158 Relevance: 6.1, APIs: 4, Instructions: 147windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0043820C
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 0043828D
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004382CF
                                                                                                                                                                              • PostMessageW.USER32(0000804B,00000000,00000000), ref: 004382F0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$??3@CurrentMessagePostThread
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4226477263-0
                                                                                                                                                                              • Opcode ID: aaad7a691018e0b066097325591c1334fb069a99691d6c9bcd82d9d053e2009c
                                                                                                                                                                              • Instruction ID: 6ca9489ce7733e47c170e9e4f2c674a9388782608efa19dc8900dda9d36fafc1
                                                                                                                                                                              • Opcode Fuzzy Hash: aaad7a691018e0b066097325591c1334fb069a99691d6c9bcd82d9d053e2009c
                                                                                                                                                                              • Instruction Fuzzy Hash: 7141DC31A00104ABCF05FBA6C8529ED7765AF98308F0405AFF8057B2D2DF3C6E459799
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046E01E Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0046DFE1: ??3@YAXPAX@Z.MSVCRT ref: 0046DFF8
                                                                                                                                                                              • _strcmpi.MSVCRT ref: 0046E070
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0046E109
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 0046E148
                                                                                                                                                                              Strings
                                                                                                                                                                              • Can't accept '%s' as argument, xrefs: 0046E0A8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$??3@_strcmpi
                                                                                                                                                                              • String ID: Can't accept '%s' as argument
                                                                                                                                                                              • API String ID: 2946618951-4224817608
                                                                                                                                                                              • Opcode ID: 5e8ee0d5f80a5f0cf930084219a84d562a17f38eb4aa5edbc22f915771b95c61
                                                                                                                                                                              • Instruction ID: 52e16b70e7428b334ba18b5708eb3c87123e21d42944cccafb7c3a5f9300fb1b
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e8ee0d5f80a5f0cf930084219a84d562a17f38eb4aa5edbc22f915771b95c61
                                                                                                                                                                              • Instruction Fuzzy Hash: 4341A279A00215EFCB20DF66C8819ABB7F1FF05714B20843FE455D7291EA79E981DB06
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00414A04 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0040E39D: memcpy.MSVCRT ref: 0040E3DB
                                                                                                                                                                              • memset.MSVCRT ref: 00414A36
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpymemset
                                                                                                                                                                              • String ID: "$"$\u%04x
                                                                                                                                                                              • API String ID: 1297977491-3952281542
                                                                                                                                                                              • Opcode ID: 3da61eda292cce7d78754bbb6162ab3de90cdfc5248c198a725fd49b9a493113
                                                                                                                                                                              • Instruction ID: b74fa06637ea1bea52bb0f0fae1763f3ffef7358da72f5be54421db80e8628fd
                                                                                                                                                                              • Opcode Fuzzy Hash: 3da61eda292cce7d78754bbb6162ab3de90cdfc5248c198a725fd49b9a493113
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A41E6B1900108BADB10DA99D885EFF3F6DEF85398F14841BF50597281D278EE4587B9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A209 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(74DF20B0,74DEE010,00000000,00000000,?,00421B49,?,?,?,?,00000000,?,?,00000004), ref: 0042A23B
                                                                                                                                                                              • memcpy.MSVCRT ref: 0042A258
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00421B49,00000000,?,?,00421B49,?,?,?,?,00000000,?,?,00000004), ref: 0042A2B3
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00421B49,?,?,?,?,00000000,?,?,00000004), ref: 0042A2BD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$CreateDirectorymemcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2096187785-0
                                                                                                                                                                              • Opcode ID: f737fd5ccd4d76a865ba571459283b12dbedd2e90ff5c3e0208e825e38c30df9
                                                                                                                                                                              • Instruction ID: 7eca7fc95d92b67943442a80847b9795254fd6496bc8717867ca3a822e9737db
                                                                                                                                                                              • Opcode Fuzzy Hash: f737fd5ccd4d76a865ba571459283b12dbedd2e90ff5c3e0208e825e38c30df9
                                                                                                                                                                              • Instruction Fuzzy Hash: 5221F535B00622DBDB31AB54A801667B3A4EF25344B8085ABEC45C3381F76A9D5583BA
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00490CD0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _strcmpi_wcsicmp
                                                                                                                                                                              • String ID: XaT$udp
                                                                                                                                                                              • API String ID: 1333082093-2945679383
                                                                                                                                                                              • Opcode ID: 28e45fab626f9eda27dea6f62913cba098d6531462004d1406880e798798a132
                                                                                                                                                                              • Instruction ID: cb0629569ac93493eb44c13422bb20b43d81e546eb1149ffb098775a3a251e9a
                                                                                                                                                                              • Opcode Fuzzy Hash: 28e45fab626f9eda27dea6f62913cba098d6531462004d1406880e798798a132
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F21D831E04204ABDF24E7A6D8557EEBB659F51318F14413FE802A7282DE3DAD49C758
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004ACD2D Relevance: 6.1, APIs: 4, Instructions: 84filewindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004ACD9C
                                                                                                                                                                              • PostMessageW.USER32(00008082,00001337,00000000), ref: 004ACDCB
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000000), ref: 004ACDDC
                                                                                                                                                                              • ??3@YAXPAX@Z.MSVCRT ref: 004ACDEA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@??3@DeleteFileMessagePost
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2896198563-0
                                                                                                                                                                              • Opcode ID: 022f7fd64fd6ea84e222af778033da40c70285ce5294d430415c40e756a29724
                                                                                                                                                                              • Instruction ID: 9eb9af894bf02b1daef3af930dbe07c843f69519713ced8f39de0893920b5a50
                                                                                                                                                                              • Opcode Fuzzy Hash: 022f7fd64fd6ea84e222af778033da40c70285ce5294d430415c40e756a29724
                                                                                                                                                                              • Instruction Fuzzy Hash: 3D214934740201AADB556B7588D1ABB3FAA9F37318B14047FE482DB791DF2ADD058318
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004021C6 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 004021D8
                                                                                                                                                                              • 73A1A570.USER32(00000000), ref: 004021E1
                                                                                                                                                                                • Part of subcall function 004015D8: GetDlgItem.USER32(?,?), ref: 004015E2
                                                                                                                                                                                • Part of subcall function 004A7866: GetDlgItem.USER32(?,?), ref: 004A7873
                                                                                                                                                                              • DrawTextW.USER32(00000000,00000000,00000000,?,00000400), ref: 0040222E
                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000002), ref: 00402254
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$A570DrawTextWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2702251258-0
                                                                                                                                                                              • Opcode ID: cadf791d8dff75fae12c001e5c4c0e845250ed38cb89f8b190bf30efef86cf17
                                                                                                                                                                              • Instruction ID: f1128c77a73ac9f96ad7cb162ae990e16c4df77bcd85a6887991d9b97481041b
                                                                                                                                                                              • Opcode Fuzzy Hash: cadf791d8dff75fae12c001e5c4c0e845250ed38cb89f8b190bf30efef86cf17
                                                                                                                                                                              • Instruction Fuzzy Hash: CB116D72500108BBEB10EBA5DD4ADBF7B7CEF65714F00046AF902F6191DB34AE0597A4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004027BA Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 004027CC
                                                                                                                                                                              • 73A1A570.USER32(00000000), ref: 004027D5
                                                                                                                                                                                • Part of subcall function 004A7866: GetDlgItem.USER32(?,?), ref: 004A7873
                                                                                                                                                                              • DrawTextW.USER32(00000000,00000000,00000000,?,00000400), ref: 0040281D
                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000002), ref: 00402841
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$A570DrawTextWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2702251258-0
                                                                                                                                                                              • Opcode ID: 7289a15c398ecc612d8e118cd581b107de5be24662cea5c405878b812c445454
                                                                                                                                                                              • Instruction ID: aaeb3d94e892dd9a5394cc4a2b4a37934aab8a0352714e8423694c330b758bcc
                                                                                                                                                                              • Opcode Fuzzy Hash: 7289a15c398ecc612d8e118cd581b107de5be24662cea5c405878b812c445454
                                                                                                                                                                              • Instruction Fuzzy Hash: AD110A72500109BFEB15EBA5DD89CBF77BCEF55304B00446AF902E2151DB38AE0A9B65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004D635E Relevance: 6.1, APIs: 4, Instructions: 59windowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMessagePos.USER32 ref: 004D6381
                                                                                                                                                                              • GetMessageTime.USER32 ref: 004D63AA
                                                                                                                                                                              • SendMessageW.USER32(?,00000407,00000000,?), ref: 004D63D5
                                                                                                                                                                              • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004D63F6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$Send$Time
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3978401334-0
                                                                                                                                                                              • Opcode ID: 1c6b3b6ded6355e8d694bd0e03216ed3b0f6f27f2e7759ccb0e48a6de7cb53f0
                                                                                                                                                                              • Instruction ID: 46fd088e892f6f1f679b9d12b58a82dc4daf8d23a34bcc752a4a20047c682737
                                                                                                                                                                              • Opcode Fuzzy Hash: 1c6b3b6ded6355e8d694bd0e03216ed3b0f6f27f2e7759ccb0e48a6de7cb53f0
                                                                                                                                                                              • Instruction Fuzzy Hash: C811F675900719AFEB20CFA8C885A9EB7F4FB48710F10842AEA65B3781D374A9418B94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AA7E4 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000040C,00000000,00000000), ref: 004AA802
                                                                                                                                                                              • memset.MSVCRT ref: 004AA811
                                                                                                                                                                              • SendMessageW.USER32(?,0000041C,00000000,?), ref: 004AA835
                                                                                                                                                                              • SendMessageW.USER32(?,0000040B,00000000,?), ref: 004AA85D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2191228795-0
                                                                                                                                                                              • Opcode ID: bca9e3b1535d6f1a55c24c014f75697d886f53cfca5a765c105052a9d455643e
                                                                                                                                                                              • Instruction ID: 573962791d947ab355e82a112a144931dd113b0bafa472fbd88c01c708f05d28
                                                                                                                                                                              • Opcode Fuzzy Hash: bca9e3b1535d6f1a55c24c014f75697d886f53cfca5a765c105052a9d455643e
                                                                                                                                                                              • Instruction Fuzzy Hash: 27016571D00248BAEB1197D58D85FDFBFBCEB95700F10402BE600BA185D7B85945C765
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040E128 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                              • String ID: "%s":"%s",$y)G
                                                                                                                                                                              • API String ID: 3510742995-4158586944
                                                                                                                                                                              • Opcode ID: fd83a6f33f2df31bb035c1cd4ace61ca812518947d2d11a46cb77c255e9feaaf
                                                                                                                                                                              • Instruction ID: fc1aaec070ebc02c32c4327b716414acbbec0e749131a473c3e177f485fff842
                                                                                                                                                                              • Opcode Fuzzy Hash: fd83a6f33f2df31bb035c1cd4ace61ca812518947d2d11a46cb77c255e9feaaf
                                                                                                                                                                              • Instruction Fuzzy Hash: 4501F575A00105ABCB11DF6AC881D9ABBE99F95344B04046EF940DB342EA3ADE148768
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004E079B Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 004E07AB
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 004E07D7
                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 004E0823
                                                                                                                                                                              • ShowWindow.USER32(?,00000005,?,?,?,0040946E,00000065), ref: 004E083B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$??2@ForegroundShowText
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1495964607-0
                                                                                                                                                                              • Opcode ID: 92d31af8317306912dc60cc44fea11fde35c9e155902b61206d15acfce04210d
                                                                                                                                                                              • Instruction ID: 5ea43e99bc62242651a9b58f96336adc7b4f500b4cb4a1634dc73705404ff0d3
                                                                                                                                                                              • Opcode Fuzzy Hash: 92d31af8317306912dc60cc44fea11fde35c9e155902b61206d15acfce04210d
                                                                                                                                                                              • Instruction Fuzzy Hash: 2A01C2302005019FEF186776EC0BE2A3B989F25318F10406EF101DB2E6DB78ED499B19
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00486ADF Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: memcpy$??3@
                                                                                                                                                                              • String ID: </div></html>
                                                                                                                                                                              • API String ID: 3314356048-3121837374
                                                                                                                                                                              • Opcode ID: 7d6edec0f66371b5708d0f0696d378caf0318228ef59b36af5a77eb3b6fdeff6
                                                                                                                                                                              • Instruction ID: 2ac942dc7a84c7d94c98e507e7d1a7c0719046fd04731fa7dd66f771fa7c954b
                                                                                                                                                                              • Opcode Fuzzy Hash: 7d6edec0f66371b5708d0f0696d378caf0318228ef59b36af5a77eb3b6fdeff6
                                                                                                                                                                              • Instruction Fuzzy Hash: FB012C7670010DABCF00EFAADD82DDE7BA9EF4525C7140029F905A3202D636EE24DB64
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004323BA Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 44stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00431EEF: RtlEnterCriticalSection.NTDLL(005C47C8), ref: 00431EFB
                                                                                                                                                                                • Part of subcall function 00431EEF: RtlEnterCriticalSection.NTDLL(005C595C), ref: 00431F07
                                                                                                                                                                                • Part of subcall function 00431EEF: GetCurrentThreadId.KERNEL32 ref: 00431F50
                                                                                                                                                                                • Part of subcall function 00431EEF: GetCurrentThreadId.KERNEL32 ref: 00431F5C
                                                                                                                                                                                • Part of subcall function 00431EEF: RtlLeaveCriticalSection.NTDLL(005C595C), ref: 00431F63
                                                                                                                                                                                • Part of subcall function 004899F7: SuspendThread.KERNEL32(00000000), ref: 00489A42
                                                                                                                                                                                • Part of subcall function 004899F7: GetThreadContext.KERNEL32(00000000,00000000), ref: 00489A4F
                                                                                                                                                                                • Part of subcall function 004899F7: ResumeThread.KERNEL32(00000000), ref: 00489A69
                                                                                                                                                                                • Part of subcall function 004899F7: CloseHandle.KERNEL32(00000000), ref: 00489A70
                                                                                                                                                                              • strncpy.MSVCRT ref: 004323E9
                                                                                                                                                                              • strncpy.MSVCRT ref: 0043240C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$CriticalSection$CurrentEnterstrncpy$CloseContextHandleLeaveResumeSuspend
                                                                                                                                                                              • String ID: \Y\$hung
                                                                                                                                                                              • API String ID: 3183420773-451613513
                                                                                                                                                                              • Opcode ID: 4a55d9891a29b81075d9b9f737948de26fecc964c173607348f99af0669b0815
                                                                                                                                                                              • Instruction ID: 2ce29c9f2eda3cd7f6588d05dccd3710dd02a8ca38a7c23fb98a8968524b2b88
                                                                                                                                                                              • Opcode Fuzzy Hash: 4a55d9891a29b81075d9b9f737948de26fecc964c173607348f99af0669b0815
                                                                                                                                                                              • Instruction Fuzzy Hash: EBF0F4702006056FE604762AEC92B7B778D8FA9308F04002FFC4597382EE9D5C0583F9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AC217 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FillRect.USER32(?,?,?), ref: 004AC230
                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 004AC242
                                                                                                                                                                              • ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 004AC253
                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 004AC25E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Color$FillRectText
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 23977770-0
                                                                                                                                                                              • Opcode ID: 30111a37a51115d93f8e7076c39b2be945c288534a3f3dad25dee42f132e3a71
                                                                                                                                                                              • Instruction ID: a1271bdf53509973876f8dc7ffd6e2ecdbfc722c0ea87686154a1fb429a696f2
                                                                                                                                                                              • Opcode Fuzzy Hash: 30111a37a51115d93f8e7076c39b2be945c288534a3f3dad25dee42f132e3a71
                                                                                                                                                                              • Instruction Fuzzy Hash: B5F0FE7A50010CFFFB216F95DC84D7ABBADEF55399B11803AFA8485120C6725D15AB60
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043249F Relevance: 6.0, APIs: 4, Instructions: 37synchronizationsleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • Sleep.KERNEL32(00002710), ref: 004324B0
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000007D0), ref: 004324C8
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000007D0), ref: 004324E0
                                                                                                                                                                              • GetLastError.KERNEL32(00000104), ref: 004324F3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ObjectSingleWait$ErrorLastSleep
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 175909130-0
                                                                                                                                                                              • Opcode ID: a064b467296e0c348df49125a3cca4d7f2e414bad94b8f80f1223be93c14326d
                                                                                                                                                                              • Instruction ID: e95e6a338b4e7dfc31301c5d7d696b09e6b25205ba3be0432d441277167c1c9f
                                                                                                                                                                              • Opcode Fuzzy Hash: a064b467296e0c348df49125a3cca4d7f2e414bad94b8f80f1223be93c14326d
                                                                                                                                                                              • Instruction Fuzzy Hash: 03F02B307002186FE7109B24EC89C5B7B69EF54374F108222F915872D1C7B4AC52CA94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00490DC2 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT ref: 00490DEA
                                                                                                                                                                                • Part of subcall function 00478BA6: GetTickCount.KERNEL32 ref: 00478BD4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@CountTick
                                                                                                                                                                              • String ID: ShareTorrentObserver$data$type
                                                                                                                                                                              • API String ID: 1586335746-1427827294
                                                                                                                                                                              • Opcode ID: 30d4c0bc69bb297b70101b7b609328f1e8d151428b3edae1c04ff29fa45feb3d
                                                                                                                                                                              • Instruction ID: 6a25c055538dda54098fe94702fec03c952e44a21637a51e3a82ab208451d941
                                                                                                                                                                              • Opcode Fuzzy Hash: 30d4c0bc69bb297b70101b7b609328f1e8d151428b3edae1c04ff29fa45feb3d
                                                                                                                                                                              • Instruction Fuzzy Hash: 85E02223B886283BEE2420A62C02FBB5B5CC7C1B20F00083FB9009F2C2DC899D0002EC
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00526164 Relevance: 6.0, APIs: 4, Instructions: 35windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00526183
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 0052618D
                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 00526197
                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,00000000,000004FF), ref: 005261A2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$DispatchMultipleObjectsTranslateWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 771686389-0
                                                                                                                                                                              • Opcode ID: 969d056cc78a7988af1364e13045f318c65c153e8de6242e4c63461d6a525b3f
                                                                                                                                                                              • Instruction ID: 9960a80f378bc50c20506de3b142672534cf66902d54e4f0972db1f8a7fbd81e
                                                                                                                                                                              • Opcode Fuzzy Hash: 969d056cc78a7988af1364e13045f318c65c153e8de6242e4c63461d6a525b3f
                                                                                                                                                                              • Instruction Fuzzy Hash: 28F0C07290213A7BAA2167AAAC4CCDBBF6CDE573A57050421B605D2151D724B50AD7F0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AC4B4 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • 73A24D40.GDI32(?,?,?,?,?,?,?,?,00CC0020,?,004D51B7,?,?,?,?,?), ref: 004AC4D9
                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 004AC4E7
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004AC4F6
                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 004AC501
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DeleteObject$Select
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 207189511-0
                                                                                                                                                                              • Opcode ID: 77359aab9fc060854bc8fe9667b03833a4d884399289f2db6c0abf9fe361a5b8
                                                                                                                                                                              • Instruction ID: 3a35f468e84597fcc9934867a76d19f335f291d6661291c48399868dea211bda
                                                                                                                                                                              • Opcode Fuzzy Hash: 77359aab9fc060854bc8fe9667b03833a4d884399289f2db6c0abf9fe361a5b8
                                                                                                                                                                              • Instruction Fuzzy Hash: E901EF75200A00EFE3368F18E988D27BBF6FF597007108A1CE99683624DB31BC09DB60
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004D84D0 Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 004D84E6
                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 004D84FA
                                                                                                                                                                              • SendMessageW.USER32(?,0000111D,00000000,00FF00FF), ref: 004D8513
                                                                                                                                                                              • SendMessageW.USER32(?,0000111E,00000000,00FF00FF), ref: 004D8520
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ColorMessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 879081977-0
                                                                                                                                                                              • Opcode ID: 155b7f6ad387a2eef790ede1808ae910f5b8366eaa36eb2ee23c722d894b5cf7
                                                                                                                                                                              • Instruction ID: 49da70820efdbaaeb80e30ff5b48119d4415a0f42e543a63da326a77cdeb55c5
                                                                                                                                                                              • Opcode Fuzzy Hash: 155b7f6ad387a2eef790ede1808ae910f5b8366eaa36eb2ee23c722d894b5cf7
                                                                                                                                                                              • Instruction Fuzzy Hash: D5F06C313412247BE7215794EC46F56BB5CEB59B61F114032F704E73A1CF917C059B90
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00454C16 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00455460,?,?,0045655F,000000FF,00000001,?,?,?,?,?,?,?,?), ref: 00454C2F
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,?,00455460,?,?,0045655F,000000FF,00000001,?), ref: 00454C4A
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 00454C51
                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000), ref: 00454C54
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentHandleProcess$CloseDuplicate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1410216518-0
                                                                                                                                                                              • Opcode ID: d1a2073948c3aac2cea6610ef30d935273f4b4e43a37cb9a94e19b9c17137174
                                                                                                                                                                              • Instruction ID: 939cf1676b3acbc3f205723620e342c2ee44d27753a4652fc13b20f6dde56661
                                                                                                                                                                              • Opcode Fuzzy Hash: d1a2073948c3aac2cea6610ef30d935273f4b4e43a37cb9a94e19b9c17137174
                                                                                                                                                                              • Instruction Fuzzy Hash: 92F0B470101202ABD3215B289C49B1B7F68AFD1775F204716F565D61E1D374989AC714
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040650F Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 353COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CursorDestroy
                                                                                                                                                                              • String ID: [%dK] $%s%s%s%s
                                                                                                                                                                              • API String ID: 1272848555-727602753
                                                                                                                                                                              • Opcode ID: 49a204ea5c67b0b3f58cf7a7a8f4695f9a291e48e9af4f92a286b7395e05208f
                                                                                                                                                                              • Instruction ID: 46ac2b91ca41585318f0cf7f3cee3bdee7225ee7319ea5ee4b5e5ac3d4e661e4
                                                                                                                                                                              • Opcode Fuzzy Hash: 49a204ea5c67b0b3f58cf7a7a8f4695f9a291e48e9af4f92a286b7395e05208f
                                                                                                                                                                              • Instruction Fuzzy Hash: C8C1A4B15405089ADB15FF66DC52EEA3769AB31304F10043FF402661F2EF3DAA59DBA8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00460D1A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00460E35
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00460E86
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$AllocFree
                                                                                                                                                                              • String ID: UninstallString
                                                                                                                                                                              • API String ID: 344208780-1433857529
                                                                                                                                                                              • Opcode ID: 13412dee50f8518183445536d58260fc8c72c33046c3c6565bd0a4bce1e50126
                                                                                                                                                                              • Instruction ID: a7e5d972943e9868a328eaaf221960ccf8e4e1122cd8bf72021c242f5e501283
                                                                                                                                                                              • Opcode Fuzzy Hash: 13412dee50f8518183445536d58260fc8c72c33046c3c6565bd0a4bce1e50126
                                                                                                                                                                              • Instruction Fuzzy Hash: F6513A75A00215AFCB10DFE4C8C886EB7B9BF8931072409ADE546EB341DB3AED42CB51
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004FC99A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041AB7D: GetCurrentThreadId.KERNEL32 ref: 0041AB8D
                                                                                                                                                                                • Part of subcall function 004FC5A6: rand.MSVCRT ref: 004FC5DC
                                                                                                                                                                                • Part of subcall function 004FC5A6: ??2@YAPAXI@Z.MSVCRT ref: 004FC661
                                                                                                                                                                                • Part of subcall function 004FC5A6: ??2@YAPAXI@Z.MSVCRT ref: 004FC6B2
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004FC9BA
                                                                                                                                                                                • Part of subcall function 0040307B: ??2@YAPAXI@Z.MSVCRT ref: 0040308D
                                                                                                                                                                                • Part of subcall function 0040307B: memset.MSVCRT ref: 004030A2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ??2@$CountCurrentThreadTickmemsetrand
                                                                                                                                                                              • String ID: invalid queries parameter$session
                                                                                                                                                                              • API String ID: 1772985152-517951442
                                                                                                                                                                              • Opcode ID: 887574a5aee6a9e16cb928fbeac638a8cb8820e65b3fd418f7ff7275bb8aa499
                                                                                                                                                                              • Instruction ID: 9eb297e6ad688ff9f652cd5151f1277670daa1e912a9a0a4e7e852c26b9103bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 887574a5aee6a9e16cb928fbeac638a8cb8820e65b3fd418f7ff7275bb8aa499
                                                                                                                                                                              • Instruction Fuzzy Hash: CD513F71E0011CABCB18FBA2D9929EEBB79AF54344F10442FF502A7291DF386A45CB59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0042A858 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentProcess_wcsnicmp
                                                                                                                                                                              • String ID: %S:%.X+%.X,
                                                                                                                                                                              • API String ID: 2276989559-3895316571
                                                                                                                                                                              • Opcode ID: 356327133bb8a6268b8e848f1cd77767bf7ae986cfbdd05e9768e69ba1a5b043
                                                                                                                                                                              • Instruction ID: fef3d64f31307d9b47dedeec349b86a830104cf0f595cc5aaefe69fd0d0b77c5
                                                                                                                                                                              • Opcode Fuzzy Hash: 356327133bb8a6268b8e848f1cd77767bf7ae986cfbdd05e9768e69ba1a5b043
                                                                                                                                                                              • Instruction Fuzzy Hash: 9541A0B2E0021ADFCB10DF99D9859AF7BB4FF00301F45807AE915A7251D7389E51CB99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0044A1FB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0041215B: CreateFileW.KERNEL32(00000000,00008000,00000003,00000000,00000000,00000000,00000000,004B75F7,00000000,?), ref: 00412225
                                                                                                                                                                                • Part of subcall function 0041215B: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041223E
                                                                                                                                                                              • GetLastError.KERNEL32(00000080,?), ref: 0044A241
                                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 0044A283
                                                                                                                                                                                • Part of subcall function 00419846: ??3@YAXPAX@Z.MSVCRT ref: 00419847
                                                                                                                                                                              Strings
                                                                                                                                                                              • HTTP/1.1 200 OKServer: BitTorrent_DNA_Proxy/1.0Content-Type: application/x-bittorrentConnection: closeContent-Length: %dContent-Disposition: attachment; filename="%s"%s, xrefs: 0044A2BF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$??3@CreateErrorLastPointerRead
                                                                                                                                                                              • String ID: HTTP/1.1 200 OKServer: BitTorrent_DNA_Proxy/1.0Content-Type: application/x-bittorrentConnection: closeContent-Length: %dContent-Disposition: attachment; filename="%s"%s
                                                                                                                                                                              • API String ID: 2105359577-1897658685
                                                                                                                                                                              • Opcode ID: b5dba521a52fbddffcc6ce1929a5379699f7f23df6a521a571be3754a3d9957d
                                                                                                                                                                              • Instruction ID: 20ea94015218e0ea627efb8975377871a88fa5ae261478b8a0e89ebd0b4cdcfe
                                                                                                                                                                              • Opcode Fuzzy Hash: b5dba521a52fbddffcc6ce1929a5379699f7f23df6a521a571be3754a3d9957d
                                                                                                                                                                              • Instruction Fuzzy Hash: 7631E670A00108AFDB00FFA6CC928EEBBB5FF94304F10406EF90167292EB355A55CBA5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AE6B1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(005C588C,0000004A,000003E8,00000401), ref: 004AE76B
                                                                                                                                                                              Strings
                                                                                                                                                                              • {A4D77A09-10EA-4574-8C09-9B6E1A21C95F}, xrefs: 004AE700
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: {A4D77A09-10EA-4574-8C09-9B6E1A21C95F}
                                                                                                                                                                              • API String ID: 3850602802-2030013076
                                                                                                                                                                              • Opcode ID: e8d678e912ef3df329caaf414ce2a4cdd3a9db18394abcbd742602f92b063d30
                                                                                                                                                                              • Instruction ID: dd8529de0a74a1b894a649c65b4b34ac34cf061ced5aa7cfff65ddc1db6cc3eb
                                                                                                                                                                              • Opcode Fuzzy Hash: e8d678e912ef3df329caaf414ce2a4cdd3a9db18394abcbd742602f92b063d30
                                                                                                                                                                              • Instruction Fuzzy Hash: 2531E935600208AFCF14DF66D8816DE3BB5AF55308F0044AFE915AB382D778DA45DF55
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00482633 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • IpFilter disconnected peer %a, xrefs: 00482662
                                                                                                                                                                              • RangeBlock disconnected peer %a, xrefs: 00482708
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: IpFilter disconnected peer %a$RangeBlock disconnected peer %a
                                                                                                                                                                              • API String ID: 0-2597693799
                                                                                                                                                                              • Opcode ID: 99b3f8ca862c95f4201de312608e43547e4b174256579170933acd2e2ad6eab9
                                                                                                                                                                              • Instruction ID: 59d60a25dbc4a91c6f264099a465e0c91f48a8878c222b39e95082ad674f62e7
                                                                                                                                                                              • Opcode Fuzzy Hash: 99b3f8ca862c95f4201de312608e43547e4b174256579170933acd2e2ad6eab9
                                                                                                                                                                              • Instruction Fuzzy Hash: 6921267160060437CF19B7B68A57BEF779C5B51308F440C7FA446A32C3DAAD690A9369
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B24B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00401E78: wcsstr.MSVCRT ref: 00401EA6
                                                                                                                                                                              • SendMessageW.USER32(?,00000461,?,00000000), ref: 004B2561
                                                                                                                                                                              • SendMessageW.USER32(?,0000043F,00000001,00000000), ref: 004B257B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$wcsstr
                                                                                                                                                                              • String ID: :
                                                                                                                                                                              • API String ID: 2783579567-336475711
                                                                                                                                                                              • Opcode ID: daf1f343bce6057a7c50af8324c1a1ec226b420ea034df7119f879fcf06d9055
                                                                                                                                                                              • Instruction ID: b454f106ba0d4369b3ee224a6862baee52eee0365309baa37829922fd212993f
                                                                                                                                                                              • Opcode Fuzzy Hash: daf1f343bce6057a7c50af8324c1a1ec226b420ea034df7119f879fcf06d9055
                                                                                                                                                                              • Instruction Fuzzy Hash: E621F572500108BBDF14FBAACC81DEE77ADAFA4304F00406EB502A71D1DBB95B45C7A9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AA14B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • memset.MSVCRT ref: 004AA162
                                                                                                                                                                              • 73A1A570.USER32(00000000,?,?,00000000), ref: 004AA18C
                                                                                                                                                                                • Part of subcall function 00413CFE: InterlockedExchange.KERNEL32(005C442C,00000001), ref: 00413D09
                                                                                                                                                                                • Part of subcall function 00413CFE: CloseHandle.KERNEL32(00000000,NoMemoryThread,00000000,00000000,00413CC3,75F76854,00000000,?), ref: 00413D2E
                                                                                                                                                                                • Part of subcall function 00413CFE: Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,004BA8EA), ref: 00413D39
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: A570CloseExchangeHandleInterlockedSleepmemset
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 2115479994-3887548279
                                                                                                                                                                              • Opcode ID: 1eedd42cbd804400c017c90b701e33a834e052f32392fe078ac84ce32eb328fc
                                                                                                                                                                              • Instruction ID: 1eff2bfa0251cfc33f2c4d6466e1dfd0fcb4968474c4516a9b88611aab677738
                                                                                                                                                                              • Opcode Fuzzy Hash: 1eedd42cbd804400c017c90b701e33a834e052f32392fe078ac84ce32eb328fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 27114D71A01118BBCB10DFA5DC898CEBFB8EF59354F008026F905E6250E3349645CBA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004EAED1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004EAF22
                                                                                                                                                                              • VariantClear.OLEAUT32(00000000), ref: 004EAF4C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                              • String ID: Object
                                                                                                                                                                              • API String ID: 2610073882-2936123098
                                                                                                                                                                              • Opcode ID: 21011773f7a2c1cee1d0918c84bd1d7d82725a250bbc7bbed6a34e37e3babdd7
                                                                                                                                                                              • Instruction ID: 560b6ee6269aceccbdb1b7d919367beb6fedf85faba00619416012f28c784780
                                                                                                                                                                              • Opcode Fuzzy Hash: 21011773f7a2c1cee1d0918c84bd1d7d82725a250bbc7bbed6a34e37e3babdd7
                                                                                                                                                                              • Instruction Fuzzy Hash: 07118CB2E00509BBEB15CFA9CC44EEFB7B8EF49310F10411AFA15B7190D674AA058B65
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00456419 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(005C8E48), ref: 004564CD
                                                                                                                                                                                • Part of subcall function 004216B4: InterlockedExchangeAdd.KERNEL32(?,00000001), ref: 004216C4
                                                                                                                                                                                • Part of subcall function 004216B4: InterlockedExchangeAdd.KERNEL32(?,00000001), ref: 004216D8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Interlocked$Exchange$Increment
                                                                                                                                                                              • String ID: PE$nE
                                                                                                                                                                              • API String ID: 2596751350-426733436
                                                                                                                                                                              • Opcode ID: 1a1036ef87026a06ffea5b4802e5d9a843248e58b862714f77af68eff0698909
                                                                                                                                                                              • Instruction ID: 0b978de5ac8a32b33e31159a0c2922511f5b2b0a50d56a44c24d815e4a2364a0
                                                                                                                                                                              • Opcode Fuzzy Hash: 1a1036ef87026a06ffea5b4802e5d9a843248e58b862714f77af68eff0698909
                                                                                                                                                                              • Instruction Fuzzy Hash: E7219AB1905B948FC330CF6A9584446FFF4BA19714B808E2EA9DA87B11C7B4E508CF95
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004BA0C7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • toolbar.log, xrefs: 004BA0D0
                                                                                                                                                                              • default_offer: %d GetActiveToolbarName: %s, xrefs: 004BA0D1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: default_offer: %d GetActiveToolbarName: %s$toolbar.log
                                                                                                                                                                              • API String ID: 0-1900717709
                                                                                                                                                                              • Opcode ID: 00125199ee669f2dff45f31f0218aa48df96032cc2bbb74b9bb670589410af9e
                                                                                                                                                                              • Instruction ID: be40cac1f4eb26c1d387f216f1c2a672c12629056065b17b645946188cf444cd
                                                                                                                                                                              • Opcode Fuzzy Hash: 00125199ee669f2dff45f31f0218aa48df96032cc2bbb74b9bb670589410af9e
                                                                                                                                                                              • Instruction Fuzzy Hash: 8301CC749401089EDB10EB9ADC06AEEB77CAF74704F10406FD401E3291DB744F45DB96
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0044E06B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49keyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00427BCC: memcpy.MSVCRT ref: 00427BEA
                                                                                                                                                                              • MapVirtualKeyA.USER32(00000000,00000000), ref: 0044E0DB
                                                                                                                                                                              • GetKeyNameTextW.USER32(00000000,005C8830,00000020,?,?,?,0044E32E,?,?,0044E374), ref: 0044E0EC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: NameTextVirtualmemcpy
                                                                                                                                                                              • String ID: .D
                                                                                                                                                                              • API String ID: 4233507644-3625442119
                                                                                                                                                                              • Opcode ID: 741300aad61b8b1c746d8842be7388b2ea1280a5c035a53ce439f1228a7e1d0a
                                                                                                                                                                              • Instruction ID: 8aca2b7a965d2d523d37119cf59e21ca6c7df27b48d3bf30bed52611fc515c0d
                                                                                                                                                                              • Opcode Fuzzy Hash: 741300aad61b8b1c746d8842be7388b2ea1280a5c035a53ce439f1228a7e1d0a
                                                                                                                                                                              • Instruction Fuzzy Hash: C701A2617002314BF724162AAC48B6B769ABF95352F48852BE924873A0DEEDDC06979C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004AACAE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowTextW.USER32(?,?,0000082D), ref: 004AAD1B
                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 004AAD29
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                              • String ID: -
                                                                                                                                                                              • API String ID: 530164218-3695764949
                                                                                                                                                                              • Opcode ID: b15bf5ea9284ec76e9b59ab31128a81605c7b7bae496b29d06971cb5e550133b
                                                                                                                                                                              • Instruction ID: a495a07125e8f0bb4877ee62593e18c3433858faf502a1408f4a4b5cfc090a15
                                                                                                                                                                              • Opcode Fuzzy Hash: b15bf5ea9284ec76e9b59ab31128a81605c7b7bae496b29d06971cb5e550133b
                                                                                                                                                                              • Instruction Fuzzy Hash: F00184335002164BE7259B1CC844BFB33A9FF55755B05017AE946E3250EB64EE06C7E4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0044E33F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0044E2FA: ??2@YAPAXI@Z.MSVCRT ref: 0044E303
                                                                                                                                                                                • Part of subcall function 0044E2FA: CreateMenu.USER32 ref: 0044E316
                                                                                                                                                                              • GetMenuItemInfoA.USER32(00000000,?,00000000,?), ref: 0044E39D
                                                                                                                                                                              • SetMenuItemInfoA.USER32(00000000,?,00000000,00000030), ref: 0044E3B7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$InfoItem$??2@Create
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 1534957582-4108050209
                                                                                                                                                                              • Opcode ID: fa9514f17b8b33f6bea31d79cb035531d3894fd1472c53bbc2956ebb1b294f2d
                                                                                                                                                                              • Instruction ID: 0885b7d65ebe6595cb01dd92e0219a9fda19a5a6819fcd7917ed69f2942e67a1
                                                                                                                                                                              • Opcode Fuzzy Hash: fa9514f17b8b33f6bea31d79cb035531d3894fd1472c53bbc2956ebb1b294f2d
                                                                                                                                                                              • Instruction Fuzzy Hash: 7211A175800219AFEB11CF99C801BFEBBF8FF04300F14405AF941A7280D7749A49DBA0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B8B4A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000026,00000000,004BE612), ref: 004B8B51
                                                                                                                                                                              • memmove.MSVCRT ref: 004B8BA4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FolderPathSpecialmemmove
                                                                                                                                                                              • String ID: Program Files
                                                                                                                                                                              • API String ID: 417471335-278390858
                                                                                                                                                                              • Opcode ID: b9ad1dacb9ceab87bb1855a7284b4b5f5199d53ae536529da460739b37cb2a79
                                                                                                                                                                              • Instruction ID: 40a967f5f51cdd3804d0d63ddf33ac9cc0936bf059fe6b5c31019811a12d2f65
                                                                                                                                                                              • Opcode Fuzzy Hash: b9ad1dacb9ceab87bb1855a7284b4b5f5199d53ae536529da460739b37cb2a79
                                                                                                                                                                              • Instruction Fuzzy Hash: 550126716005018AD328DF38CC0ABB733A9EFA1344B88406DF501CB291FFA4AA05C2A8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00404078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?), ref: 00404096
                                                                                                                                                                              • MoveFileW.KERNEL32(?,00000000), ref: 004040BA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$DeleteMove
                                                                                                                                                                              • String ID: %s.loaded
                                                                                                                                                                              • API String ID: 2145525214-1769464180
                                                                                                                                                                              • Opcode ID: 11911960bb834f45d51b9c3536365c34d53c31a7c7ba6b0c9f35d56d2aeaa7f8
                                                                                                                                                                              • Instruction ID: 505885a390d5f3762be59f99a550ad22881db04095893403507f9fb415897ab2
                                                                                                                                                                              • Opcode Fuzzy Hash: 11911960bb834f45d51b9c3536365c34d53c31a7c7ba6b0c9f35d56d2aeaa7f8
                                                                                                                                                                              • Instruction Fuzzy Hash: AEF0FE725042146BDB247766EC05AAF7B9D9FB6754B04043FFE0077292DB39580893A9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0043024F Relevance: 5.3, APIs: 4, Instructions: 292COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                                                              • Opcode ID: 8cd15620c53831cbf52ed35f4464ce954594514c643ad997aa2a4b67b43879f0
                                                                                                                                                                              • Instruction ID: 7511839a9b8d2aae9a85223367e2b61eb8af7d42c9157107f1e1746b1beeb650
                                                                                                                                                                              • Opcode Fuzzy Hash: 8cd15620c53831cbf52ed35f4464ce954594514c643ad997aa2a4b67b43879f0
                                                                                                                                                                              • Instruction Fuzzy Hash: CAB1BE70D006689FDB11DFA584A17EEBBB0EB19314F10215FD892AB342C7385E46DF99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0046091C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoGetObject.OLE32(00000000,?,?,?), ref: 0046098A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Object
                                                                                                                                                                              • String ID: $$Elevation:Administrator!new:%s
                                                                                                                                                                              • API String ID: 2936123098-38078780
                                                                                                                                                                              • Opcode ID: e9409873bf1ffdd27b4886e0f9442758ac0753ae3768869014d73f3f92659c4b
                                                                                                                                                                              • Instruction ID: 8cf2a0b7e44c7f61bea14924ff10f22e6f8e5ee5d96f223d2053f60e5cce979a
                                                                                                                                                                              • Opcode Fuzzy Hash: e9409873bf1ffdd27b4886e0f9442758ac0753ae3768869014d73f3f92659c4b
                                                                                                                                                                              • Instruction Fuzzy Hash: FD0186B1900159AFDF10DB50DC09EDE77BCFB48704F004456F604B6180EBB5AB59CB64
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004A8ED3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004708FA: TlsGetValue.KERNEL32(00000015,00000000,00412446,?,00000000,004327DB,000000FF,74D65D50,?,?,0041AA3F,WSAEnumNetworkEvents error (%d),00000000), ref: 0047090F
                                                                                                                                                                                • Part of subcall function 004708FA: malloc.MSVCRT ref: 0047091E
                                                                                                                                                                                • Part of subcall function 004708FA: TlsSetValue.KERNEL32(00000000,00000000,?,?,0041AA3F,WSAEnumNetworkEvents error (%d),00000000), ref: 00470936
                                                                                                                                                                              • SetPropA.USER32(?,MsgBoxData,?), ref: 004A8F0F
                                                                                                                                                                              • CallNextHookEx.USER32(00000000,?,?,?), ref: 004A8F32
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value$CallHookNextPropmalloc
                                                                                                                                                                              • String ID: MsgBoxData
                                                                                                                                                                              • API String ID: 2721637341-1423917892
                                                                                                                                                                              • Opcode ID: 17658814865f4c5d738e63953f8af5f57279b427d6addef9371f1c9e490903a2
                                                                                                                                                                              • Instruction ID: c6baf9846828a4d27b7e7a61183301f2257f3a374f3045e571ab7e652ab12ade
                                                                                                                                                                              • Opcode Fuzzy Hash: 17658814865f4c5d738e63953f8af5f57279b427d6addef9371f1c9e490903a2
                                                                                                                                                                              • Instruction Fuzzy Hash: 79F08131402215FFDB216F51DC04B9ABB65EF22724F05800AF9092A161DB78AD50D7D9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004DAE8E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,0000065A), ref: 004DAEA5
                                                                                                                                                                              • SetDlgItemTextW.USER32(?,0000065A,00000000), ref: 004DAED6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$Text
                                                                                                                                                                              • String ID: %s %d%%
                                                                                                                                                                              • API String ID: 1601838975-928751998
                                                                                                                                                                              • Opcode ID: e1db9e43bde672b1a0ff7da7430ee8142b9baad3230875c00cba9814ee7e83bf
                                                                                                                                                                              • Instruction ID: 2f7e1f7511088de424cdb43410294817dceb47c7f29ddf2febd7eafa6ce140bc
                                                                                                                                                                              • Opcode Fuzzy Hash: e1db9e43bde672b1a0ff7da7430ee8142b9baad3230875c00cba9814ee7e83bf
                                                                                                                                                                              • Instruction Fuzzy Hash: DFF0B43260010977DB146BA6DC0997B7BACEFA5324B08802AF40C97251DB38E925C7E4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B2EFA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004B2F11
                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,?,00000100), ref: 004B2F2E
                                                                                                                                                                                • Part of subcall function 004B2D85: GetEnvironmentVariableW.KERNEL32(COMSPEC,?,00000104,80000001), ref: 004B2DA2
                                                                                                                                                                                • Part of subcall function 004B2D85: SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,00000000), ref: 004B2DBE
                                                                                                                                                                                • Part of subcall function 004B2D85: WinExec.KERNEL32(00000000,00000000), ref: 004B2ED4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: NamePath$EnvironmentExecFileFolderModuleShortSpecialVariable
                                                                                                                                                                              • String ID: del
                                                                                                                                                                              • API String ID: 2095991211-691712736
                                                                                                                                                                              • Opcode ID: f3931fc734bcf7396c50a5e1abcca7c080691eb1176c3d2a727f9da885c45514
                                                                                                                                                                              • Instruction ID: e7271bef6e69e468a0f4104d37b5e8ed8b0546b5e8b6111ead6c556544bbfce4
                                                                                                                                                                              • Opcode Fuzzy Hash: f3931fc734bcf7396c50a5e1abcca7c080691eb1176c3d2a727f9da885c45514
                                                                                                                                                                              • Instruction Fuzzy Hash: 6DF0547090030D9BDB10DB64DC89BD673BC6B14744F0444A5A619D3195D7F4D9C9DE54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004B68A1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 004B68B9
                                                                                                                                                                                • Part of subcall function 0044D85D: wcschr.MSVCRT ref: 0044D863
                                                                                                                                                                                • Part of subcall function 00411B56: GetFileAttributesW.KERNEL32(00000000,0042A150,005CB350,toolbar.log), ref: 00411B57
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AttributesModuleNamewcschr
                                                                                                                                                                              • String ID: .old$settings.dat
                                                                                                                                                                              • API String ID: 1606071513-1259847576
                                                                                                                                                                              • Opcode ID: f3be6830d266c0bbe286fbf7ff975b6688b37ec9645c8571824e0bab15f9c188
                                                                                                                                                                              • Instruction ID: cdef47c1cc50fbb916f22d57e15119e6fd8db36979c6b3e13f0ae3f688d978d5
                                                                                                                                                                              • Opcode Fuzzy Hash: f3be6830d266c0bbe286fbf7ff975b6688b37ec9645c8571824e0bab15f9c188
                                                                                                                                                                              • Instruction Fuzzy Hash: 39E0933050022857DF54B755DC55AEA37549F11304F0001A9F965571A3EF6C6D89C699
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0041A18E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,00421399,00000000,00000000), ref: 0041A1C1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Ioctl
                                                                                                                                                                              • String ID: `$failed to turn on keep alive
                                                                                                                                                                              • API String ID: 3041054344-647534630
                                                                                                                                                                              • Opcode ID: f0f5eb6f42e2cb799d78ecf6bfa4bb0b7d03f0ea929b8c8f735b12c1456fbc53
                                                                                                                                                                              • Instruction ID: 23c1aea378af2a82aa3e70a81be89e3ac55ab79ebe4342951c5216633b0df48a
                                                                                                                                                                              • Opcode Fuzzy Hash: f0f5eb6f42e2cb799d78ecf6bfa4bb0b7d03f0ea929b8c8f735b12c1456fbc53
                                                                                                                                                                              • Instruction Fuzzy Hash: 5EE06DB1400208BEFB10ABA0CC45EBE7BBCEB01318F604645FA20E51C1C7B49A458BA1
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00460996 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 004609DC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocString
                                                                                                                                                                              • String ID: (TCP-In)$ (UDP-In)
                                                                                                                                                                              • API String ID: 2525500382-3718467357
                                                                                                                                                                              • Opcode ID: 270c9bc2ad36b2265133c49dde99d25bd570e15d47301b24b151b7d4a8c6c63e
                                                                                                                                                                              • Instruction ID: 638038fd1ee4dc0ed33bbf863d0c098587e532b019c938e57fd81e4480aec341
                                                                                                                                                                              • Opcode Fuzzy Hash: 270c9bc2ad36b2265133c49dde99d25bd570e15d47301b24b151b7d4a8c6c63e
                                                                                                                                                                              • Instruction Fuzzy Hash: 94E0617580051505CB1567689C006F63778FF55304F01009DE9C2E3115EB685E8ECA59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402375 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(Riched20.dll,005A6D68,?,00402753,?,00402BBD), ref: 00402391
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 004023A2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2874004159.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2873982193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000058E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.00000000005F7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.0000000000616000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874004159.000000000063C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874333076.000000000063F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2874355173.0000000000640000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_uTorrent.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load$CursorLibrary
                                                                                                                                                                              • String ID: Riched20.dll
                                                                                                                                                                              • API String ID: 1724584263-3497614510
                                                                                                                                                                              • Opcode ID: b6cb37647a8d29b1271147497ede6f3bed9d4e62d2f34beff91bbe9ccde7c587
                                                                                                                                                                              • Instruction ID: 0d52f15d6616fc6e6b88fe9d1cbff57f52ea74c38eb2525072a372460496b751
                                                                                                                                                                              • Opcode Fuzzy Hash: b6cb37647a8d29b1271147497ede6f3bed9d4e62d2f34beff91bbe9ccde7c587
                                                                                                                                                                              • Instruction Fuzzy Hash: 83E0E5B1A017108FE3609FAA99C5842FBE4FF2A311390183EE18A82A51CB75B404CF54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%