Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
utorrent_installer.exe

Overview

General Information

Sample name:utorrent_installer.exe
Analysis ID:1661907
MD5:241ce365f228ee5f74d81b3fea14e09a
SHA1:700b05506dd3eebb4b87ff545f6d2bb6af6a3ae3
SHA256:bf4ee47d0df1870104f4fada8a68c2fb29e94fea9284c7bb6a6b385a718d8a18
Tags:denemeexeuser-emregvn72
Infos:

Detection

Score:44
Range:0 - 100
Confidence:100%

Compliance

Score:36
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Changes security center settings (notifications, updates, antivirus, firewall)
Checks if the current machine is a virtual machine (disk enumeration)
Found stalling execution ending in API Sleep call
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to harvest and steal browser information (history, passwords, etc)
Writes many files with high entropy
Yara detected QueryWinSAT ClassID
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Connects to several IPs in different countries
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse usering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • utorrent_installer.exe (PID: 7152 cmdline: "C:\Users\user\Desktop\utorrent_installer.exe" MD5: 241CE365F228EE5F74D81B3FEA14E09A)
    • utorrent_installer.tmp (PID: 3720 cmdline: "C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmp" /SL5="$1040C,875149,815616,C:\Users\user\Desktop\utorrent_installer.exe" MD5: 27174A5611D8827D1736D9AC8382D19F)
      • uTorrent.exe (PID: 7568 cmdline: "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010101111110 MD5: 2EC024E4AC857B85BA7FF972944EFC24)
        • utorrent.exe (PID: 7616 cmdline: "C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exe" /S /FORCEINSTALL 1110010101111110 MD5: CBDB9A7AB738A9DB5D7DAC92FDC5F412)
      • saBSI.exe (PID: 1032 cmdline: "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
      • avg_secure_browser_setup.exe (PID: 3064 cmdline: "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6Sggj6206MEVI8G56ZVGHbdwJax4VTPHUPhk50EvktdXMWNyMqpcmGWlzr3GGHMr3PlHKjQDI7I /make-default MD5: 591059D6711881A4B12AD5F74D5781BF)
      • avg_antivirus_free_setup.exe (PID: 8112 cmdline: "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTuf4Ugfvu3A0dYA0vgI3NzDZBYOYCPLc7oNW2yaftN67hmVSSK7BfOklzFBxRQpsjj0mSCYiD6S MD5: 26816AF65F2A3F1C61FB44C682510C97)
  • svchost.exe (PID: 5584 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 3228 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 3524 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5656 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 2928 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • uTorrent.exe (PID: 3168 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MD5: CBDB9A7AB738A9DB5D7DAC92FDC5F412)
    • utorrentie.exe (PID: 4520 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_00DECB80_1536186392 Torrent4823DF041B09 uTorrent ce unp MD5: 664B783489E83B97B5B4AF7C2DB5675D)
      • msedgewebview2.exe (PID: 4616 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4520.1856.3423562140314204209 MD5: 9909D978B39FB7369F511D8506C17CA0)
    • utorrentie.exe (PID: 3280 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03990E90_1431164354 Torrent4823DF041B09 uTorrent ce unp MD5: 664B783489E83B97B5B4AF7C2DB5675D)
      • msedgewebview2.exe (PID: 3320 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3280.2768.3808771680942688591 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 4408 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x1ac,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 8184 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 7632 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1888 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
    • utorrentie.exe (PID: 2020 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03991830_964311589 Torrent4823DF041B09 uTorrent ce unp MD5: 664B783489E83B97B5B4AF7C2DB5675D)
      • msedgewebview2.exe (PID: 680 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2020.2208.6944393845604423247 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 5388 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x44,0x170,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 5868 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 3476 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=952 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
    • utorrentie.exe (PID: 2860 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03991A98_1744342067 Torrent4823DF041B09 uTorrent ce unp MD5: 664B783489E83B97B5B4AF7C2DB5675D)
      • msedgewebview2.exe (PID: 7432 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2860.3052.3663822584540052771 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 3616 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0xf0,0x140,0x164,0x11c,0x16c,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 752 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 5508 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2592 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 3440 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2896 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 7688 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274677595 --mojo-platform-channel-handle=3392 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 7592 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274935517 --mojo-platform-channel-handle=3656 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 7712 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7275103288 --mojo-platform-channel-handle=3792 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
    • chrome.exe (PID: 7684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47178&pv=0.0.0.0.0 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2376,i,6469170045674197500,17347211874561941896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560&lang=en&geo=ch MD5: E81F54E6C1129887AEA47E7D092680BF)
  • uTorrent.exe (PID: 7644 cmdline: "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MD5: CBDB9A7AB738A9DB5D7DAC92FDC5F412)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.1671557525.0000000000874000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_QueryWinSATClassIDYara detected QueryWinSAT ClassIDJoe Security
    00000002.00000003.1674056763.0000000000874000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_QueryWinSATClassIDYara detected QueryWinSAT ClassIDJoe Security
      Process Memory Space: utorrent_installer.tmp PID: 3720JoeSecurity_QueryWinSATClassIDYara detected QueryWinSAT ClassIDJoe Security

        Sigma Signatures

        Sigma detected: CurrentVersion Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exe, ProcessId: 7616, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ut
        Sigma detected: Windows Processes Suspicious Parent Directory
        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, ProcessId: 5584, ProcessName: svchost.exe

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\is-K0IT2.tmpReversingLabs: Detection: 15%
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exe (copy)ReversingLabs: Detection: 15%
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47196.exeReversingLabs: Detection: 13%
        Multi AV Scanner detection for submitted file
        Source: utorrent_installer.exeReversingLabs: Detection: 38%
        Source: utorrent_installer.exeVirustotal: Detection: 37%Perma Link
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BA17A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,15_2_00BA17A0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B55870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,15_2_00B55870
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BA14F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,15_2_00BA14F0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B56220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,15_2_00B56220
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8E610 CryptMsgClose,15_2_00B8E610
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B567B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,15_2_00B567B0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8EB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,15_2_00B8EB60
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8F150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,15_2_00B8F150
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8F3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,15_2_00B8F3C0
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\helper\helper.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47196.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION utorrentie.exeJump to behavior

        Compliance

        barindex
        EXE planting / hijacking vulnerabilities found
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\helper\helper.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeEXE: C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47196.exeJump to behavior
        Uses 32bit PE files
        Source: utorrent_installer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Creates a directory in C:\Program Files
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDirectory created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe
        Creates a software uninstall entry
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentJump to behavior
        Creates install or setup log file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utwin_install.logJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\helper\btinstall.txtJump to behavior
        Creates license or readme file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\license.rtfJump to behavior
        PE / OLE file has a valid certificate
        Source: utorrent_installer.exeStatic PE information: certificate valid
        Contains modern PE file flags such as dynamic base (ASLR) or NX
        Source: utorrent_installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Binary contains paths to debug symbols
        Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000F.00000002.2462174164.0000000000BFE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000F.00000000.1738084686.0000000000BFE000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: c:\jenkins\workspace\WebAdvisor-accesslib-caller_main\Build\Win32\Release\caller_dll.pdb source: saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\dev_work\bt_datachannel\_dist\Release\bt_datachannel.pdb source: uTorrent.exe, 00000009.00000003.1566741954.0000000003452000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000003.1563474779.0000000002942000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1619994667.000000006B809000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: D:\jenkins-workspace\workspace\token-wallet-pipeline\build\MinSizeRel\helper.pdb source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@3\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: X:\jenkins-workspace\workspace\hybridclient-builder-remoteieframe\ut_win\Build\Win32\Release\RemoteIEFrame.pdb source: utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, utorrentie.exe, 00000010.00000000.1745011678.000000000028E000.00000002.00000001.01000000.00000017.sdmp, utorrentie.exe, 00000010.00000002.1777744948.000000000028E000.00000002.00000001.01000000.00000017.sdmp, utorrentie.exe, 00000011.00000000.1751130495.000000000028E000.00000002.00000001.01000000.00000017.sdmp, utorrentie.exe, 00000012.00000000.1754863829.000000000028E000.00000002.00000001.01000000.00000017.sdmp, utorrentie.exe, 00000013.00000000.1764141815.000000000028E000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: X:\jenkins-workspace\workspace\hybridclient-builder-product\Build\Win32\Release\utorrent.pdb source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_00405C13 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,9_2_00405C13
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_0040683D FindFirstFileW,FindClose,9_2_0040683D
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_0040290B FindFirstFileW,9_2_0040290B
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD9BF0 FindFirstFileExW,15_2_00BD9BF0
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0027C195 FindFirstFileExW,16_2_0027C195
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extractJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-SR42K.tmpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
        Source: unknownNetwork traffic detected: IP country count 30
        Source: msedgewebview2.exe, 0000001D.00000003.2532109622.00002F6400254000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2277036559.00002F6400254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Nt();vo(function(){a();R(b)||Jm(a,b)},b)},Nt=function(){return[L.m.R,L.m.T]},Ot=/^(?:www\.)?google(?:\.com?)?(?:\.[a-z]{2}t?)?$/,Pt=/^www\.googleadservices\.com$/,Tt=/^gad_source[_=](\d+)$/;function Yt(){return Do("dedupe_gclid",function(){return qr()})};var Zt=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,$t=/^www.googleadservices.com$/;function au(a){a||(a=bu());return a.fo?!1:a.fn||a.gn||a.kn||a.hn||a.tf||a.Pm||a.jn||a.Um?!0:!1}function bu(){var a={},b=Wr(!0);a.fo=!!b._up;var c=lt();a.fn=c.aw!==void 0;a.gn=c.dc!==void 0;a.kn=c.wbraid!==void 0;a.hn=c.gbraid!==void 0;a.jn=c.gclsrc==="aw.ds";a.tf=Lt().tf;var d=A.referrer?ek(kk(A.referrer),"host"):"";a.Um=Zt.test(d);a.Pm=$t.test(d);return a};var cu=["https://www.google.com","https://www.youtube.com"]; equals www.youtube.com (Youtube)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: Yc[ Fhttps://www.facebook.com/connect/login_success.htmlhttp://www.facebook.com/connect/login_success.htmlhttps://www.facebook.com/login.phphttp://www.facebook.com/login.phphttps://www.facebook.com/connect/uiserver.phphttp://www.facebook.com/connect/uiserver.phphttps://www.facebook.com/dialog/permissions.requesthttp://www.facebook.com/dialog/permissions.requesthttps://www.facebook.com/checkpoint/http://www.facebook.com/checkpoint/&scope=%Sclient_id=%S&redirect_uri=%s&response_type=token&display=popup%shttps://www.facebook.com/dialog/oauthcancelledhttp://www.facebook.com/dialog/oauth&to=%Sapp_id=%S&display=popup&message=%s&redirect_uri=%s%shttps://www.facebook.com/dialog/apprequests equals www.facebook.com (Facebook)
        Source: avg_secure_browser_setup.exe, 00000015.00000003.1954586463.0000000003E59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: e":"","dlrc":6120,"installdate":6120,"pf":"50f0e8e3-0777-4f29-b904-0260ae12ff9b"}}},"web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabdbR equals www.youtube.com (Youtube)
        Source: msedgewebview2.exe, 0000001D.00000003.1926323340.00002F640051C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2075613904.00002F6400794000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2075419821.00002F640051C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: function Gt(a,b){var c=Xs(b),d=Ys(a,c);if(!d)return 0;var e;e=a==="ag"?Zs(d):Us(d);for(var f=0,g=0;g<e.length;g++)f=Math.max(f,e[g].timestamp);return f}function Ht(a){for(var b=0,c=l(Object.keys(a)),d=c.next();!d.done;d=c.next())for(var e=a[d.value],f=0;f<e.length;f++)b=Math.max(b,Number(e[f].timestamp));return b}function It(a){var b=Math.max(Gt("aw",a),Ht(Rs(Qs())?Ks():{})),c=Math.max(Gt("gb",a),Ht(Rs(Qs())?Ks("_gac_gb",!0):{}));c=Math.max(c,Gt("ag",a));return c>b};function Yt(){return Do("dedupe_gclid",function(){return qr()})};var Zt=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,$t=/^www.googleadservices.com$/;function au(a){a||(a=bu());return a.fo?!1:a.fn||a.gn||a.kn||a.hn||a.tf||a.Pm||a.jn||a.Um?!0:!1}function bu(){var a={},b=Wr(!0);a.fo=!!b._up;var c=lt();a.fn=c.aw!==void 0;a.gn=c.dc!==void 0;a.kn=c.wbraid!==void 0;a.hn=c.gbraid!==void 0;a.jn=c.gclsrc==="aw.ds";a.tf=Lt().tf;var d=A.referrer?ek(kk(A.referrer),"host"):"";a.Um=Zt.test(d);a.Pm=$t.test(d);return a};var cu=["https://www.google.com","https://www.youtube.com"]; equals www.youtube.com (Youtube)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.facebook.com/login.php equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/utorrent equals www.facebook.com (Facebook)
        Source: uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/utorrentfoF5 equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http_add_torrent.btkeyadd_magnetlinkbtskindefaultautoAccepted launch|Type: %s Location: %sdouble_clickWM_ENDSESSIONWM_QUITWM_QUERYENDSESSIONWM_CLOSEonWmClose: %sonWmClose: msg %dMemory Compacting, system memory is low (%u%% CPU usage)Memory Compacted, released %ztshttp://update.bittorrent.com/time.phpsocial.bmpFacebookhttp://www.facebook.com/utorrentTwitterhttp://twitter.com/utorrentLanguageclient_first_runfirst_runscreensizeappsizedimensionsnot_installedflash versionflashDoDestroy %sShutdownBeginHelper shutdown Shutdown pending: Trackers DiskIO DelTorrents UPnP Helper ShutdownPending"action":"%s.%d.%d.%02d.%d.%05d"ShutdownDoneSENTFAILEDShutdownDone %s with wait result %d.%#z<item></item>marquee<title></title><media:hash</media:hash><link></link><pubDate></pubDate>http://bundles.bittorrent.com/feed.rsshttp://beta.bundles.bittorrent.com/feed.rss[autorestart] Autorestarting.split_cau_restartautoupdateOnTimeoutPrevented update check because of proxy torrents[autorestart] Attempting to upgrade: (%S) -> (%S)Unable to send crash report to server: equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http_add_torrent.btkeyadd_magnetlinkbtskindefaultautoAccepted launch|Type: %s Location: %sdouble_clickWM_ENDSESSIONWM_QUITWM_QUERYENDSESSIONWM_CLOSEonWmClose: %sonWmClose: msg %dMemory Compacting, system memory is low (%u%% CPU usage)Memory Compacted, released %ztshttp://update.bittorrent.com/time.phpsocial.bmpFacebookhttp://www.facebook.com/utorrentTwitterhttp://twitter.com/utorrentLanguageclient_first_runfirst_runscreensizeappsizedimensionsnot_installedflash versionflashDoDestroy %sShutdownBeginHelper shutdown Shutdown pending: Trackers DiskIO DelTorrents UPnP Helper ShutdownPending"action":"%s.%d.%d.%02d.%d.%05d"ShutdownDoneSENTFAILEDShutdownDone %s with wait result %d.%#z<item></item>marquee<title></title><media:hash</media:hash><link></link><pubDate></pubDate>http://bundles.bittorrent.com/feed.rsshttp://beta.bundles.bittorrent.com/feed.rss[autorestart] Autorestarting.split_cau_restartautoupdateOnTimeoutPrevented update check because of proxy torrents[autorestart] Attempting to upgrade: (%S) -> (%S)Unable to send crash report to server: equals www.twitter.com (Twitter)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.facebook.com/checkpoint/ equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.facebook.com/connect/login_success.html equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.facebook.com/connect/uiserver.php equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.facebook.com/dialog/apprequests equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.facebook.com/dialog/permissions.request equals www.facebook.com (Facebook)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.facebook.com/login.php equals www.facebook.com (Facebook)
        Source: msedgewebview2.exe, 0000001D.00000003.1926323340.00002F640051C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2075613904.00002F6400794000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2075419821.00002F640051C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: return f}CH.K="internal.enableAutoEventOnTimer";var $b=va(["data-gtm-yt-inspected-"]),EH=["www.youtube.com","www.youtube-nocookie.com"],FH,GH=!1; equals www.youtube.com (Youtube)
        Source: avg_secure_browser_setup.exe, 00000015.00000003.1954586463.0000000003E59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: v%SystemRoot%\system32\mswsock.dlle":"","dlrc":6120,"installdate":6120,"pf":"50f0e8e3-0777-4f29-b904-0260ae12ff9b"}}},"web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabdbR equals www.youtube.com (Youtube)
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://%%s/offers/%shttp://update.utorrent.com/installoffer.phpRetrieveOffer
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://%s/installstats.php
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://%s/update_event.php
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://%s/updatestats.php
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://%s/updatestats.phphttp://%s/installstats.phphttp://%s/update_event.php/NOTFAREAping.exe%s
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%S&file=%dhttp%%3A%%2F%%2Flocalhost%%3A%d%%2Fproxy%%3Fsid%%3D%S%%26fas
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://127.0.0.1:%d/proxy?sid=%x&file=%dscanstateinfectionstreaming_urlrss_feedrss_filterlabelflush%
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:19575
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:38565
        Source: utorrent.exe, utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/id
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/id%
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/id6
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/idNu=
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/idhttp://127.0.0.1:5001/hostuiuTorrent
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/api/latest/id~tn
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/hostui
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/hostuiBv4
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/hostuiSystem
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/hostuiYvO
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:5001/hostuiw
        Source: utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2667513288.0000000009803000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2663808032.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2456995696.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://application/octet-streamrb000.b-http://i-
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://apps.bittorrent.com
        Source: utorrent.exeString found in binary or memory: http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp?offer=
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp/MINIMIZEDINSTALLDEBUG:
        Source: uTorrent.exe, 0000000D.00000003.1777553246.0000000003929000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btapp0
        Source: uTorrent.exe, 0000000D.00000003.1777553246.0000000003929000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2141687292.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003953000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btappU
        Source: uTorrent.exe, 0000000D.00000003.1777553246.0000000003929000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2141687292.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003953000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apps.bittorrent.com/utorrent-onboarding/player.btappl3Z
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://apps.bittorrent.comFailed
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://beta./TORRENTPANEINSTALL_FAIL_USER_CANCELINSTALL_FAIL_USER_CANCEL
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://beta.bundles.bittorrent.com/feed.rss
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2038377406.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2141687292.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bit.ly/1hknGHI
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2141687292.0000000003976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bit.ly/1hknGHI00
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.utorrent.com/releases/windows/
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://btinstall-artifacts.bittorrent.com
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall
        Source: uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall1
        Source: uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall7:versioni1eee20:isp.peer
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://btinstall-artifacts.staging.bittorrent.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://btinstall-artifacts.staging.bittorrent.comhttp://btinstall-artifacts.bittorrent.com/clients/u
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://bundles.bittorrent.com/feed.rss
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1872478193.000000000521C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2502812846.00000000053C8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1866860929.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2497955949.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1867640418.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2500465596.0000000005249000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2659519358.0000000003D41000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D41000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2240303814.0000000003CE2000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D62000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1872478193.000000000521C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2375264629.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.0000000000869000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1866860929.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2497955949.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1867640418.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2500465596.0000000005249000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000757531.0000000004BA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C72000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/bt.json
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/bt.jsonj
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/staging_bt.json
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/staging_ut.json
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/staging_ut.json1-1-0;.
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/ut.json
        Source: uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/ut.json639
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/feature/tags/ut.jsonhttp://cdn.ap.bittorrent.com/control/featur
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.json
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonCESSOR_ARCHITE
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonF
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonY
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonneDrive=C:
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonramFiles(x86)=
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonstemDri
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/bt.jsonx
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.json
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.json&
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonAppDatR
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonFiles
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonK
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonLUSERS
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsons
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_bt.jsonx
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.json
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.json/
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.json5v
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonB
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonO
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonindows
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonj
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsono
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/staging_ut.jsonommonP
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.json
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonF
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonP
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonPROCESSOR_REVI
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonT
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsonam
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsons
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.ap.bittorrent.com/control/tags/ut.jsont
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.1777553246.0000000003929000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.html
        Source: uTorrent.exe, 0000000D.00000003.1777553246.0000000003929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.htmlLMEM8H&
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.htmlTqJ_0
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://cdn.bitmedianetwork.com/network/index.htmloffers.ftAdUrloffers.lrecAdUrloffers.ftAdIdoffers.l
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/0
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
        Source: saBSI.exe, saBSI.exe, 0000000F.00000002.2445739204.000000000078D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2462174164.0000000000BFE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000F.00000000.1738084686.0000000000BFE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
        Source: utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2458704178.00000000092DE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2671653495.00000000092DE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2672634053.0000000008FAD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2456995696.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
        Source: utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2667513288.0000000009803000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2663808032.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2456995696.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
        Source: utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2413038544.000000000085F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.0000000000869000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.0000000000840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
        Source: utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2408952145.0000000004FAC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2488396926.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2375264629.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2393896876.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-14.crl0S
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-82.crl0S
        Source: utorrent_installer.tmp, 00000002.00000003.1271659370.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1271873341.0000000000ADA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micror
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://crl.thawte.com/ThawteServerPremiumCA.crl0
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1872478193.000000000521C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2502812846.00000000053C8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1866860929.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2497955949.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1867640418.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2500465596.0000000005249000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2659519358.0000000003D41000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D41000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2240303814.0000000003CE2000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D62000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1872478193.000000000521C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2375264629.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.0000000000869000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1866860929.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2497955949.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1867640418.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2500465596.0000000005249000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000757531.0000000004BA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C72000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1831313555.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1854937281.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1872478193.000000000521C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1840399021.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1866860929.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2497955949.00000000051C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2659519358.0000000003D41000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D41000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2240303814.0000000003CE2000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D62000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: saBSI.exe, 0000000F.00000002.2447110056.00000000007FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
        Source: saBSI.exe, 0000000F.00000002.2447110056.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1863286998.0000000004FAC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1855076387.0000000004FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3165f815965b5
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exe
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exe.
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exe9
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exe=
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exeS
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exeX
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://dist.btfs.io/NSIS_Installer/amd64/btfs_install_amd64.exebtfsbtfs_install_amd64.exebtfsbtfs-wi
        Source: utorrent.exe, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://download-lb.utorrent.com/
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://download-lb.utorrent.com/endpoint/hydra-os/winxp/os/winvista/os/win7/os/win8/os/win81/os/win/
        Source: utorrent_installer.exe, 00000000.00000003.1240190115.0000000002560000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.2574274568.0000000000ABC000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2006514831.00000000034D7000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1250526677.0000000003480000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.000000000241B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://download-new.utorrent.com/endpoint/utorrent/os/riserolloutqa/track/beta
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://download.utorrent.com/help/utorrent-help-3601.zip
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://download.utorrent.com/help/utorrent-help-3601.ziputorrent.chmAddToolbarClickONBOARDINGcart=ut
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://dslreports.com/speedtest/
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion#t
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion.
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion1p(
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion2
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion4t(
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion5
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion7s
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion8p/
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion=
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversion?t/
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionA
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionCp6
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionFt6
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionG
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionGu6
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionH
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionMpD
        Source: utorrent.exe, 0000000A.00000002.1617484965.00000000009F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionR
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionTpK
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionZ
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionZs
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionbtR
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionclassic_client_install_counthttp://cdn.ap.bittorrent.com
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionetY
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionfpY
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionip
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionlt
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionmu
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionos
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversionppg
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://events.bittorrent.com/startConversiony
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://forum.utorrent.com?client=%s%s
        Source: utorrent.exeString found in binary or memory: http://help.bittorr
        Source: utorrent.exeString found in binary or memory: http://help.bittorre
        Source: utorrent.exeString found in binary or memory: http://help.bittorren
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://help.bittorrent.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://help.utorrent.com/customer/portal/articles/257678
        Source: uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-29.b-47178.ut.bench.utorrent.com/e?i=29html
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://i-45.b-
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://i-45.b-webui.enablewebui.enable_guestwebui.enable_listenwebui.token_authwebui.token_auth_filt
        Source: uTorrent.exe, 00000009.00000002.1622183489.0000000000756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/
        Source: uTorrent.exe, 00000009.00000002.1623222068.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/677
        Source: uTorrent.exe, 00000009.00000002.1622183489.0000000000756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/82555-235625598-1533749622-1468861831LMEM
        Source: uTorrent.exe, 00000009.00000002.1622183489.0000000000719000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000002.1623222068.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000002.1622183489.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000002.1622183489.00000000006FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/e?i=6000
        Source: uTorrent.exe, 00000009.00000002.1622183489.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/e?i=6000$
        Source: uTorrent.exe, 00000009.00000003.1559755058.0000000002940000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000002.1622183489.00000000006BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/e?i=6000/SILENT
        Source: uTorrent.exe, 00000009.00000002.1622183489.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/e?i=6000C
        Source: uTorrent.exe, 00000009.00000002.1622183489.00000000006FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/e?i=6000e
        Source: uTorrent.exe, 00000009.00000002.1623222068.00000000034A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/e?i=6000oaming
        Source: uTorrent.exe, 00000009.00000002.1622183489.00000000006BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/e?i=6000t
        Source: uTorrent.exe, 00000009.00000002.1622183489.00000000006BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/e?i=6000xp/
        Source: uTorrent.exe, 00000009.00000002.1622183489.0000000000756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-6000.b-47178.ut.bench.utorrent.com/t.bench.utorrent.com/949372-556907266-1570989533-1058743
        Source: uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-61.b-47178.ut.bench.utorrent.com/e?i=615
        Source: uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://i-61.b-47178.ut.bench.utorrent.com/e?i=615ll
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003C92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ll.download3.utorrent.com/3.6.0/utorrent.47196.installer.exe?au=1&hash=84be835c34c2966a4a0dcd
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/speedtestobjects.txt
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://ll.www.bittorrent.com/llspeedtest/speedtestobjects.txthttp://update.utorrent.com/speedserverl
        Source: uTorrent.exe, 00000009.00000000.1557705761.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, uTorrent.exe, 00000009.00000002.1621725955.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, uTorrent.exe, 0000000D.00000003.2010185348.0000000003CD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2240303814.0000000003CE2000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000000.1770784607.000000000040A000.00000008.00000001.01000000.0000001A.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2659519358.0000000003D41000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D41000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2240303814.0000000003CE2000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D62000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C72000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1831313555.0000000000861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1872478193.000000000521C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2502812846.00000000053C8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1866860929.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2497955949.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1867640418.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2500465596.0000000005249000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1872478193.000000000521C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2375264629.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.0000000000869000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1866860929.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2497955949.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1867640418.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2500465596.0000000005249000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000757531.0000000004BA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2458704178.00000000092DE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2671653495.00000000092DE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2672634053.0000000008FAD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2456995696.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net02
        Source: utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2667513288.0000000009803000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2663808032.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2456995696.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
        Source: utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2413038544.000000000085F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.0000000000869000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.0000000000840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
        Source: utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2408952145.0000000004FAC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2488396926.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2375264629.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2393896876.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://ocsp.thawte.com0
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://play-artifacts.bittorrent.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://play-artifacts.staging.bittorrent.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007BC000.00000040.00000001.01000000.00000012.sdmp, utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://portforward.com/
        Source: utorrent.exe, utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/client-webui/%s/client-webui.json
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/client-webui/%s/client-webui.jsonCAMPAIGNBROWSERCRASHSET_UPDATE_HOSTCO
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pr.apps.bittorrent.com/client-webui/%s/client-webui.jsonxqn_
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007BC000.00000040.00000001.01000000.00000012.sdmp, utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://remote.utorrent.com/
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://remote.utorrent.com/send?btih=
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://remote.utorrent.com/send?btih=%s%H&dn=%U&message=%U&sid=%s&cid=%U%s%H&dn=%U&message=%Uhttp://
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://report.bittorrent.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://report.bittorrent.com--ReportAdsContent-Type:
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
        Source: saBSI.exe, 0000000F.00000003.1831313555.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1840399021.0000000000861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt
        Source: utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2413038544.000000000085F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.0000000000869000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.0000000000840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
        Source: utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2408952145.0000000004FAC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2488396926.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2375264629.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2393896876.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://svr-ov-crl.thawte.com/ThawteOV.crl0
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://tinyurl.com/api-create.php?url=%U
        Source: uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trontv.com/#
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, uTorrent.exe, 0000000D.00000003.1777553246.0000000003929000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2141687292.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003953000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twitter.com/utorrent
        Source: uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/time.php
        Source: uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bittorrent.com/time.phpk
        Source: utorrent.exe, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://update.utorrent.com/installoffer.php
        Source: utorrent.exe, 0000000A.00000002.1619447371.0000000003FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/installstats.php?cl=uTorrent&v=113358922&h=DcFJKOmpSnBVQIEE&w=4A65000A&bu
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://update.utorrent.com/speedserverlist.php
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://update.utorrent.com/speedstats.php?result=
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://update.utorrent.com/streamstats.php
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.1777553246.0000000003929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/survey
        Source: uTorrent.exe, 0000000D.00000003.1763132092.0000000003C8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.utorrent.com/surveySTA
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://update.utorrent.com/surveyTake
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utclient.utorrent.com/badads-feedback/index.html#/
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utclient.utorrent.com/badads-feedback/index.html#/BAdSubmitSoftware
        Source: uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/images/mobile-icon.png
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/images/mobile-icon.png0t
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/images/mobile-icon.pngMT
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/images/mobile-icon.pnghp?p=bt&q=
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003CBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/images/mobile-icon.pngj
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utclient.utorrent.com/offers/onboarding-basic/i18n/en/ads-nofill.html
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utclient.utorrent.com/offers/onboarding-basic/i18n/en/ads-offer.html
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utclient.utorrent.com/offers/onboarding-basic/i18n/en/ads-offer.htmlcreating
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/flow/onboarding-pro/i18n/en/first-torrent-ut.htmltorrent_addedproOn
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2468087993.0000000009117000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1984447435.000001C33D292000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1990638412.000077A801458000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1921528820.000001C33D271000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1909293453.000077A801574000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1921522911.000001C33D324000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.1924128887.00002F640057C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.1984681781.00002F640057C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.1926323340.00002F640057C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.1942981968.00002F640057C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.html
        Source: uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1778212432.0000000000E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.html1
        Source: uTorrent.exe, 0000000D.00000003.2468087993.0000000009117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.html4
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.htmlCustomerIdSoftware
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utclient.utorrent.com/pro/utorrent/index.htmlampaign
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utorrent.com/download/langpacks/dl.php?build=47178&ref=client&client=utorrent&sys_l=%s&sel_l=
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utorrent.com/prodnews%S?v=%S&pv=%u.%u.%u.%u.%uopen_r.open_r_retry.open_r_err..errCode.%s&lang
        Source: uTorrent.exe, 0000000D.00000003.1781191639.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews0
        Source: uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47178&pv=0.0.0.0.0
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47178&pv=0.0.0.0.0)
        Source: uTorrent.exe, 0000000D.00000003.2141687292.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47178&pv=0.0.0.0.00zy
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utorrent.com/testport?plain=1
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://utorrent.com/testport?plain=1&port=%d
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://utorrent.com/webui-guide.php
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, msedgewebview2.exe, 00000016.00000003.2595766941.000077A801590000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1984447435.000001C33D292000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1990638412.000077A801458000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1941413544.000001C33D314000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1955529398.000001C33D314000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1939397736.000077A8018E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1992899331.000077A800858000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2595976870.000077A80159C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2576236998.000077A80159C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.1969668022.00002F6400354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://video.rainberrytv.com/partners/didomi/client-cmp-ut.min.html
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.rainberrytv.com/partners/didomi/client-cmp-ut.min.html-1-0
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.apple.com/itunes
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.apple.com/itunesFailed
        Source: utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2987275744.000000000489D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
        Source: svchost.exe, 00000003.00000002.1373702629.0000021B8CA13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.comc
        Source: uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2293952095.0000000003DCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.com
        Source: utorrent.exe, utorrent.exe, 0000000A.00000002.1616726291.00000000007BC000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.bittorrent.com/certified-devices/
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007BC000.00000040.00000001.01000000.00000012.sdmp, utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.bittorrent.com/certified-devices/ORCopy
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007BC000.00000040.00000001.01000000.00000012.sdmp, utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.com/legal/eula
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.com/legal/privacy
        Source: uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2456995696.0000000003DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.com0
        Source: uTorrent.exe, 0000000D.00000003.2293952095.0000000003DCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bittorrent.comHm
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1776709618.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.0000000006131000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2530865250.0000000005720000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2659519358.0000000003D41000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D41000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2240303814.0000000003CE2000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D62000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.2000637386.0000000004BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2458704178.00000000092DE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2671653495.00000000092DE000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2672634053.0000000008FAD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2456995696.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.net/rpa03
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.google-analytics.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.google-analytics.com%S
        Source: utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887522004.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888441517.00000000053C1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2488396926.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1872478193.000000000521C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2375264629.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1866860929.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2497955949.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1867640418.00000000051EE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2500465596.0000000005249000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
        Source: utorrent_installer.tmp, 00000002.00000003.1972480424.0000000006191000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2479087460.00000000038E4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1930599995.0000000007660000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768711640.0000000006180000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000003.1559755058.0000000002940000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000002.1622183489.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.openssl.org/)
        Source: utorrent.exe, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2659519358.0000000003D41000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2457769835.0000000003D41000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.rainberrytv.com/
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.rainberrytv.com/http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp?offer=DO
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.rainberrytv.com/network/default.html
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rainberrytv.com/network/default.htmlX
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.rainberrytv.com?client=%s%s
        Source: utorrent.exe, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2672634053.0000000008FAD000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.utorrent.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007BC000.00000040.00000001.01000000.00000012.sdmp, utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com.
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007BC000.00000040.00000001.01000000.00000012.sdmp, utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/faq
        Source: utorrent.exe, 0000000A.00000002.1616726291.00000000007BC000.00000040.00000001.01000000.00000012.sdmp, utorrent.exe, 0000000A.00000002.1616726291.00000000007F9000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/faq#mlabs
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/faq.phphttp://ll.www.bittorrent.com/llspeedtest/http://update.utorrent.com/s
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/faq?client=%s%s
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/help/guides/rss
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/help/guides/rss%dx%.2d8
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/pro/?x-source=myproacct#comp-tbl
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/pro/?x-source=myproacct#comp-tbl%s%cplus=%d&client=%s&x-source=%s&bkt1=%d%d%
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com/testport.php?port=%d
        Source: utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.utorrent.com0
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.utorrent.com?client=%s%s
        Source: uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2672634053.0000000008FAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.utorrent.comH
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.utorrent.comURLInfoAboutBitTorrent
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllr
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://yogi.apps.bittorrent.com/track/?data=%s&ip=1
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://yogi.apps.bittorrent.com/track/?data=%s&ip=1X-ClientID:
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://activate.utorrent.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://activate.utorrent.comhttp://play-artifacts.staging.bittorrent.comhttp://play-artifacts.bitto
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/(
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/.p
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/2u
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/N
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/S
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/_pR
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/d
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api-dev.bt.co/v1/rule/utclassic/v
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/Jp=
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/Z
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/j
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/m
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/nfo
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.bt.co/v1/rule/utclassic/o
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.playanext.com/httpapi
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.1777553246.0000000003929000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgLMEM
        Source: utorrent_installer.tmp, 00000002.00000003.1992818091.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2042074404.0000000000AE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://btweb.rainberrytv.com
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://btweb.trontv.com
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashserver.bittorrent.com/upload
        Source: utorrent_installer.exe, 00000000.00000003.1240190115.0000000002560000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.2574274568.0000000000ABC000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2018361023.0000000007496000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2006514831.00000000034D7000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1250526677.0000000003480000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.000000000241B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/
        Source: utorrent_installer.tmp, 00000002.00000003.2028856611.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/AVG_AV/files/1319/avg.zip.
        Source: utorrent_installer.tmp, 00000002.00000003.1972636181.00000000038F4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2486074710.00000000038F4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2070938610.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/AVG_AV/files/1319/avg.zipd
        Source: utorrent_installer.tmp, 00000002.00000003.1972636181.00000000038F4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2486074710.00000000038F4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/AVG_AV/files/1319/avg.zipure_
        Source: utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/AVG_AV/images/1509/uto/EN.png
        Source: utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/AVG_AV/images/1509/uto/EN.pnga
        Source: utorrent_installer.tmp, 00000002.00000002.2472121202.00000000038A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/AVG_BRW/files/1506/avg_secure_browser_setup.zip
        Source: utorrent_installer.tmp, 00000002.00000003.1764396067.0000000003945000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1769451817.0000000003944000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1758081508.000000000393C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/AVG_BRW/images/DOTPS-512/EN.pngI
        Source: utorrent_installer.tmp, 00000002.00000002.2491052490.000000000394C000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1971137889.0000000003949000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1895474980.0000000003945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/AVG_BRW/images/DOTPS-512/EN.pngg
        Source: utorrent_installer.tmp, 00000002.00000002.2491052490.000000000394C000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1971137889.0000000003949000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1895474980.0000000003945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip26$
        Source: utorrent_installer.tmp, 00000002.00000002.2491052490.000000000394C000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1971137889.0000000003949000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1895474980.0000000003945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipRF
        Source: utorrent_installer.tmp, 00000002.00000003.1764396067.0000000003945000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1769451817.0000000003944000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1758081508.000000000393C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipRFg
        Source: utorrent_installer.tmp, 00000002.00000003.1972636181.00000000038F4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2486074710.00000000038F4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2070938610.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/WebAdvisor/images/943/EN.png
        Source: utorrent_installer.tmp, 00000002.00000003.2070938610.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2348314160.0000000000A55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d27iw11mm1vkcl.cloudfront.net/f/WebAdvisor/images/943/EN.pngP
        Source: utorrent_installer.exe, 00000000.00000003.1240190115.0000000002560000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.2574274568.0000000000ABC000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2006514831.00000000034D7000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1250526677.0000000003480000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.000000000241B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2p3z23xtslrsm.cloudfront.net/o
        Source: utorrent_installer.tmp, 00000002.00000003.1271811450.0000000000A75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d42q8e9nhm7ym.cloudfront.net/
        Source: utorrent_installer.exe, 00000000.00000003.1240190115.0000000002560000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.2574274568.0000000000ABC000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2006514831.00000000034D7000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1250526677.0000000003480000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1850917315.0000000006188000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2041063661.0000000006184000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1781885911.0000000006168000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.000000000241B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d42q8e9nhm7ym.cloudfront.net/zbd
        Source: utorrent_installer.tmp, 00000002.00000003.2066532324.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d42q8e9nhm7ym.cloudfront.net:443/zbd.tmp
        Source: uTorrent.exe, 0000000D.00000003.1742943484.0000000003993000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
        Source: svchost.exe, 00000003.00000002.1373805194.0000021B8CA62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373279283.0000021B8CA61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
        Source: svchost.exe, 00000003.00000003.1373304956.0000021B8CA5D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373371345.0000021B8CA59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
        Source: svchost.exe, 00000003.00000002.1373816209.0000021B8CA68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373256989.0000021B8CA67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
        Source: svchost.exe, 00000003.00000003.1373230551.0000021B8CA6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1373829011.0000021B8CA70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
        Source: svchost.exe, 00000003.00000002.1373805194.0000021B8CA62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373279283.0000021B8CA61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373371345.0000021B8CA59000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1373730639.0000021B8CA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
        Source: svchost.exe, 00000003.00000002.1373816209.0000021B8CA68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373256989.0000021B8CA67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1373730639.0000021B8CA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
        Source: svchost.exe, 00000003.00000002.1373805194.0000021B8CA62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373279283.0000021B8CA61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1373730639.0000021B8CA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
        Source: svchost.exe, 00000003.00000002.1373730639.0000021B8CA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
        Source: svchost.exe, 00000003.00000002.1373805194.0000021B8CA62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373279283.0000021B8CA61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2038377406.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/update2/installers/icons/%7B8a69d345-d564-463c-aff1-a69d9e530f96%7D.bmp?lang=e
        Source: utorrent_installer.tmp, 00000002.00000002.2468588643.000000000389D000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.000000000389C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download-new.utorrent.com/
        Source: utorrent_installer.exe, 00000000.00000003.1240190115.0000000002560000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.2574274568.0000000000ABC000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2006514831.00000000034D7000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.000000000389C000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1250526677.0000000003480000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.000000000241B000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download-new.utorrent.com/endpoint/utorrent/os/riserollout/track/stable
        Source: utorrent_installer.tmp, 00000002.00000003.1271659370.0000000000AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download-new.utorrent.com/endpoint/utorrent/os/riserollout/track/stable(
        Source: utorrent_installer.tmp, 00000002.00000003.1271659370.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download-new.utorrent.com/endpoint/utorrent/os/riserollout/track/stable3
        Source: utorrent_installer.tmp, 00000002.00000003.2066532324.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download-new.utorrent.com:443/endpoint/utorrent/os/riserollout/track/stable
        Source: svchost.exe, 00000003.00000003.1373413868.0000021B8CA33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
        Source: svchost.exe, 00000003.00000002.1373730639.0000021B8CA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
        Source: svchost.exe, 00000003.00000002.1373805194.0000021B8CA62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373279283.0000021B8CA61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
        Source: svchost.exe, 00000003.00000003.1373392415.0000021B8CA43000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373304956.0000021B8CA5D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1373766094.0000021B8CA44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
        Source: svchost.exe, 00000003.00000003.1373413868.0000021B8CA33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
        Source: svchost.exe, 00000003.00000003.1273104638.0000021B8CA38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
        Source: svchost.exe, 00000003.00000002.1373816209.0000021B8CA68000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373256989.0000021B8CA67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1373730639.0000021B8CA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
        Source: uTorrent.exe, 0000000D.00000003.1742943484.0000000003993000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003983000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2045600583.0000000003C92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://gearbox.bittorrent.com
        Source: utorrent_installer.tmp, 00000002.00000003.1972480424.0000000006191000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2479087460.00000000038E4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1930599995.0000000007660000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768711640.0000000006180000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000003.1559755058.0000000002940000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000002.1622183489.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: https://github.com/arvidn/libtorrent/blob/master/LICENSE
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/netty/netty/issues/6520.
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/netty/netty/issues/6520.s
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://help.bittorrent.com/en/support/tickets/newInstalling
        Source: utorrent_installer.exe, 00000000.00000000.1239141792.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://lite.utorrent.com/playerbeta_promopopup
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js-0
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.jsEv
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maps.windows.com/windows-app-web-link
        Source: uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.adaware.com/torrentscanner/lp/search.php?p=bt&q=
        Source: uTorrent.exe, 0000000D.00000003.2468087993.0000000009117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.adaware.com/torrentscanner/lp/search.php?p=bt&q=13:selected_catsle8:selfcert1797:0
        Source: uTorrent.exe, 0000000D.00000003.2468087993.0000000009117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.adaware.com/torrentscanner/lp/search.php?p=bt&q=17:show_playback_tabi0e4:sid1i48e7:sma
        Source: uTorrent.exe, 0000000D.00000003.2468087993.0000000009117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.adaware.com/torrentscanner/lp/search.php?p=bt&q=20:served_search_target75:Smart
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.adaware.com/torrentscanner/lp/search.php?p=bt&q=Close
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-30-24/PreSignInSettingsConfig.json?One
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2038377406.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-40-12/PreSignInSettingsConfig.json
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-40-12/PreSignInSettingsConfig.json5
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2038377406.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1742674510.0000000003976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=14d1c105224b3e736c3c
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=com.utorrent.clienthttps://www.bittorrent.com/btfs/faq
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://play2330.atmegame.com/startgame_clickGameshttps://play2330.atmequiz.com/startquiz_clickdownl
        Source: utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/privacyX
        Source: utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
        Source: utorrent.exe, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: https://rebrand.ly/368mel?type=%s-%U&h=%s&v=%d
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 00000024.00000002.1816141529.0000000000401000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: https://rebrand.ly/368mel?type=%s-%U&h=%s&v=%dSoftware
        Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1778874048.0000000000847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
        Source: saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1831313555.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1854937281.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2413038544.000000000085F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1840399021.0000000000861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/48/Win32/saBSI.exe
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1778874048.0000000000847000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2393896876.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
        Source: saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
        Source: saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1831313555.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1854937281.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2413038544.000000000085F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1840399021.0000000000861000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447640326.000000000085F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2393896876.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.1/1006/Win32/saBSI.exe
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1778874048.0000000000847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
        Source: saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1778874048.0000000000847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
        Source: saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1778874048.0000000000847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
        Source: saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
        Source: saBSI.exe, saBSI.exe, 0000000F.00000002.2462174164.0000000000BFE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000F.00000000.1738084686.0000000000BFE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1778874048.0000000000847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
        Source: saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
        Source: saBSI.exe, saBSI.exe, 0000000F.00000002.2445739204.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1778874048.0000000000847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
        Source: saBSI.exe, 0000000F.00000002.2447640326.000000000084A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2423360244.0000000000843000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
        Source: utorrent_installer.tmp, 00000002.00000003.2066532324.00000000038D1000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe9
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://speed.btt.network
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://speed.btt.networkhttps://utweb.trontv.comhttps://btweb.trontv.comhttps://utweb.rainberrytv.c
        Source: svchost.exe, 00000003.00000003.1373392415.0000021B8CA43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
        Source: svchost.exe, 00000003.00000003.1373413868.0000021B8CA3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
        Source: svchost.exe, 00000003.00000002.1373766094.0000021B8CA44000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373413868.0000021B8CA3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
        Source: svchost.exe, 00000003.00000003.1373326898.0000021B8CA5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
        Source: svchost.exe, 00000003.00000002.1373730639.0000021B8CA2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
        Source: svchost.exe, 00000003.00000003.1373337177.0000021B8CA58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://test.rainberrytv.com/utclassic/wrapper.html?bucket=classic-us
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://test.rainberrytv.com/utclassic/wrapper.html?bucket=test-holistic
        Source: svchost.exe, 00000003.00000002.1373805194.0000021B8CA62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1373279283.0000021B8CA61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
        Source: uTorrent.exe, 0000000D.00000003.1742674510.0000000003943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://utclient.utorrent.com/client-user-onboarding/index.html
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://utclient.utorrent.com/client-user-onboarding/index.htmlhttps://utclient.utorrent.com/client-
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://utclient.utorrent.com/client-user-onboarding/second-entry-index.html
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://utweb.rainberrytv.com
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://utweb.trontv.com
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://video.rainberrytv.com/smart/video/content-detail-trending.html?bucket=classic-row
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003983000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2810626975.000077A80123C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1921522911.000001C33D334000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1924910964.000077A8018AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1921528820.000001C33D261000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1984447435.000001C33D292000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2578394545.000077A801FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1925319401.000077A801894000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1921528820.000001C33D251000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2974029586.000077A80123C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2162481545.000077A80128C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2892459085.000077A80123C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1941413544.000001C33D314000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1930090340.000077A80128C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2571283164.000077A801FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2161365252.000077A801E20000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1928348271.000077A8018C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2252894419.000077A80123C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2383862818.000077A80123C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.2725678742.000077A80123C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000016.00000003.1921522911.000001C33D314000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=classic-eur
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=classic-us
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=test-qa-leaderboard-2
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=test-qa-leaderboard-3
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=test-qa-mrec-display-2
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=test-qa-mrec-display-3
        Source: uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=test-qa-mrec-display-3v
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=test-qa-mrec-video-3
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=test-rainberrytv
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://video.rainberrytv.com/utclassic/wrapper.html?bucket=test-vite
        Source: utorrent_installer.tmp, 00000002.00000003.1971859520.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2070938610.0000000000A33000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2348314160.0000000000A33000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2444050206.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1307951791.00000000038D7000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940848723.0000000000AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula
        Source: utorrent_installer.tmp, 00000002.00000003.2066532324.00000000038D1000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
        Source: utorrent_installer.tmp, 00000002.00000003.2066532324.00000000038D1000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-productsd
        Source: utorrent_installer.tmp, 00000002.00000003.1971859520.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2444050206.0000000000AF9000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1307951791.00000000038D7000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940848723.0000000000AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy
        Source: utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
        Source: utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy;
        Source: utorrent_installer.tmp, 00000002.00000003.2070938610.0000000000A33000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2348314160.0000000000A33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacyu
        Source: utorrent_installer.tmp, 00000002.00000003.2028856611.0000000002414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avg.c
        Source: utorrent_installer.tmp, 00000002.00000003.2028856611.0000000002414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avg.co
        Source: utorrent_installer.tmp, 00000002.00000003.1396593756.000000000393C000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1396593756.000000000392C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/eula
        Source: utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/eulaZ
        Source: utorrent_installer.tmp, 00000002.00000002.2337635079.0000000000A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/eulansume
        Source: utorrent_installer.tmp, 00000002.00000003.1396593756.000000000393C000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1396593756.000000000392C000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/privacy
        Source: utorrent_installer.tmp, 00000002.00000002.2337635079.0000000000A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/privacy5:
        Source: utorrent_installer.tmp, 00000002.00000002.2337635079.0000000000A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/privacyme
        Source: utorrent_installer.tmp, 00000002.00000003.1758081508.0000000003984000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2046377259.000000000615A000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
        Source: utorrent_installer.tmp, 00000002.00000002.2557974711.000000000615B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eulaU
        Source: utorrent_installer.tmp, 00000002.00000003.2028856611.00000000023ED000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1737002185.0000000003983000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1866577608.0000000003983000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2040572896.0000000003983000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768885682.0000000003984000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1764396067.0000000003984000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.0000000002403000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1758081508.0000000003984000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2046377259.000000000615A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
        Source: utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy$
        Source: utorrent_installer.tmp, 00000002.00000003.1758081508.0000000003922000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1895474980.0000000003928000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1764396067.0000000003928000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1852922460.0000000006153000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacynet/
        Source: utorrent_installer.exe, 00000000.00000003.1240190115.0000000002560000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.2574274568.0000000000ABC000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2006514831.00000000034D7000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1250526677.0000000003480000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.000000000241B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/eula/
        Source: utorrent_installer.tmp, 00000002.00000003.1271811450.0000000000A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/eula/y-policy/
        Source: utorrent_installer.tmp, 00000002.00000002.2376557349.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1271811450.0000000000A75000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1250526677.0000000003480000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2562655844.000000000618E000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2041063661.000000000618E000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2376557349.0000000000A7F000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.000000000241B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/privacy-policy/
        Source: utorrent_installer.exe, 00000000.00000003.1240190115.0000000002560000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.2574274568.0000000000ABC000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2006514831.00000000034D7000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2376557349.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1271659370.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1250526677.0000000003480000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000002.2562655844.000000000618E000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2041063661.000000000618E000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2028856611.000000000241B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/terms-of-use/
        Source: utorrent_installer.tmp, 00000002.00000003.2066532324.00000000038D1000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policyJ
        Source: utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreementr&
        Source: utorrent_installer.tmp, 00000002.00000002.2303482182.000000000018E000.00000004.00000010.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, uTorrent.exe, 0000000D.00000003.1763132092.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2158231610.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2486230685.0000000008FAE000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2488278774.0000000003C67000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2667513288.0000000009803000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2663808032.0000000003DCF000.00000004.00000800.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.0000000009802000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2459821563.0000000008FAD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.1721637695.00000000038B6000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2234212205.0000000003DD7000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2126225332.00000000097C1000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2456995696.0000000003DDD000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.entrust.net/rpa0
        Source: utorrent_installer.tmp, 00000002.00000003.1747067345.0000000005725000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1734149265.0000000006131000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1888980279.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2408952145.0000000004FAC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2488396926.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000083E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1887669878.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2387493466.000000000085D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2375264629.0000000004F98000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2413038544.000000000085F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.0000000000869000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2404003056.000000000085E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.0000000000840000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.2393896876.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collect
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collectwww.google-analytics.comapplication/x-www-form-urlencodedv=U
        Source: utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
        Source: uTorrent.exeString found in binary or memory: https://www.htx.com
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.htx.com/?utm_source=UT&
        Source: uTorrent.exe, uTorrent.exe, 0000000D.00000003.2465744999.0000000003983000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003976000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2141687292.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560&lang=en&geo=ch
        Source: uTorrent.exe, 0000000D.00000003.2141687292.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560&lang=en&geo=chJQ
        Source: uTorrent.exe, 0000000D.00000003.2045600583.0000000003CC3000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2469634880.0000000003CC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560&lang=en&geo=chRE
        Source: uTorrent.exe, 0000000D.00000003.2141687292.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2038377406.0000000003944000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2465744999.0000000003963000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 0000000D.00000003.2277126665.0000000003953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560&lang=en&geo=chRQ
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000000.1248814080.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
        Source: utorrent_installer.tmp, 00000002.00000003.1396593756.000000000392C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
        Source: utorrent_installer.tmp, 00000002.00000003.2041063661.0000000006184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html2yaftN67hmVSSK7BfOklzFBxRQpsjj0mSCYiD6SMWNyMq
        Source: utorrent_installer.tmp, 00000002.00000002.2479087460.00000000038E0000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlE530
        Source: utorrent_installer.tmp, 00000002.00000002.2479087460.00000000038E0000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlEt
        Source: utorrent_installer.tmp, 00000002.00000002.2491052490.000000000394C000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1971137889.0000000003949000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1895474980.0000000003945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlf182fefcd23b919626ec
        Source: utorrent_installer.tmp, 00000002.00000003.1758081508.0000000003922000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1769451817.0000000003923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlf182fefcd23b919626lzFBxRQpsjj0mSCYiD6SMWNyMq
        Source: utorrent_installer.tmp, 00000002.00000002.2376557349.0000000000A7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
        Source: utorrent_installer.tmp, 00000002.00000002.2392491137.0000000000AC5000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
        Source: utorrent_installer.tmp, 00000002.00000003.2058040375.0000000000AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.exe, 00000000.00000003.1246767966.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000000.1248814080.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
        Source: uTorrent.exe, 0000000D.00000003.2468087993.0000000009117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.surveymonkey.com/r/QKYKJR9?vs=3.6.0&cl=utorrent&bld=47178&ssu=41&os=windows&lang_c=&l=en
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.surveymonkey.com/s/C2VFYPC
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.surveymonkey.com/s/C2VFYPCcuR
        Source: utorrent_installer.tmp, 00000002.00000003.2028856611.0000000002403000.00000004.00001000.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1768298153.000000000614A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.utorrent.com/.
        Source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.utorrent.com/remotehelp.ico
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_004056A8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,9_2_004056A8
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Writes many files with high entropy
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exe entropy: 7.99048121224Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exe (copy) entropy: 7.99435441245Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0 (copy) entropy: 7.99597518735Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1 (copy) entropy: 7.99996154345Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2 (copy) entropy: 7.99668482326Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0.zip (copy) entropy: 7.99597518735Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1.zip (copy) entropy: 7.99996154345Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2.zip (copy) entropy: 7.99668482326Jump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\helper_web_ui.btinstall entropy: 7.99800359993Jump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47196.exe entropy: 7.99479838141Jump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\helper\webui.zip entropy: 7.99946071568Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 entropy: 7.99602810784Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe entropy: 7.99048121224Jump to dropped file
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile created: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\SmartScreen\RemoteData\topTraffic_638004170464094982 entropy: 7.99962590804Jump to dropped file
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile created: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2 entropy: 7.99333285467Jump to dropped file
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile created: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris_0 entropy: 7.99333285467Jump to dropped file
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile created: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371 entropy: 7.99964947406Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B56220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,15_2_00B56220
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_004034F7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004034F7
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.3fd55ca9eaf737c3
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.3fd55ca9eaf737c3\avg_antivirus_free_online_setup.exe
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_00406BFE9_2_00406BFE
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeCode function: 10_2_009A2E6010_2_009A2E60
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeCode function: 10_2_006B000010_2_006B0000
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03CC7E2713_3_03CC7E27
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03CC7E2713_3_03CC7E27
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03C92F3E13_3_03C92F3E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03C92F3E13_3_03C92F3E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03983C4E13_3_03983C4E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03CC7E2713_3_03CC7E27
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03CC7E2713_3_03CC7E27
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03C92F3E13_3_03C92F3E
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03C92F3E13_3_03C92F3E
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B58FB015_2_00B58FB0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B54F5015_2_00B54F50
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B5511015_2_00B55110
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8D54015_2_00B8D540
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B9184015_2_00B91840
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B570D915_2_00B570D9
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B5F11015_2_00B5F110
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B73AC015_2_00B73AC0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8FFE015_2_00B8FFE0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8819015_2_00B88190
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BDC11015_2_00BDC110
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B983A015_2_00B983A0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD860915_2_00BD8609
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BA066015_2_00BA0660
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B947C015_2_00B947C0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BE099215_2_00BE0992
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BC091915_2_00BC0919
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BE0AB215_2_00BE0AB2
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BC0B4B15_2_00BC0B4B
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BC0DB015_2_00BC0DB0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B68EA015_2_00B68EA0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B3CF4015_2_00B3CF40
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B7D2C015_2_00B7D2C0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BC933A15_2_00BC933A
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD14AF15_2_00BD14AF
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B3540015_2_00B35400
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BDD8E015_2_00BDD8E0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8A54015_2_00B8A540
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B3A61015_2_00B3A610
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B928A015_2_00B928A0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BE68E015_2_00BE68E0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B32B0015_2_00B32B00
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BBADD015_2_00BBADD0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B96D4315_2_00B96D43
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B8F15015_2_00B8F150
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B773B015_2_00B773B0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BCB34015_2_00BCB340
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B9B4F015_2_00B9B4F0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B9760215_2_00B97602
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B3F83015_2_00B3F830
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BC39A415_2_00BC39A4
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B93A3015_2_00B93A30
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B6FB4015_2_00B6FB40
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B5BCB015_2_00B5BCB0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B63C5015_2_00B63C50
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B37D1015_2_00B37D10
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0024200016_2_00242000
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0028036416_2_00280364
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0022E35016_2_0022E350
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0027A38916_2_0027A389
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0026A47016_2_0026A470
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0028048416_2_00280484
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0026850A16_2_0026850A
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_002726ED16_2_002726ED
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0026C86C16_2_0026C86C
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0028090D16_2_0028090D
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0027E9C216_2_0027E9C2
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0022CA7016_2_0022CA70
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0026CA9E16_2_0026CA9E
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0026CCFB16_2_0026CCFB
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0026508016_2_00265080
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0023343016_2_00233430
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0022549016_2_00225490
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0024D98016_2_0024D980
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0024D99816_2_0024D998
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_00277AA516_2_00277AA5
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_00225E3016_2_00225E30
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00BB8713 appears 374 times
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00BB8DFE appears 103 times
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00BB8375 appears 45 times
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00B78650 appears 192 times
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00BD4231 appears 31 times
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00B41BE0 appears 70 times
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00BB8E31 appears 83 times
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00BB9600 appears 60 times
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: String function: 00BB85BF appears 56 times
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: String function: 002633BE appears 100 times
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: String function: 00262EF3 appears 42 times
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: String function: 00227240 appears 46 times
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: String function: 00262F08 appears 39 times
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: String function: 0022A0D0 appears 228 times
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: String function: 002635E0 appears 45 times
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: String function: 002633F1 appears 54 times
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: String function: 00226E00 appears 31 times
        Source: utorrent_installer.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: avg_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: utorrent.exe.9.drStatic PE information: Resource name: RT_ICON type: COM executable for DOS
        Source: utorrent.exe.9.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
        Source: utorrent.exe.9.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
        Source: uTorrent.exe.10.drStatic PE information: Resource name: RT_ICON type: COM executable for DOS
        Source: uTorrent.exe.10.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
        Source: uTorrent.exe.10.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
        Source: 3.6.0_47178.exe.13.drStatic PE information: Resource name: RT_ICON type: COM executable for DOS
        Source: 3.6.0_47178.exe.13.drStatic PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)
        Source: 3.6.0_47178.exe.13.drStatic PE information: Resource name: RT_DIALOG type: COM executable for DOS
        Source: saBSI.exe.15.drStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Source: AVGBrowserUninstall.exe.21.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: sciterui.dll.21.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Source: avg_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: AVGBrowserUninstall.exe.21.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: sciterui.dll.21.drStatic PE information: No import functions for PE file found
        Source: utorrent_installer.exe, 00000000.00000003.1243580486.0000000002989000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs utorrent_installer.exe
        Source: utorrent_installer.exe, 00000000.00000003.1246767966.000000007FE25000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs utorrent_installer.exe
        Source: utorrent_installer.exe, 00000000.00000000.1239260225.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs utorrent_installer.exe
        Source: utorrent_installer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
        Source: utorrent.exe.9.drStatic PE information: Section: UPX1 ZLIB complexity 0.9995782202239004
        Source: uTorrent.exe.10.drStatic PE information: Section: UPX1 ZLIB complexity 0.9995782202239004
        Source: 3.6.0_47178.exe.13.drStatic PE information: Section: UPX1 ZLIB complexity 0.9995782202239004
        Source: classification engineClassification label: mal44.rans.troj.spyw.evad.winEXE@107/995@0/100
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_004034F7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004034F7
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_00404954 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,9_2_00404954
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B44C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,15_2_00B44C8E
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_004021AA CoCreateInstance,9_2_004021AA
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B65318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,15_2_00B65318
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeMutant created: \Sessions\1\BaseNamedObjects\avg-securebrowser_installer_mutex2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeMutant created: NULL
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpMutant created: \Sessions\1\BaseNamedObjects\ Torrent/{1F44C754-37E7-2687-70D4-148E574DF026}
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ Torrent4823DF041B09
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
        Source: C:\Users\user\Desktop\utorrent_installer.exeFile created: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmpJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCommand line argument: UDLL16_2_0024F010
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCommand line argument: NATI16_2_0024F010
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCommand line argument: FEAT16_2_0024F010
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCommand line argument: ntdll.dll16_2_0024F010
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCommand line argument: remoteframe16_2_0024F010
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCommand line argument: .log16_2_0024F010
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCommand line argument: nE(16_2_002844C0
        Source: C:\Users\user\Desktop\utorrent_installer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\utorrent_installer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\utorrent_installer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table ui_store (path text primary key not null,content_type text,data blob not null);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table historical_spending (spending integer not null default 0,timestamp integer not null default (strftime('%s','now')));
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table historical_totals (spending integer not null default 0,earning integer not null default 0,downloaded integer not null default 0,seeded integer not null default 0);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(*) AS CNTREC FROM pragma_table_info('airdrops') WHERE name='campaign';
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: insert or replace into historical_totals (spending, earning, downloaded, seeded) values (0,0,0,0);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table on_chain_recent_txns (txn_id text primary key not null,id integer not null,token_type integer,amount integer not null check(amount > 0),created integer,message text,reported integer default 0,type integer,status integer,asset_name text,from_address text,to_address text);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table exchange_withdrawals (withdrawal_id integer primary key not null,amount integer not null check(amount > 0),channel_id integer unique default null references outgoing_channels,exchange_id integer unique default null,exchange_account blob default null,accepted integer not null default 0,last_attempt integer not null default (strftime('%s','now')),num_attempts integer not null default 1);create table exchange_deposits (deposit_id integer primary key not null,amount integer not null check(amount > 0),ledger_channel_id integer unique default null references incoming_channels,exchange_id integer unique default null,tron_tx blob default null,accepted integer not null default 0,last_attempt integer not null default (strftime('%s','now')),num_attempts integer not null default 1);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(*) AS CNTREC FROM pragma_table_info('exchange_withdrawals') WHERE name='chain_type';
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table airdrops (adid text primary key not null,gift_amount integer,claim_status integer,active integer,expired integer,claim_time integer,type integer default 0,level integer default 0,time_limit integer default 0);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table hourly_spending (spending integer not null default 0,timestamp integer not null default (strftime('%s','now')));
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(*) AS CNTREC FROM pragma_table_info('exchange_deposits') WHERE name='chain_type';
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table on_chain_account_balances (asset_id integer primary key not null,asset_name integer not null,amount integer);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table on_chain_pending_txns (txn_id text,id integer primary key not null,token_type integer,amount integer not null check(amount > 0),created integer,message text,reported integer default 0,type integer,status integer,asset_name text,from_address text,to_address text,data_source integer default 1);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table if not exists item_historical_totals (item_type integer not null,item_id integer not null,bidding_policy integer not null default 1,spending integer not null default 0,earning integer not null default 0,downloaded integer not null default 0,seeded integer not null default 0,PRIMARY KEY (item_type, item_id));
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table int_settings (key integer primary key not null, value integer not null default 0);create table string_settings (key integer primary key not null, value text not null default "");create table blob_settings (key integer primary key not null, value blob not null default (zeroblob(0)));create table outgoing_channels (channel_id integer primary key not null,ledger_channel_id integer unique default null,seq integer default 1,created integer,closed integer default null,our_balance integer not null check(our_balance >= 0),their_balance integer not null check(their_balance >= 0),their_pk blob not null);create table incoming_channels (ledger_channel_id integer primary key not null,confirmed integer not null default 0,seq integer not null,closed integer default null,our_balance integer not null check(our_balance >= 0),their_balance integer not null check(their_balance >= 0),their_pk blob,state blob,thier_sig blob);
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table hourly_earning (earning integer not null default 0,timestamp integer not null default (strftime('%s','now')));
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: create table historical_earning (earning integer not null default 0,timestamp integer not null default (strftime('%s','now')));
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(*) AS CNTREC FROM pragma_table_info('airdrops') WHERE name='description';
        Source: utorrent_installer.exeReversingLabs: Detection: 38%
        Source: utorrent_installer.exeVirustotal: Detection: 37%
        Source: utorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURLTYPE %s
        Source: utorrent.exeString found in binary or memory: %s /LAUNCHBUNDLEDURL %s
        Source: utorrent.exeString found in binary or memory: http://update.utorrent.com/installoffer.php
        Source: utorrent.exeString found in binary or memory: Start/Stop
        Source: utorrent.exeString found in binary or memory: Start/Stop
        Source: uTorrent.exeString found in binary or memory: https://dl.google.com/update2/installers/icons/%7B8a69d345-d564-463c-aff1-a69d9e530f96%7D.bmp?lang=en-GB
        Source: C:\Users\user\Desktop\utorrent_installer.exeFile read: C:\Users\user\Desktop\utorrent_installer.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\utorrent_installer.exe "C:\Users\user\Desktop\utorrent_installer.exe"
        Source: C:\Users\user\Desktop\utorrent_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmp "C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmp" /SL5="$1040C,875149,815616,C:\Users\user\Desktop\utorrent_installer.exe"
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
        Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010101111110
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exe "C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exe" /S /FORCEINSTALL 1110010101111110
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exe "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_00DECB80_1536186392 Torrent4823DF041B09 uTorrent ce unp
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03990E90_1431164354 Torrent4823DF041B09 uTorrent ce unp
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03991830_964311589 Torrent4823DF041B09 uTorrent ce unp
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03991A98_1744342067 Torrent4823DF041B09 uTorrent ce unp
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4520.1856.3423562140314204209
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6Sggj6206MEVI8G56ZVGHbdwJax4VTPHUPhk50EvktdXMWNyMqpcmGWlzr3GGHMr3PlHKjQDI7I /make-default
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2860.3052.3663822584540052771
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3280.2768.3808771680942688591
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2020.2208.6944393845604423247
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0xf0,0x140,0x164,0x11c,0x16c,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x44,0x170,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x1ac,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2592 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=952 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2896 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47178&pv=0.0.0.0.0
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1888 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exe "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274677595 --mojo-platform-channel-handle=3392 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274935517 --mojo-platform-channel-handle=3656 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7275103288 --mojo-platform-channel-handle=3792 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTuf4Ugfvu3A0dYA0vgI3NzDZBYOYCPLc7oNW2yaftN67hmVSSK7BfOklzFBxRQpsjj0mSCYiD6S
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560&lang=en&geo=ch
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2376,i,6469170045674197500,17347211874561941896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3
        Source: C:\Users\user\Desktop\utorrent_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmp "C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmp" /SL5="$1040C,875149,815616,C:\Users\user\Desktop\utorrent_installer.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010101111110Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6Sggj6206MEVI8G56ZVGHbdwJax4VTPHUPhk50EvktdXMWNyMqpcmGWlzr3GGHMr3PlHKjQDI7I /make-defaultJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTuf4Ugfvu3A0dYA0vgI3NzDZBYOYCPLc7oNW2yaftN67hmVSSK7BfOklzFBxRQpsjj0mSCYiD6SJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess created: unknown unknownJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exe "C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exe" /S /FORCEINSTALL 1110010101111110Jump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_00DECB80_1536186392 Torrent4823DF041B09 uTorrent ce unpJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03990E90_1431164354 Torrent4823DF041B09 uTorrent ce unpJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03991830_964311589 Torrent4823DF041B09 uTorrent ce unpJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exe "C:\Users\user\AppData\Roaming\uTorrent\updates\3.6.0_47178\utorrentie.exe" uTorrent_3168_03991A98_1744342067 Torrent4823DF041B09 uTorrent ce unpJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47178&pv=0.0.0.0.0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560&lang=en&geo=chJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: unknown unknownJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: unknown unknownJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess created: unknown unknown
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4520.1856.3423562140314204209
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3280.2768.3808771680942688591
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2020.2208.6944393845604423247
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2860.3052.3663822584540052771
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0xf0,0x140,0x164,0x11c,0x16c,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2592 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2896 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274677595 --mojo-platform-channel-handle=3392 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274935517 --mojo-platform-channel-handle=3656 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7275103288 --mojo-platform-channel-handle=3792 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x1ac,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1888 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x44,0x170,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=952 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2376,i,6469170045674197500,17347211874561941896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Users\user\Desktop\utorrent_installer.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\utorrent_installer.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\utorrent_installer.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\utorrent_installer.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\utorrent_installer.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: msftedit.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: windows.globalization.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: bcp47mrm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: globinputhost.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: winhttpcom.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: explorerframe.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: dataexchange.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: d3d11.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: dcomp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: dxgi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: sxs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: zipfldr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: shdocvw.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: mccsusershared.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: firewallapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: fwbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: fwpolicyiomgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: bt_datachannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: firewallapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: fwbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: fwpolicyiomgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: comsvcs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: bt_datachannel.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: firewallapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: fwbase.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: fwpolicyiomgr.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: hnetcfg.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: atl.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: npmproxy.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: acgenral.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: winmm.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: samcli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: msacm32.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: mpr.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: winmmbase.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: winmmbase.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: aclayers.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: sfc.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: sfc_os.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: wtsapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: winsta.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: webio.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: ncryptsslp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: dpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: dhcpcsvc.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: cryptnet.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeSection loaded: cabinet.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: edputil.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: mmdevapi.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: devobj.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: audioses.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: powrprof.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: umpdc.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: windows.ui.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: windowmanagementapi.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: textinputframework.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: inputhost.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: coreuicomponents.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: twinapi.appcore.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: twinapi.appcore.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: edputil.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: dbghelp.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: mmdevapi.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: devobj.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: audioses.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: powrprof.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: umpdc.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: windows.ui.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: windowmanagementapi.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: textinputframework.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: inputhost.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: twinapi.appcore.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: twinapi.appcore.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: coreuicomponents.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: coremessaging.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wintypes.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: coreuicomponents.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: edputil.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: dbghelp.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: edputil.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeSection loaded: dbghelp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: oleacc.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: shfolder.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: wininet.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: secur32.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: wtsapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: winsta.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: windows.staterepositoryps.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: windows.fileexplorer.common.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: ieframe.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: netapi32.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: wkscli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: mlang.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: dpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
        Source: Torrent.lnk.10.drLNK file: ..\..\..\utorrent\uTorrent.exe
        Source: Torrent.lnk0.10.drLNK file: ..\AppData\Roaming\utorrent\uTorrent.exe
        Source: Torrent.lnk1.10.drLNK file: ..\..\..\utorrent\uTorrent.exe
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpWindow found: window name: TMainFormJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Agree
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Accept
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Accept
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Accept
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpAutomated click: Next
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeWindow detected: Number of UI elements: 11
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeWindow detected: Number of UI elements: 11
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDirectory created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exe
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentJump to behavior
        Source: utorrent_installer.exeStatic PE information: certificate valid
        Source: utorrent_installer.exeStatic file information: File size 1771512 > 1048576
        Source: utorrent_installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000F.00000002.2462174164.0000000000BFE000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 0000000F.00000000.1738084686.0000000000BFE000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: c:\jenkins\workspace\WebAdvisor-accesslib-caller_main\Build\Win32\Release\caller_dll.pdb source: saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\dev_work\bt_datachannel\_dist\Release\bt_datachannel.pdb source: uTorrent.exe, 00000009.00000003.1566741954.0000000003452000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000003.1563474779.0000000002942000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1619994667.000000006B809000.00000002.00000001.01000000.00000013.sdmp
        Source: Binary string: D:\jenkins-workspace\workspace\token-wallet-pipeline\build\MinSizeRel\helper.pdb source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@3\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000F.00000003.1827451308.0000000005090000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: X:\jenkins-workspace\workspace\hybridclient-builder-remoteieframe\ut_win\Build\Win32\Release\RemoteIEFrame.pdb source: utorrent.exe, 0000000A.00000002.1616726291.000000000089C000.00000040.00000001.01000000.00000012.sdmp, utorrentie.exe, 00000010.00000000.1745011678.000000000028E000.00000002.00000001.01000000.00000017.sdmp, utorrentie.exe, 00000010.00000002.1777744948.000000000028E000.00000002.00000001.01000000.00000017.sdmp, utorrentie.exe, 00000011.00000000.1751130495.000000000028E000.00000002.00000001.01000000.00000017.sdmp, utorrentie.exe, 00000012.00000000.1754863829.000000000028E000.00000002.00000001.01000000.00000017.sdmp, utorrentie.exe, 00000013.00000000.1764141815.000000000028E000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: X:\jenkins-workspace\workspace\hybridclient-builder-product\Build\Win32\Release\utorrent.pdb source: utorrent.exe, 0000000A.00000002.1616726291.0000000000401000.00000040.00000001.01000000.00000012.sdmp
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B82B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,15_2_00B82B30
        Source: utorrent_installer.exeStatic PE information: section name: .didata
        Source: utorrent_installer.tmp.0.drStatic PE information: section name: .didata
        Source: saBSI.exe.2.drStatic PE information: section name: .didat
        Source: avg_antivirus_free_setup.exe.2.drStatic PE information: section name: .didat
        Source: saBSI.exe.15.drStatic PE information: section name: .didat
        Source: avg_antivirus_free_online_setup.exe.40.drStatic PE information: section name: .didat
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeCode function: 10_2_0068AAFD push ecx; ret 10_2_0068AB10
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeCode function: 10_2_0068B5D0 push ecx; ret 10_2_0068B5E3
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeCode function: 10_2_0068A598 push eax; ret 10_2_0068A5B6
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397CA94 push eax; retf 13_3_0397CA95
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397CA94 push eax; retf 13_3_0397CA95
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397CA94 push eax; retf 13_3_0397CA95
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3AF pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3AF pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3AF pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3AF pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03978A67 pushfd ; retf 13_3_03978A6F
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03978A67 pushfd ; retf 13_3_03978A6F
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03978A67 pushfd ; retf 13_3_03978A6F
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_03978A67 pushfd ; retf 13_3_03978A6F
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3E2 pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3E2 pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3E2 pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3E2 pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0392B697 push cs; retf 13_3_0392B69A
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0392B697 push cs; retf 13_3_0392B69A
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397CA94 push eax; retf 13_3_0397CA95
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397CA94 push eax; retf 13_3_0397CA95
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397CA94 push eax; retf 13_3_0397CA95
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3AF pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3AF pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3AF pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3AF pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3E2 pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3E2 pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3E2 pushfd ; retf 13_3_0397A3CA
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeCode function: 13_3_0397A3E2 pushfd ; retf 13_3_0397A3CA
        Source: initial sampleStatic PE information: section name: UPX0
        Source: initial sampleStatic PE information: section name: UPX1
        Source: initial sampleStatic PE information: section name: UPX0
        Source: initial sampleStatic PE information: section name: UPX1
        Source: initial sampleStatic PE information: section name: UPX0
        Source: initial sampleStatic PE information: section name: UPX1
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\INetC.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Program Files\AVG\Browser\AVGBrowserUninstall.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\nsJSON.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\thirdparty.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\StdUtils.dllJump to dropped file
        Source: C:\Users\user\Desktop\utorrent_installer.exeFile created: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\helper_web_ui.btinstallJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\AccessControl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.3fd55ca9eaf737c3\avg_antivirus_free_online_setup.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\botva2.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\bt_datachannel.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\is-K0IT2.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\jsisdl.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\nsisFirewall.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\inetc.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\System.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\sciterui.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\Midex.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\reboot.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\AVGBrowserUpdateSetup.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47196.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\JsisPlugins.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\bt_datachannel.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\helper\helper.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\jsis.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.3fd55ca9eaf737c3\avg_antivirus_free_online_setup.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\utorrent\helper_web_ui.btinstallJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utwin_install.logJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile created: C:\Users\user\AppData\Roaming\uTorrent\helper\btinstall.txtJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\license.rtfJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ Torrent.lnkJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run utJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run utJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run utJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run utJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B70540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,15_2_00B70540
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob
        Source: C:\Users\user\Desktop\utorrent_installer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Checks if the current machine is a virtual machine (disk enumeration)
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
        Found stalling execution ending in API Sleep call
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeStalling execution: Execution stalls by calling Sleep
        Query firmware table information (likely to detect VMs)
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSystem information queried: FirmwareTableInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeSystem information queried: FirmwareTableInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformation
        Tries to detect sandboxes / dynamic malware analysis system (registry check)
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile opened: HKEY_CURRENT_USER\Software\Wine
        Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware Tools
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B44C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,15_2_00B44C8E
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\INetC.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\nsisFirewall.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\nsJSON.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeDropped PE file which has not been started: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\inetc.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\thirdparty.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\System.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\sciterui.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\Midex.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\StdUtils.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\utorrent\helper_web_ui.btinstallJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\reboot.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\AccessControl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\AVGBrowserUpdateSetup.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.3fd55ca9eaf737c3\avg_antivirus_free_online_setup.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47196.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\botva2.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\JsisPlugins.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\utorrent\helper\helper.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\jsisdl.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsxF69F.tmp\jsis.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeAPI coverage: 0.0 %
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmp TID: 1540Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmp TID: 2052Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmp TID: 1540Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exe TID: 6940Thread sleep time: -60000s >= -30000s
        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp FullSizeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeFile Volume queried: C:\Users\user\AppData\Roaming\utorrent\share FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile Volume queried: C:\Users\user\AppData\Roaming\utorrent\share FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\wasm FullSizeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js FullSizeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\blob_storage\950c5bc5-2268-479e-941b-dcef57c299f0 FullSizeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\Cache_Data FullSizeInformation
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeFile Volume queried: C:\Users\user\AppData\Roaming\utorrent\share FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_00405C13 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,9_2_00405C13
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_0040683D FindFirstFileW,FindClose,9_2_0040683D
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_0040290B FindFirstFileW,9_2_0040290B
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD9BF0 FindFirstFileExW,15_2_00BD9BF0
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0027C195 FindFirstFileExW,16_2_0027C195
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BA2782 VirtualQuery,GetSystemInfo,15_2_00BA2782
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extractJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-SR42K.tmpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
        Source: utorrent_installer.tmp, 00000002.00000003.1940978009.00000000038CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
        Source: utorrent.exe, 0000000A.00000002.1619192999.0000000003E93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW1
        Source: utorrent_installer.tmp, 00000002.00000003.1980320327.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, utorrent_installer.tmp, 00000002.00000003.1271659370.0000000000A8A000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000002.1622183489.0000000000719000.00000004.00000020.00020000.00000000.sdmp, uTorrent.exe, 00000009.00000002.1622183489.000000000076C000.00000004.00000020.00020000.00000000.sdmp, utorrent.exe, 0000000A.00000002.1619192999.0000000003E93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2447110056.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000003.1755936662.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000F.00000002.2445739204.000000000078D000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.1966530264.0000000003EAB000.00000004.00000020.00020000.00000000.sdmp, avg_secure_browser_setup.exe, 00000015.00000003.1951016475.0000000000727000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: uTorrent.exe, 0000000D.00000003.2038377406.0000000003983000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
        Source: utorrent_installer.tmp, 00000002.00000003.1271659370.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
        Source: uTorrent.exe, 0000000D.00000003.2261539812.0000000009FC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: QMyVMCipherModeBase: feedback size cannot be specified for this cipher modeCBC
        Source: utorrent.exe, 0000000A.00000002.1617484965.0000000000A34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
        Source: msedgewebview2.exe, 00000017.00000002.2120324089.0000020AC9040000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000018.00000002.2118821199.0000021A48440000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeAPI call chain: ExitProcess graph end nodegraph_9-3609
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeProcess queried: DebugPort
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BB93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00BB93F2
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B55110 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,15_2_00B55110
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B44C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,15_2_00B44C8E
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BE7BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C15_2_00BE7BC0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B82B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,15_2_00B82B30
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BCE8FE mov eax, dword ptr fs:[00000030h]15_2_00BCE8FE
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD7CAE mov eax, dword ptr fs:[00000030h]15_2_00BD7CAE
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD7CF2 mov eax, dword ptr fs:[00000030h]15_2_00BD7CF2
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD7C6A mov eax, dword ptr fs:[00000030h]15_2_00BD7C6A
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD7D23 mov eax, dword ptr fs:[00000030h]15_2_00BD7D23
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_00273363 mov eax, dword ptr fs:[00000030h]16_2_00273363
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0027BE8E mov eax, dword ptr fs:[00000030h]16_2_0027BE8E
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00B4463F GetProcessHeap,15_2_00B4463F
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeCode function: 10_2_6B7C5B90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_6B7C5B90
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BB9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00BB9018
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BB93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00BB93F2
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BBD453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00BBD453
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BB9586 SetUnhandledExceptionFilter,15_2_00BB9586
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0024F010 GetCurrentThreadId,VirtualAlloc,_strncpy,SetUnhandledExceptionFilter,LoadLibraryA,GetProcAddress,PathRemoveFileSpecW,GetCommandLineW,16_2_0024F010
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_00262920 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00262920
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_00263806 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00263806
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0026399A SetUnhandledExceptionFilter,16_2_0026399A
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0026DED4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_0026DED4
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV6Sggj6206MEVI8G56ZVGHbdwJax4VTPHUPhk50EvktdXMWNyMqpcmGWlzr3GGHMr3PlHKjQDI7I /make-defaultJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTuf4Ugfvu3A0dYA0vgI3NzDZBYOYCPLc7oNW2yaftN67hmVSSK7BfOklzFBxRQpsjj0mSCYiD6SJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeProcess created: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exe "C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exe" /S /FORCEINSTALL 1110010101111110Jump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47178&pv=0.0.0.0.0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.htx.com/?utm_source=UT&utm_medium=prodnews&inviter_id=11350560&lang=en&geo=chJump to behavior
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0xf0,0x140,0x164,0x11c,0x16c,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2592 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2896 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274677595 --mojo-platform-channel-handle=3392 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274935517 --mojo-platform-channel-handle=3656 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7275103288 --mojo-platform-channel-handle=3792 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x1ac,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1888 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x44,0x170,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=952 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled /prefetch:3
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2_extract\avg_antivirus_free_setup.exeProcess created: unknown unknown
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msenhancedtrackingpreventionenabled --enable-features=mojoipcz --mojo-named-platform-channel-pipe=4520.1856.3423562140314204209
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msenhancedtrackingpreventionenabled --enable-features=mojoipcz --mojo-named-platform-channel-pipe=2860.3052.3663822584540052771
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msenhancedtrackingpreventionenabled --enable-features=mojoipcz --mojo-named-platform-channel-pipe=3280.2768.3808771680942688591
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msenhancedtrackingpreventionenabled --enable-features=mojoipcz --mojo-named-platform-channel-pipe=2020.2208.6944393845604423247
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0xf0,0x140,0x164,0x11c,0x16c,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x44,0x170,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x1ac,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2592 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=952 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2896 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1888 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274677595 --mojo-platform-channel-handle=3392 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274935517 --mojo-platform-channel-handle=3656 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7275103288 --mojo-platform-channel-handle=3792 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:1
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msenhancedtrackingpreventionenabled --enable-features=mojoipcz --mojo-named-platform-channel-pipe=4520.1856.3423562140314204209
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msenhancedtrackingpreventionenabled --enable-features=mojoipcz --mojo-named-platform-channel-pipe=3280.2768.3808771680942688591
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msenhancedtrackingpreventionenabled --enable-features=mojoipcz --mojo-named-platform-channel-pipe=2020.2208.6944393845604423247
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msenhancedtrackingpreventionenabled --enable-features=mojoipcz --mojo-named-platform-channel-pipe=2860.3052.3663822584540052771
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0xf0,0x140,0x164,0x11c,0x16c,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2592 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2896 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274677595 --mojo-platform-channel-handle=3392 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7274935517 --mojo-platform-channel-handle=3656 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1744284710295766 --launch-time-ticks=7275103288 --mojo-platform-channel-handle=3792 --field-trial-handle=1856,i,6677870207114222573,4336023425012646389,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:1
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x1ac,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1812 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1888 --field-trial-handle=1852,i,16148445146309021935,7164975153110944084,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:3
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\locallow\utorrent.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x44,0x170,0x7ff8eb1b8e88,0x7ff8eb1b8e98,0x7ff8eb1b8ea8
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:2
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\locallow\utorrent.webview2\ebwebview" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=952 --field-trial-handle=1816,i,5890538242656462308,1074140875794232901,262144 --enable-features=mojoipcz --disable-features=msenhancedtrackingpreventionenabled /prefetch:3
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BB9215 cpuid 15_2_00BB9215
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: GetLocaleInfoW,15_2_00BD45DA
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,15_2_00BDC65F
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: EnumSystemLocalesW,15_2_00BDC9ED
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: EnumSystemLocalesW,15_2_00BDC907
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: EnumSystemLocalesW,15_2_00BDC952
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,15_2_00BDCA80
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: GetLocaleInfoW,15_2_00BDCCE0
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,15_2_00BDCE06
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,15_2_00BDCFDB
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: GetLocaleInfoW,15_2_00BDCF0C
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: GetLocaleInfoEx,15_2_00BB7E28
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: EnumSystemLocalesW,15_2_00BD3F6D
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: EnumSystemLocalesW,16_2_0027831E
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: GetLocaleInfoEx,16_2_002623C0
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: GetLocaleInfoW,16_2_00278897
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,16_2_0027EF12
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: EnumSystemLocalesW,16_2_0027F1B4
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: EnumSystemLocalesW,16_2_0027F1FF
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: EnumSystemLocalesW,16_2_0027F29A
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,16_2_0027F325
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: GetLocaleInfoW,16_2_0027F578
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,16_2_0027F69E
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: GetLocaleInfoW,16_2_0027F7A4
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,16_2_0027F873
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\Logo.png VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\WebAdvisor.png VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\AVG_BRW.png VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\AVG_AV.png VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2.zip VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component2.zip VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
        Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\nspA1C8.tmp\utorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Users\user\AppData\Roaming\utorrent\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e947ec36d06ed69_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\7d70d3ba0b2e9822_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e947ec36d06ed69_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\7d70d3ba0b2e9822_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e947ec36d06ed69_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\7d70d3ba0b2e9822_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\eb68cabea8b30d19_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e9b71ce3bd2fbed_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\63390f09f65cf104_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\eb68cabea8b30d19_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\63390f09f65cf104_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e9b71ce3bd2fbed_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e0e7bb595243cc4_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\1ae68a737de6c3d8_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\688ae7c765972bb6_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e13761517dbac7c_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\135a9e73b7a29232_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e947ec36d06ed69_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e9b71ce3bd2fbed_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\63390f09f65cf104_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\427ac57d104d42e6_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\eb68cabea8b30d19_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e947ec36d06ed69_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e9b71ce3bd2fbed_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\63390f09f65cf104_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\427ac57d104d42e6_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e0e7bb595243cc4_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\1ae68a737de6c3d8_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e0e7bb595243cc4_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e13761517dbac7c_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\688ae7c765972bb6_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e0e7bb595243cc4_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\1ae68a737de6c3d8_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\bd1574b0bfec24e8_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\1ae68a737de6c3d8_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e13761517dbac7c_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\1ae68a737de6c3d8_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\688ae7c765972bb6_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\135a9e73b7a29232_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\3d2c4bae1d8dcfd3_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\7caaf8a174215e21_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\7caaf8a174215e21_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\7caaf8a174215e21_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\9e3562dc95ee062a_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\31ffad66e8ba3e9f_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e947ec36d06ed69_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e9b71ce3bd2fbed_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\63390f09f65cf104_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\427ac57d104d42e6_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\5e0e7bb595243cc4_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\1ae68a737de6c3d8_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\bd1574b0bfec24e8_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\aabb9d949b88679c_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\688ae7c765972bb6_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\673397ae9c5e0246_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\2e13761517dbac7c_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\8cb853b5783a74f4_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\9e3562dc95ee062a_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\31ffad66e8ba3e9f_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\9e3562dc95ee062a_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\16c7b1632fcd6f35_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\31ffad66e8ba3e9f_0 VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Variations VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Variations VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_00244150 CreateEventW,CreateEventW,CreateEventW,Sleep,Sleep,CreateFileW,GetLastError,CreateNamedPipeW,CreateThread,GetLastError,16_2_00244150
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeCode function: 15_2_00BD4619 GetSystemTimeAsFileTime,15_2_00BD4619
        Source: C:\Users\user\AppData\Roaming\utorrent\updates\3.6.0_47178\utorrentie.exeCode function: 16_2_0027B90F _free,_free,_free,GetTimeZoneInformation,_free,16_2_0027B90F
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\uTorrent.exeCode function: 9_2_004034F7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,9_2_004034F7
        Source: C:\Users\user\AppData\Local\Temp\is-I7GCN.tmp\utorrent_installer.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Changes security center settings (notifications, updates, antivirus, firewall)
        Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
        Source: utorrent.exeBinary or memory string: pg2.exe
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component0_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob
        Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATIONJump to behavior
        Source: C:\Users\user\AppData\Roaming\utorrent\uTorrent.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATIONJump to behavior

        Stealing of Sensitive Information

        barindex
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\search.json.mozlz4
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
        Source: C:\Users\user\AppData\Local\Temp\is-SR42K.tmp\component1_extract\avg_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
        Yara detected QueryWinSAT ClassID
        Source: Yara matchFile source: 00000002.00000003.1671557525.0000000000874000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000003.1674056763.0000000000874000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: utorrent_installer.tmp PID: 3720, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected QueryWinSAT ClassID
        Source: Yara matchFile source: 00000002.00000003.1671557525.0000000000874000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000003.1674056763.0000000000874000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: utorrent_installer.tmp PID: 3720, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        1
        Software        		1
        Scripting        		Valid Accounts1
        Windows Management Instrumentation        		1
        Scripting        		1
        DLL Side-Loading        		12
        Disable or Modify Tools        		1
        OS Credential Dumping        		2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		2
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts1
        Native API        		1
        DLL Side-Loading        		1
        DLL Search Order Hijacking        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory3
        File and Directory Discovery        		Remote Desktop Protocol1
        Data from Local System        		Junk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts13
        Command and Scripting Interpreter        		1
        DLL Search Order Hijacking        		1
        Access Token Manipulation        		21
        Obfuscated Files or Information        		Security Account Manager57
        System Information Discovery        		SMB/Windows Admin Shares1
        Clipboard Data        		SteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCron1
        Windows Service        		1
        Windows Service        		11
        Software Packing        		NTDS1
        Query Registry        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchd11
        Registry Run Keys / Startup Folder        		12
        Process Injection        		1
        DLL Side-Loading        		LSA Secrets491
        Security Software Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
        Registry Run Keys / Startup Folder        		1
        DLL Search Order Hijacking        		Cached Domain Credentials14
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items33
        Masquerading        		DCSync2
        Process Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job14
        Virtualization/Sandbox Evasion        		Proc Filesystem2
        System Owner/User Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
        Modify Registry        		/etc/passwd and /etc/shadow1
        Remote System Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
        Access Token Manipulation        		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
        Process Injection        		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1661907 Sample: utorrent_installer.exe Startdate: 10/04/2025 Architecture: WINDOWS Score: 44 146 Multi AV Scanner detection for dropped file 2->146 148 Multi AV Scanner detection for submitted file 2->148 150 Writes many files with high entropy 2->150 152 Yara detected QueryWinSAT ClassID 2->152 8 utorrent_installer.exe 2 2->8         started        11 uTorrent.exe 3 65 2->11         started        15 svchost.exe 2->15         started        17 5 other processes 2->17 process3 dnsIp4 102 C:\Users\user\...\utorrent_installer.tmp, PE32 8->102 dropped 19 utorrent_installer.tmp 5 32 8->19         started        132 176.58.225.152 WIND-ASGR Greece 11->132 134 193.188.252.15 VIDIKONRU unknown 11->134 136 62 other IPs or domains 11->136 104 C:\Users\user\AppData\...\3.6.0_47196.exe, PE32 11->104 dropped 106 C:\Users\user\AppData\...\utorrentie.exe, PE32 11->106 dropped 108 C:\Users\user\AppData\...\3.6.0_47178.exe, PE32 11->108 dropped 110 3 other malicious files 11->110 dropped 160 Writes many files with high entropy 11->160 162 Tries to detect sandboxes / dynamic malware analysis system (registry check) 11->162 24 utorrentie.exe 11->24         started        26 utorrentie.exe 11->26         started        28 utorrentie.exe 11->28         started        30 3 other processes 11->30 164 Changes security center settings (notifications, updates, antivirus, firewall) 15->164 file5 signatures6 process7 dnsIp8 112 108.138.113.135 AMAZON-02US United States 19->112 92 C:\Users\user\AppData\...\uTorrent.exe (copy), PE32 19->92 dropped 94 C:\Users\user\AppData\Local\...\is-K0IT2.tmp, PE32 19->94 dropped 96 C:\Users\...\avg_antivirus_free_setup.exe, PE32 19->96 dropped 98 10 other malicious files 19->98 dropped 154 Writes many files with high entropy 19->154 32 avg_secure_browser_setup.exe 19->32         started        36 uTorrent.exe 1 40 19->36         started        39 saBSI.exe 19->39         started        41 avg_antivirus_free_setup.exe 19->41         started        43 msedgewebview2.exe 24->43         started        156 Found stalling execution ending in API Sleep call 26->156 45 msedgewebview2.exe 26->45         started        47 msedgewebview2.exe 28->47         started        49 msedgewebview2.exe 30->49         started        51 chrome.exe 30->51         started        file9 signatures10 process11 dnsIp12 74 C:\Users\user\AppData\...\thirdparty.dll, PE32 32->74 dropped 76 C:\Users\user\AppData\Local\...\sciterui.dll, PE32 32->76 dropped 78 C:\Users\user\AppData\Local\...\reboot.dll, PE32 32->78 dropped 84 10 other malicious files 32->84 dropped 138 Query firmware table information (likely to detect VMs) 32->138 140 Tries to harvest and steal browser information (history, passwords, etc) 32->140 142 Writes many files with high entropy 32->142 144 Checks if the current machine is a virtual machine (disk enumeration) 32->144 114 52.5.183.94 AMAZON-AESUS United States 36->114 80 C:\Users\user\AppData\...\bt_datachannel.dll, PE32 36->80 dropped 86 5 other malicious files 36->86 dropped 53 utorrent.exe 61 52 36->53         started        88 2 other files (1 malicious) 39->88 dropped 116 216.239.36.178 GOOGLEUS United States 41->116 82 C:\...\avg_antivirus_free_online_setup.exe, PE32 41->82 dropped 90 7 other malicious files 43->90 dropped 58 msedgewebview2.exe 43->58         started        60 msedgewebview2.exe 43->60         started        62 msedgewebview2.exe 43->62         started        68 4 other processes 43->68 64 msedgewebview2.exe 47->64         started        70 2 other processes 47->70 66 msedgewebview2.exe 49->66         started        72 2 other processes 49->72 118 142.251.40.206 GOOGLEUS United States 51->118 120 142.251.41.3 GOOGLEUS United States 51->120 122 6 other IPs or domains 51->122 file13 signatures14 process15 dnsIp16 124 82.221.103.246 THORDC-ASIS Iceland 53->124 100 C:\Users\user\AppData\...\uTorrent.exe, PE32 53->100 dropped 158 Tries to detect sandboxes / dynamic malware analysis system (registry check) 53->158 126 174.137.133.32 WEBAIR-INTERNETUS United States 58->126 128 69.194.242.12 TURN-US-ASNUS United States 58->128 130 22 other IPs or domains 58->130 file17 signatures18

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.