be91a0635cab8be4952c30398671617f9e548f30451172ed0ecd416fdc0aa998

Analysis

max time kernel
83s
max time network
85s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/03/2023, 10:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

utorrent_installer.exe
Size

1.7MB
MD5

bb58fd279a1b991e2bebb1941bb64905
SHA1

71f48cfc2ad7f6faa0cfb9b9424e5564e215a9b0
SHA256

be91a0635cab8be4952c30398671617f9e548f30451172ed0ecd416fdc0aa998
SHA512

e4cbb2099c42220722b9b34288c49f37554b555df885ff4389f7743e19efd2eb9bc57089d333ed030891e3240f7e10ac038c587e7928d794a56b03073cf95ca6
SSDEEP

24576:a4nXubIQGyxbPV0db26sdRr9IThAZymuz7lnAjEHLcfVLKswfsl:aqe3f6e9Zyh71SaLcfxOfsl

Score

8^/10

discovery evasion persistence upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
2016	utorrent_installer.tmp
1764	uTorrent.exe
1344	utorrent.exe
568	uTorrent.exe
1696	utorrentie.exe
988	utorrentie.exe
1332	utorrentie.exe
1988	utorrentie.exe

Identifies Wine through registry keys 2 TTPs 4 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Wine	uTorrent.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Wine	utorrent.exe
Key opened	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Wine	utorrent.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Wine	uTorrent.exe

Loads dropped DLL 26 IoCs

pid	Process
1196	utorrent_installer.exe
2016	utorrent_installer.tmp
2016	utorrent_installer.tmp
1764	uTorrent.exe
1764	uTorrent.exe
1764	uTorrent.exe
1764	uTorrent.exe
1764	uTorrent.exe
1764	uTorrent.exe
1344	utorrent.exe
1344	utorrent.exe
1344	utorrent.exe
1344	utorrent.exe
1344	utorrent.exe
1344	utorrent.exe
1764	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000015c2a-252.dat	upx
behavioral1/files/0x0006000000015c2a-255.dat	upx
behavioral1/memory/1344-263-0x0000000000400000-0x0000000000D1C000-memory.dmp	upx
behavioral1/files/0x0006000000015c2a-264.dat	upx
behavioral1/files/0x0006000000015ce9-272.dat	upx
behavioral1/files/0x0006000000015ce9-275.dat	upx
behavioral1/files/0x0006000000015ce9-279.dat	upx
behavioral1/files/0x0006000000015ce9-283.dat	upx
behavioral1/memory/1344-294-0x0000000000400000-0x0000000000D1C000-memory.dmp	upx
behavioral1/files/0x0006000000015ce9-312.dat	upx
behavioral1/memory/568-325-0x0000000000400000-0x0000000000D1C000-memory.dmp	upx
behavioral1/files/0x0006000000015ce9-329.dat	upx
behavioral1/memory/568-366-0x0000000000400000-0x0000000000D1C000-memory.dmp	upx
behavioral1/memory/568-541-0x0000000000400000-0x0000000000D1C000-memory.dmp	upx
behavioral1/memory/568-871-0x0000000000400000-0x0000000000D1C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run\ut = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe /MINIMIZED"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run	uTorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run\ut = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"	uTorrent.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0"	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF223771-CA3A-11ED-B880-C227D5A71BE4} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000"	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	uTorrent.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1"	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\bittorrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico"	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin\Extension = ".btskin"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrent-appinst	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\FalconBetaAccount\remote_access_client_id = "2643526663"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrent	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME\Database	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Magnet\shell\open	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\bittorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Magnet\shell	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Magnet\shell\ = "open"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\uTorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC"	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Magnet\shell\open\command	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\uTorrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\uTorrent\shell\open	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.torrent\OpenWithProgids	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key\Extension = ".btkey"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\uTorrent\DefaultIcon	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrent-app	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btinstall\Content Type = "application/x-bittorrent-appinst"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\bittorrent\shell\ = "open"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btkey\Content Type = "application/x-bittorrent-key"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\uTorrent.exe\shell\open\command	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\uTorrent.exe\shell\open	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\bittorrent\shell\open	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btskin\ = "uTorrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\uTorrent.exe\shell\ = "open"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btsearch	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btsearch\ = "uTorrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Magnet\ = "Magnet URI"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\bittorrent\shell	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btkey\ = "uTorrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.torrent\ = "uTorrent"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Magnet\DefaultIcon	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btapp\ = "uTorrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btskin\Content Type = "application/x-bittorrent-skin"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btinstall\ = "uTorrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp"	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\bittorrent	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\bittorrent\shell\open\command	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\bittorrent\DefaultIcon	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\uTorrent	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.torrent\OpenWithProgids\uTorrent	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btsearch\Content Type = "application/x-bittorrentsearchdescription+xml"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\uTorrent.exe	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Applications\uTorrent.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\uTorrent\Content Type	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\Magnet\URL Protocol	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btsearch\OpenWithProgids\uTorrent	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btapp	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.btsearch\OpenWithProgids	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\MIME\Database\Content Type\application/x-bittorrent-key	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\FalconBetaAccount	utorrent.exe

Modifies system certificate store 2 TTPs 15 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	utorrent_installer.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	utorrent_installer.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	uTorrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	utorrent_installer.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\801D62D07B449D5C5C035C98EA61FA443C2A58FE\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a030000000100000014000000801d62d07b449d5c5c035c98ea61fa443c2a58fe0b000000010000001000000045006e007400720075007300740000001d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b97053000000010000002400000030223020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c009000000010000005e000000305c06082b0601050507030306082b0601050507030106082b0601050507030206082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b06010505070308060a2b0601040182370a03040f0000000100000014000000f53631b5177626eb6541df5563c8187d9dca421a2000000001000000600400003082045c30820344a00302010202043863b966300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3139313232343138323035315a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3743072301106096086480186f8420101040403020007301f0603551d2304183016801455e481d11180bed889b908a331f9a1240916b970301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970301d06092a864886f67d0741000410300e1b0856352e303a342e3003020490300d06092a864886f70d010105050003820101005947ac21848a17c99c89531eba80851ac63c4e3eb19cb67cc6925d186402e3d3060811617c63e32b9d31037076d2a328a0f4bb9a6373ed6de52adbed14a92bc63611d02beb078ba5da9e5c199d5612f55429c805edb2122a8df4031bffe7921087b03ab5c39d053712a3c7f415b9d5a439169b533a2391f1a882a26a8868c1790222bcaaa6d6aedfb0145fb887d0dd7c7f7bffaf1ccfe6db07ad5edb859dd02b0d33db04d1e64940132b76fb3ee99c890f15ce18b08578214f6b4f0efa3667cd07f2ff08d0e2ded9bf2aafb88786213c04cab794687fcf3ce998d738ffecc0d950f02e4b58ae466fd02ec360da725572bd4c459e61babf84819203d1d2697cc5	uTorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	uTorrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	utorrent_installer.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	utorrent_installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\801D62D07B449D5C5C035C98EA61FA443C2A58FE	uTorrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\801D62D07B449D5C5C035C98EA61FA443C2A58FE\Blob = 040000000100000010000000ba21ea20d6dddb8fc1578b40ada1fcfc0f0000000100000014000000f53631b5177626eb6541df5563c8187d9dca421a09000000010000005e000000305c06082b0601050507030306082b0601050507030106082b0601050507030206082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b06010505070308060a2b0601040182370a030453000000010000002400000030223020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c0b000000010000001000000045006e00740072007500730074000000030000000100000014000000801d62d07b449d5c5c035c98ea61fa443c2a58fe19000000010000001000000091fad483f14848a8a69b18b805cdbb3a2000000001000000600400003082045c30820344a00302010202043863b966300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3139313232343138323035315a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3743072301106096086480186f8420101040403020007301f0603551d2304183016801455e481d11180bed889b908a331f9a1240916b970301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970301d06092a864886f67d0741000410300e1b0856352e303a342e3003020490300d06092a864886f70d010105050003820101005947ac21848a17c99c89531eba80851ac63c4e3eb19cb67cc6925d186402e3d3060811617c63e32b9d31037076d2a328a0f4bb9a6373ed6de52adbed14a92bc63611d02beb078ba5da9e5c199d5612f55429c805edb2122a8df4031bffe7921087b03ab5c39d053712a3c7f415b9d5a439169b533a2391f1a882a26a8868c1790222bcaaa6d6aedfb0145fb887d0dd7c7f7bffaf1ccfe6db07ad5edb859dd02b0d33db04d1e64940132b76fb3ee99c890f15ce18b08578214f6b4f0efa3667cd07f2ff08d0e2ded9bf2aafb88786213c04cab794687fcf3ce998d738ffecc0d950f02e4b58ae466fd02ec360da725572bd4c459e61babf84819203d1d2697cc5	uTorrent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	uTorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	utorrent_installer.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	utorrent_installer.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	utorrent_installer.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\801D62D07B449D5C5C035C98EA61FA443C2A58FE\Blob = 0f0000000100000014000000f53631b5177626eb6541df5563c8187d9dca421a09000000010000005e000000305c06082b0601050507030306082b0601050507030106082b0601050507030206082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b06010505070308060a2b0601040182370a030453000000010000002400000030223020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c0b000000010000001000000045006e00740072007500730074000000030000000100000014000000801d62d07b449d5c5c035c98ea61fa443c2a58fe2000000001000000600400003082045c30820344a00302010202043863b966300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3139313232343138323035315a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3743072301106096086480186f8420101040403020007301f0603551d2304183016801455e481d11180bed889b908a331f9a1240916b970301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970301d06092a864886f67d0741000410300e1b0856352e303a342e3003020490300d06092a864886f70d010105050003820101005947ac21848a17c99c89531eba80851ac63c4e3eb19cb67cc6925d186402e3d3060811617c63e32b9d31037076d2a328a0f4bb9a6373ed6de52adbed14a92bc63611d02beb078ba5da9e5c199d5612f55429c805edb2122a8df4031bffe7921087b03ab5c39d053712a3c7f415b9d5a439169b533a2391f1a882a26a8868c1790222bcaaa6d6aedfb0145fb887d0dd7c7f7bffaf1ccfe6db07ad5edb859dd02b0d33db04d1e64940132b76fb3ee99c890f15ce18b08578214f6b4f0efa3667cd07f2ff08d0e2ded9bf2aafb88786213c04cab794687fcf3ce998d738ffecc0d950f02e4b58ae466fd02ec360da725572bd4c459e61babf84819203d1d2697cc5	uTorrent.exe

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	8	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	16	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1764	uTorrent.exe
1764	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
568	uTorrent.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1344	utorrent.exe
Token: SeManageVolumePrivilege	568	uTorrent.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2016	utorrent_installer.tmp
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe
1824	iexplore.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
568	uTorrent.exe
568	uTorrent.exe
568	uTorrent.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1824	iexplore.exe
1824	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 43 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2016	1196	utorrent_installer.exe	28
PID 1196 wrote to memory of 2016	1196	utorrent_installer.exe	28
PID 1196 wrote to memory of 2016	1196	utorrent_installer.exe	28
PID 1196 wrote to memory of 2016	1196	utorrent_installer.exe	28
PID 1196 wrote to memory of 2016	1196	utorrent_installer.exe	28
PID 1196 wrote to memory of 2016	1196	utorrent_installer.exe	28
PID 1196 wrote to memory of 2016	1196	utorrent_installer.exe	28
PID 2016 wrote to memory of 1764	2016	utorrent_installer.tmp	29
PID 2016 wrote to memory of 1764	2016	utorrent_installer.tmp	29
PID 2016 wrote to memory of 1764	2016	utorrent_installer.tmp	29
PID 2016 wrote to memory of 1764	2016	utorrent_installer.tmp	29
PID 1764 wrote to memory of 1344	1764	uTorrent.exe	32
PID 1764 wrote to memory of 1344	1764	uTorrent.exe	32
PID 1764 wrote to memory of 1344	1764	uTorrent.exe	32
PID 1764 wrote to memory of 1344	1764	uTorrent.exe	32
PID 2016 wrote to memory of 568	2016	utorrent_installer.tmp	35
PID 2016 wrote to memory of 568	2016	utorrent_installer.tmp	35
PID 2016 wrote to memory of 568	2016	utorrent_installer.tmp	35
PID 2016 wrote to memory of 568	2016	utorrent_installer.tmp	35
PID 568 wrote to memory of 1696	568	uTorrent.exe	37
PID 568 wrote to memory of 1696	568	uTorrent.exe	37
PID 568 wrote to memory of 1696	568	uTorrent.exe	37
PID 568 wrote to memory of 1696	568	uTorrent.exe	37
PID 568 wrote to memory of 988	568	uTorrent.exe	38
PID 568 wrote to memory of 988	568	uTorrent.exe	38
PID 568 wrote to memory of 988	568	uTorrent.exe	38
PID 568 wrote to memory of 988	568	uTorrent.exe	38
PID 568 wrote to memory of 1824	568	uTorrent.exe	39
PID 568 wrote to memory of 1824	568	uTorrent.exe	39
PID 568 wrote to memory of 1824	568	uTorrent.exe	39
PID 568 wrote to memory of 1824	568	uTorrent.exe	39
PID 1824 wrote to memory of 1276	1824	iexplore.exe	40
PID 1824 wrote to memory of 1276	1824	iexplore.exe	40
PID 1824 wrote to memory of 1276	1824	iexplore.exe	40
PID 1824 wrote to memory of 1276	1824	iexplore.exe	40
PID 568 wrote to memory of 1332	568	uTorrent.exe	43
PID 568 wrote to memory of 1332	568	uTorrent.exe	43
PID 568 wrote to memory of 1332	568	uTorrent.exe	43
PID 568 wrote to memory of 1332	568	uTorrent.exe	43
PID 568 wrote to memory of 1988	568	uTorrent.exe	44
PID 568 wrote to memory of 1988	568	uTorrent.exe	44
PID 568 wrote to memory of 1988	568	uTorrent.exe	44
PID 568 wrote to memory of 1988	568	uTorrent.exe	44

C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe
"C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Users\Admin\AppData\Local\Temp\is-4NCK0.tmp\utorrent_installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4NCK0.tmp\utorrent_installer.tmp" /SL5="$90122,874637,815104,C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\is-CHPDI.tmp\uTorrent.exe
    "C:\Users\Admin\AppData\Local\Temp\is-CHPDI.tmp\uTorrent.exe" /S /FORCEINSTALL 1110010101111110
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\utorrent\utorrent.exe
      "C:\Users\Admin\AppData\Local\Temp\utorrent\utorrent.exe" /S /FORCEINSTALL 1110010101111110
      4⤵
      Executes dropped EXE
      Identifies Wine through registry keys
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:1344
- - C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
    "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"
    3⤵
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies Internet Explorer settings
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:568
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_46716\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_46716\utorrentie.exe" uTorrent_568_00F798E0_333419409 µTorrent4823DF041B09 uTorrent ie unp
      4⤵
      Executes dropped EXE
      PID:1696
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_46716\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_46716\utorrentie.exe" uTorrent_568_00F79F58_1451987146 µTorrent4823DF041B09 uTorrent ie unp
      4⤵
      Executes dropped EXE
      PID:988
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e46716&pv=0.0.0.0.0
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1824
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1276
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_46716\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_46716\utorrentie.exe" uTorrent_568_00F7AC48_120878850 µTorrent4823DF041B09 uTorrent ie unp
      4⤵
      Executes dropped EXE
      PID:1332
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_46716\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_46716\utorrentie.exe" uTorrent_568_00F7AE70_1812020855 µTorrent4823DF041B09 uTorrent ie unp
      4⤵
      Executes dropped EXE
      PID:1988

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
1⤵
PID:1492

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
1⤵
PID:920

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
1⤵
PID:884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38458085ec77eecc4b7cf4094ae3c69c

SHA1
191b70e029245df788a884d58c5d4ce5183e44d1

SHA256
879cf6542f6c126718f2d6e8fd43d4052bc25ec370df77d6071b89f418244fc3

SHA512
c5cc85b4a254c3d914fb792280f24884b601ea55915e52535bb3e45e25d7623873429d538d999880bd1541c22d4f12d7e57f0ee081914cd3c32449c122c9f97a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
155e44844f805602dc00604b9fb385f3

SHA1
8920dcb016ae41096584fbea002b993a57d082c4

SHA256
53b7b68d278e1f84fdd9aa5f77915cb69b7ce45b5a3ab1808bdd59b5846588b9

SHA512
132417b251e8457bc46ad0d9824e982af2344db9d268635c3696a1ae3a504efea09d9a16ada67d98e50168a90882f579c2f41df2ab2de655907cbada3989304d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f95d3e865bccd06f268c75b5e5b1e125

SHA1
e5f25de815c8b72f53d2db848a7bfcc3b10e6105

SHA256
31c5b146d9770a381a07db42fe36e4529633bf505db6eca45dbcd8d9a5ddf44a

SHA512
ddb5a224ec67b2bb22f2088fcb83808ad90a839b99b6001b57b71ca709a7621d02755ee1bcacbfd2aa9a169a6ec0063d026ae3d138c030d1f452fcebe9d66d0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36520c195409c226531a2bc44043d338

SHA1
ffbf68ceb96d032bdc977b33a2ddcf144d4c5368

SHA256
6cbd566466470fa7f637cac35deb4ba02e441ee2bf0fc25ae63a8c4bd962e676

SHA512
d2f88f48cee959313497280cb3677c2346518e533a6524efe38ea750c72bc453b8a54ea726a7a8ce5a7a55e69749108d2e60457f92c4374beb081d20dc0e3a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a40fbc34cf54529cca45226d6772beb7

SHA1
f8a805078a90071a01db4552d0583d1baf13ad31

SHA256
f8a88f6924882d2857fdfe84e3acba9f923c205e2cda32ddb18fad407081b762

SHA512
33e3f81f78020bd4478941ab2f76704020518cfe81d94dc5992725c5d046d8f5216d0cb9d9d1964348d150b121e6dafcf831fe048b265fe251de66fd70c29890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfac3c1956d0d9b21fc1777d424ad0bb

SHA1
090a00d96ae2398bdbafd992cd6c5d8ccf09e69b

SHA256
e13ce8971d0436f2d56bab706d04caa45cee9e2c17e01e8db1c8405eb681aefe

SHA512
5e244a1e42f3adc8b1d1a5179f1ec22cc1f230f39ca878db9134a67a42302c731ef6dc36da94de15ef45966bb03ef4e77388e6e2ae9597398c64ca953a586d15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66b295e8a8f0fb960b8c0b9e9f5ece1f

SHA1
af9996bd0025f78b4f1969cb40c49d28c1c28802

SHA256
8f6a9e4345ec0f5a43d21740f1e936129eb10e025d2675ea43b9aeb2dc3b7b0d

SHA512
ea67119ab59006933e777857abb4145dce8d96c8c3b4f6c3ef6df2598d377dc2465a7890eb5313b9beb30e705a32f66d303f78ce143826b9044e477e93468f19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dabbbc2802ff0b67c65052596adc8e7

SHA1
0831587a5a16f67af34eca66d861e306da51fb1c

SHA256
a98c94057931de0a8a4d6525c9ad0c2b0f70d6a5604845143d5812e2c79ccd54

SHA512
38d1c7648a7d9c9bbc1391c6fac7126d992cc757ec779020051b74ec0e1aa6b57ac3d6269a428a2ca48d5bae29280b20537721a1a16fb6c25e54e3c098e8664b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad77cd105ee59d805efbb3bc735214f4

SHA1
5f3bdcd987028b00cd5b40ca59aa67f6b3c4e9c0

SHA256
ceaa24ee349025df5adc24a3a0336d36a324a9bb2ecaee110fb0ac90dd17cb85

SHA512
e6288e360ca606dfd8fbfdaa5cf8a8a54627af7c0aace7e99414a668e5d990406fd50863d06e837ded78a8a2456fbfeaf9a07ce91f2a8d8a293f9db92ab57d04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a251c2435c72c42b69990e6cbbff950

SHA1
18734c887be64c9b8acbd16471ba5343fb646227

SHA256
bfc4e322df6c361a4be0f6b92e4452184f8740eacb94c304b305d22306987d6d

SHA512
eee472ad180ef022863a90516f9f663b8cd62193c67f589bb13a0fb08c6ddad5ea2d5702b5db5438cedcc25679d63ce81c0011e813761ce7e7019ffeedb91ad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0371867abd142a9de450d966a8077e31

SHA1
a2de88ce8a6653009c8fcf7f073ec5d16700eda0

SHA256
c61478083ce2afd1c22d980d96124c473ceedf09908ad893e89a63c4076f56f9

SHA512
11ce8f06ca74e37a8c59737c2a95a4b3f32ae65d8e115258fd52f32c64743615aea55cf70d5350faf7d2ca115cbd1657855f5817240141367dccc7532b649c8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1b5ba34bd81495afb37cdf3013e694e

SHA1
d4e94eca9309235ed0b0a367c325b4e8d391770f

SHA256
d2152a744acdeb24e476e4d08ac3eba3e3ee00fc43612f0b0f8511ce3bbe1dcf

SHA512
61e9556f43752177f6a4da0428d642520384e824772b0852bc024f6aca04ad9b0e667b33f7db194b58bbac41659900c4c91d81a7025e81773a7a932725ad4e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8462e933a2b13b0279bd9bcd7890bdb

SHA1
b2c43e7d6c5a13191739c15c1dee71102629c9d3

SHA256
f33985f4c64bbdec100e549364c8732badea9732bb0a6f599c0a467b903ae7be

SHA512
2fbdaf6c6b577ca0c7bddebdf7893c1eda0aff2770ab8cd47e1feda040c496dff8ba07a41fffaa36cfdbfc6371542585826e72452d9fc0bb780d1893d91133b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb473f5ca10817c1b41c7a62b0a676be

SHA1
e641495ce94e1368e5cd7e7aed6a8496c4a6825c

SHA256
467f67a0e1f8ed72f8fb0ba07b4601beb0cc61d2975f54daa1e3696c0b573fa9

SHA512
80448c975063d8a79f2c2d24ab2adc67f0c86da68960533788de12c7ac6d8081b74263cd6f16972446ea6143082ae9eb80cec4ff0197976949194d6c94cc5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1AD9.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4NCK0.tmp\utorrent_installer.tmp

Filesize
3.0MB

MD5
bee3a3ae058047dbe5d147b30d11c331

SHA1
3eba7c30a4bded07d58cf057781a4348a8313942

SHA256
1ff0cefbfe0905f845ef0e0f2f2b20d5f131ae126ba4acfbd368a6be879dd5c7

SHA512
b8128e25e45419a3fbef7874335ad25d959a7eb491545c819fcd7d48357e26b4df78452dbda7295a27c68dd7f1dd4c72b90b4ffa817be84535426f3fca37ba3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CHPDI.tmp\Logo.png

Filesize
7KB

MD5
5424804c80db74e1304535141a5392c6

SHA1
6d749f3b59672b0c243690811ec3240ff2eced8e

SHA256
9b7e2ea77e518b50e5dd78e0faec509e791949a7c7f360a967c9ee204a8f1412

SHA512
6c7364b9693ce9cbbdbca60ecef3911dfe3d2d836252d7650d34506d2aa41fc5892028ba93f2619caf7edb06576fddae7e5f91f5844b5c3a47f54ca39f84cc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CHPDI.tmp\uTorrent.exe

Filesize
16.0MB

MD5
db5a4011b86ce680fc16120b8b2fdaba

SHA1
242a0c539ec1f3bf7755be69386a6213af61d580

SHA256
70d8024dbe50a74714ac6a2e316e0c3f58fe7db94c2ac2e6ccd513759e4bd386

SHA512
1502bca6ca1f87e466c58f8e8449712a81d3151919e208e9a25907929b7594e92f0268436ef80f395fe7b36a7d132d6f891b65081889be09eca287896bee62f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CHPDI.tmp\uTorrent.exe

Filesize
16.0MB

MD5
db5a4011b86ce680fc16120b8b2fdaba

SHA1
242a0c539ec1f3bf7755be69386a6213af61d580

SHA256
70d8024dbe50a74714ac6a2e316e0c3f58fe7db94c2ac2e6ccd513759e4bd386

SHA512
1502bca6ca1f87e466c58f8e8449712a81d3151919e208e9a25907929b7594e92f0268436ef80f395fe7b36a7d132d6f891b65081889be09eca287896bee62f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CHPDI.tmp\uTorrent.exe

Filesize
16.0MB

MD5
db5a4011b86ce680fc16120b8b2fdaba

SHA1
242a0c539ec1f3bf7755be69386a6213af61d580

SHA256
70d8024dbe50a74714ac6a2e316e0c3f58fe7db94c2ac2e6ccd513759e4bd386

SHA512
1502bca6ca1f87e466c58f8e8449712a81d3151919e208e9a25907929b7594e92f0268436ef80f395fe7b36a7d132d6f891b65081889be09eca287896bee62f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy9713.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy9713.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy9713.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy9713.tmp\nsisFirewall.dll

Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Local\Temp\utorrent\datachannel.dll

Filesize
1.3MB

MD5
a66e57bc9944aa9a77637cf128a6cdd9

SHA1
43825d7240f4ad8173eda05ef2482ce8db231e9f

SHA256
9aebb962e38cfd5197cdaefc6d4b057792d5775a1428d20f505671c162ba7265

SHA512
2a93371ccf4a0a6922618fc28ba1cec652688c89159e75e55c219dad3a8be1bebf5016ca1c6a40f418207f5b854832850ea34bc9239092207df8e3063c5fee7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\utorrent\libcrypto-3.dll

Filesize
3.6MB

MD5
a6ad50c212af59dd55540c0f2d0aa726

SHA1
790987aba7e05bf7ef3112ea3c281b89f95bc9ed

SHA256
fe0d5ae8d42c622fcbff51ba0f5f33a1e46413f98993e7d216f7b463887f399c

SHA512
2b253ffe0edd35bb0fe822c81daeb206509b01c28a05d2d8f82273ce7f702adfcc5481c00ea0c2fc96db6a891a370ded7aec6c41f4f5e7313c3f8172481b865c

Download Submit
C:\Users\Admin\AppData\Local\Temp\utorrent\libssl-3.dll

Filesize
605KB

MD5
f0a84546ec2e90432b4640602b955dc0

SHA1
51deb3ad7d178c043084160a58fe4a3b9ae0bb97

SHA256
e036ede168df29fe641519dee38f62048f5992adeb3aafc65fd353db52280326

SHA512
d292ffe34893d16a93a282a1fefb3298e3cd605e54784bcd37c70d4e9b66d40b33a292337dcd741bab6425158d18f800fd5d942120d770cecbb022ccf4601ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\utorrent\utorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\utorrent\utorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3430344531-3702557399-3004411149-1000\1f91d2d17ea675d4c2c3192e241743f9_292417f2-0fed-4ad3-b090-e0c692cff81f

Filesize
1KB

MD5
6e0e86c1d70ea61de8f65c745bb6f091

SHA1
eac0b920e807d16a2df10ce60dd759890c95b3f8

SHA256
4e1e181b111bbc50dd0a6e2e297871ea9df219810522c05fd27b364245760252

SHA512
4a944ed7a52e06c80ba5c1b3cd4e6dfc4240c99f768855b1379c38649e9f6624ab81702ef3bbb7ba7846a7651a4b8e427680aa88817cee46dbe2d6d28467c80a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NDM4VO8M.txt

Filesize
89B

MD5
c5dc9b035b53c65f69dc167237e28607

SHA1
d426430d11cd912f7106a442892465d2f657b76f

SHA256
5c9443acd39a45cb0058506f72fd82ce24bb07338f3d8fa09cb090bee4f1bdf0

SHA512
add4d546003797ef84ca9823ea3e7a179207cf01dff61bb30893bd9f0d0946f8ec61f9dbc1aaaeea2ee549a6c7e4ecf0c3fe75f08cb958e2b2b65988e3a9495f

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\datachannel.dll

Filesize
1.3MB

MD5
a66e57bc9944aa9a77637cf128a6cdd9

SHA1
43825d7240f4ad8173eda05ef2482ce8db231e9f

SHA256
9aebb962e38cfd5197cdaefc6d4b057792d5775a1428d20f505671c162ba7265

SHA512
2a93371ccf4a0a6922618fc28ba1cec652688c89159e75e55c219dad3a8be1bebf5016ca1c6a40f418207f5b854832850ea34bc9239092207df8e3063c5fee7d

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\libcrypto-3.dll

Filesize
3.6MB

MD5
a6ad50c212af59dd55540c0f2d0aa726

SHA1
790987aba7e05bf7ef3112ea3c281b89f95bc9ed

SHA256
fe0d5ae8d42c622fcbff51ba0f5f33a1e46413f98993e7d216f7b463887f399c

SHA512
2b253ffe0edd35bb0fe822c81daeb206509b01c28a05d2d8f82273ce7f702adfcc5481c00ea0c2fc96db6a891a370ded7aec6c41f4f5e7313c3f8172481b865c

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\libssl-3.dll

Filesize
605KB

MD5
f0a84546ec2e90432b4640602b955dc0

SHA1
51deb3ad7d178c043084160a58fe4a3b9ae0bb97

SHA256
e036ede168df29fe641519dee38f62048f5992adeb3aafc65fd353db52280326

SHA512
d292ffe34893d16a93a282a1fefb3298e3cd605e54784bcd37c70d4e9b66d40b33a292337dcd741bab6425158d18f800fd5d942120d770cecbb022ccf4601ae2

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat

Filesize
8KB

MD5
dd2e514a6f827c4f98cd00e8afb0af84

SHA1
46031943b02045eff5a8352174daa608a42bf9cd

SHA256
7ba339a12874e32cce8e90a34df2b1a583f8bb1c3cddf16ddcab5a2af7500ad5

SHA512
b2344cd0f73137da4d49e5509861babdafa1c8d73f6034e8695d8ae2666eb8d72f5516475212484f7f8af4be70c127f6be67551b4be84f5e85b86698d2ce1a9d

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\uTorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\uTorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46738.exe

Filesize
8.4MB

MD5
44654a1a643107b019913032fefdb0db

SHA1
092ac6975f2221585071e09a6893ab19a649f0ce

SHA256
a8e963ff808373982910bd7e7904556cf19ed1399f42f36dc2ec602795f67662

SHA512
b853e4fdd04255531bd58b2cc3cf9ce6d52a588d4df0e4b14fab566603fb668d02c963ba4093524c37555b93d8bd36be7ade3ce587141ae57580b7c16d1c2c10

Download Submit
\Users\Admin\AppData\Local\Temp\is-4NCK0.tmp\utorrent_installer.tmp

Filesize
3.0MB

MD5
bee3a3ae058047dbe5d147b30d11c331

SHA1
3eba7c30a4bded07d58cf057781a4348a8313942

SHA256
1ff0cefbfe0905f845ef0e0f2f2b20d5f131ae126ba4acfbd368a6be879dd5c7

SHA512
b8128e25e45419a3fbef7874335ad25d959a7eb491545c819fcd7d48357e26b4df78452dbda7295a27c68dd7f1dd4c72b90b4ffa817be84535426f3fca37ba3e

Download Submit
\Users\Admin\AppData\Local\Temp\is-CHPDI.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-CHPDI.tmp\uTorrent.exe

Filesize
16.0MB

MD5
db5a4011b86ce680fc16120b8b2fdaba

SHA1
242a0c539ec1f3bf7755be69386a6213af61d580

SHA256
70d8024dbe50a74714ac6a2e316e0c3f58fe7db94c2ac2e6ccd513759e4bd386

SHA512
1502bca6ca1f87e466c58f8e8449712a81d3151919e208e9a25907929b7594e92f0268436ef80f395fe7b36a7d132d6f891b65081889be09eca287896bee62f0

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9713.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9713.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9713.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9713.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9713.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsy9713.tmp\nsisFirewall.dll

Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
\Users\Admin\AppData\Local\Temp\utorrent\datachannel.dll

Filesize
1.3MB

MD5
a66e57bc9944aa9a77637cf128a6cdd9

SHA1
43825d7240f4ad8173eda05ef2482ce8db231e9f

SHA256
9aebb962e38cfd5197cdaefc6d4b057792d5775a1428d20f505671c162ba7265

SHA512
2a93371ccf4a0a6922618fc28ba1cec652688c89159e75e55c219dad3a8be1bebf5016ca1c6a40f418207f5b854832850ea34bc9239092207df8e3063c5fee7d

Download Submit
\Users\Admin\AppData\Local\Temp\utorrent\libcrypto-3.dll

Filesize
3.6MB

MD5
a6ad50c212af59dd55540c0f2d0aa726

SHA1
790987aba7e05bf7ef3112ea3c281b89f95bc9ed

SHA256
fe0d5ae8d42c622fcbff51ba0f5f33a1e46413f98993e7d216f7b463887f399c

SHA512
2b253ffe0edd35bb0fe822c81daeb206509b01c28a05d2d8f82273ce7f702adfcc5481c00ea0c2fc96db6a891a370ded7aec6c41f4f5e7313c3f8172481b865c

Download Submit
\Users\Admin\AppData\Local\Temp\utorrent\libssl-3.dll

Filesize
605KB

MD5
f0a84546ec2e90432b4640602b955dc0

SHA1
51deb3ad7d178c043084160a58fe4a3b9ae0bb97

SHA256
e036ede168df29fe641519dee38f62048f5992adeb3aafc65fd353db52280326

SHA512
d292ffe34893d16a93a282a1fefb3298e3cd605e54784bcd37c70d4e9b66d40b33a292337dcd741bab6425158d18f800fd5d942120d770cecbb022ccf4601ae2

Download Submit
\Users\Admin\AppData\Local\Temp\utorrent\utorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
\Users\Admin\AppData\Roaming\utorrent\datachannel.dll

Filesize
1.3MB

MD5
a66e57bc9944aa9a77637cf128a6cdd9

SHA1
43825d7240f4ad8173eda05ef2482ce8db231e9f

SHA256
9aebb962e38cfd5197cdaefc6d4b057792d5775a1428d20f505671c162ba7265

SHA512
2a93371ccf4a0a6922618fc28ba1cec652688c89159e75e55c219dad3a8be1bebf5016ca1c6a40f418207f5b854832850ea34bc9239092207df8e3063c5fee7d

Download Submit
\Users\Admin\AppData\Roaming\utorrent\libcrypto-3.dll

Filesize
3.6MB

MD5
a6ad50c212af59dd55540c0f2d0aa726

SHA1
790987aba7e05bf7ef3112ea3c281b89f95bc9ed

SHA256
fe0d5ae8d42c622fcbff51ba0f5f33a1e46413f98993e7d216f7b463887f399c

SHA512
2b253ffe0edd35bb0fe822c81daeb206509b01c28a05d2d8f82273ce7f702adfcc5481c00ea0c2fc96db6a891a370ded7aec6c41f4f5e7313c3f8172481b865c

Download Submit
\Users\Admin\AppData\Roaming\utorrent\libssl-3.dll

Filesize
605KB

MD5
f0a84546ec2e90432b4640602b955dc0

SHA1
51deb3ad7d178c043084160a58fe4a3b9ae0bb97

SHA256
e036ede168df29fe641519dee38f62048f5992adeb3aafc65fd353db52280326

SHA512
d292ffe34893d16a93a282a1fefb3298e3cd605e54784bcd37c70d4e9b66d40b33a292337dcd741bab6425158d18f800fd5d942120d770cecbb022ccf4601ae2

Download Submit
\Users\Admin\AppData\Roaming\utorrent\uTorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
\Users\Admin\AppData\Roaming\utorrent\uTorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
\Users\Admin\AppData\Roaming\utorrent\uTorrent.exe

Filesize
2.6MB

MD5
dabe3bd054cd2268b23a42a49acd2ac9

SHA1
0ed81ad1371eb5651e79b0e4c3fb95a45093d25a

SHA256
cd7681bc3495a1746a84c0b2e4dece79c9e4ae478be859ff4771795a9a765063

SHA512
1eb2cad9acabd1867c35c68aabd67f5bd5fb6ff57d77673de84da7ad72433919f1862a8d1b2345b1e7e1563d49c583b1ae3096078c815fb5fb469573ddf5d83e

Download Submit
\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46716\utorrentie.exe

Filesize
407KB

MD5
ac3aa3016d9b5759376edbb332dc8954

SHA1
b1d03fd9d82bf8ecfb5d63de7a6f1c4db5d7f88e

SHA256
db9cec3aab02ae12bd2346f5f25c2c34d32ae6a3eac75208a310f009eb1ea110

SHA512
9899b45b6fc584a77294b62b86d89b82326b3e73f84001f3387042911434399597c722a10eab44f091d947c1d61820737e0d1405f5ed5d77ad7ddc3821a41b27

Download Submit
\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46738.exe

Filesize
16.0MB

MD5
fd42379761a5dda477083ebfb172286b

SHA1
ea13b18ee5aef3dd9680bfd3d7a31b178083986f

SHA256
9a27f17d859d7f60a26030c7a0ef3698ffa0ff5ff4230963e52ab79a6a4dacdf

SHA512
d07ceb5406f28ee7307a2f584bb401be7542d135090b034a3f5c41c5fcddf6df75d221d2e7638d26e45d4cebd0cda939fba08929cd4a9be4f478b75011ce0e53

Download Submit
\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_46738.exe

Filesize
16.0MB

MD5
fd42379761a5dda477083ebfb172286b

SHA1
ea13b18ee5aef3dd9680bfd3d7a31b178083986f

SHA256
9a27f17d859d7f60a26030c7a0ef3698ffa0ff5ff4230963e52ab79a6a4dacdf

SHA512
d07ceb5406f28ee7307a2f584bb401be7542d135090b034a3f5c41c5fcddf6df75d221d2e7638d26e45d4cebd0cda939fba08929cd4a9be4f478b75011ce0e53

Download Submit
memory/568-871-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/568-366-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/568-325-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/568-541-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1196-54-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/1196-196-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/1196-327-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/1344-290-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/1344-263-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1344-288-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/1344-289-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/1344-294-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1764-256-0x0000000004150000-0x0000000004A6C000-memory.dmp

Filesize
9.1MB

Download
memory/2016-199-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2016-198-0x00000000036A0000-0x00000000036AF000-memory.dmp

Filesize
60KB

Download
memory/2016-197-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/2016-309-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/2016-201-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/2016-324-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/2016-212-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/2016-190-0x00000000036A0000-0x00000000036AF000-memory.dmp

Filesize
60KB

Download
memory/2016-64-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download