bf4ee47d0df1870104f4fada8a68c2fb29e94fea9284c7bb6a6b385a718d8a18

Analysis

max time kernel
219s
max time network
224s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21/07/2024, 12:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

utorrent_installer.exe
Size

1.7MB
MD5

241ce365f228ee5f74d81b3fea14e09a
SHA1

700b05506dd3eebb4b87ff545f6d2bb6af6a3ae3
SHA256

bf4ee47d0df1870104f4fada8a68c2fb29e94fea9284c7bb6a6b385a718d8a18
SHA512

bf3756fb2b037a10592498f08e6eb3bad8f50da4ff9e96703e646a69ea1481e6801023abb3b1aae923fb2c68bb21ae5bb50f8e675b57ff90504c8e7ee8f81593
SSDEEP

49152:9BuZrEUT97LZxMPrlDZFBmS06nIJOZobMP:LkLp/ZSr97Bmb6naO6bs

Score

7^/10

discovery evasion upx

Malware Config

Signatures

Identifies Wine through registry keys 2 TTPs 4 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\Software\Wine	uTorrent.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Wine	utorrent.exe
Key opened	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\Software\Wine	utorrent.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Wine	uTorrent.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002aa0a-127.dat	upx
behavioral1/memory/3528-135-0x0000000000400000-0x00000000009C3000-memory.dmp	upx
behavioral1/memory/3528-153-0x0000000000400000-0x00000000009C3000-memory.dmp	upx
behavioral1/memory/2160-177-0x0000000000400000-0x00000000009C3000-memory.dmp	upx

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	utorrent_installer.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\SOFTWARE\AVG\AV\Dir	utorrent_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	utorrent_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	utorrent_installer.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\SOFTWARE\AVAST Software\Avast	utorrent_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	utorrent_installer.tmp

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 9 IoCs

pid	Process
1496	utorrent_installer.tmp
2188	uTorrent.exe
3528	utorrent.exe
2160	uTorrent.exe
4880	utorrentie.exe
2800	utorrentie.exe
4844	utorrentie.exe
3728	utorrentie.exe
5852	utorrentie.exe

Loads dropped DLL 9 IoCs

pid	Process
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
2188	uTorrent.exe
2188	uTorrent.exe
2188	uTorrent.exe
2188	uTorrent.exe
3528	utorrent.exe
2188	uTorrent.exe
2160	uTorrent.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	uTorrent.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	uTorrent.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	uTorrent.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	uTorrent.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	utorrent_installer.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	utorrent_installer.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION	uTorrent.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0"	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	uTorrent.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000"	uTorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	uTorrent.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1"	uTorrent.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.torrent	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\uTorrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.torrent\Content Type = "application/x-bittorrent"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\DefaultIcon	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\uTorrent\DefaultIcon	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\Content Type = "application/x-bittorrent-protocol"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btapp\ = "uTorrent"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btkey	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Magnet\shell\ = "open"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btinstall\ = "uTorrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.torrent\ = "uTorrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btapp\Content Type = "application/x-bittorrent-app"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Applications\uTorrent.exe\shell\open\command	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\FalconBetaAccount\remote_access_client_id = "5916920957"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\uTorrent\shell\open\command	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btsearch\Content Type = "application/x-bittorrentsearchdescription+xml"	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\URL Protocol	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico"	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp"	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key\Extension = ".btkey"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Applications\uTorrent.exe	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Applications\uTorrent.exe\shell\open	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\FalconBetaAccount	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\uTorrent\shell\open	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Magnet\shell\open\command	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\shell\open\command	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app\Extension = ".btapp"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Applications\uTorrent.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC"	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.torrent\OpenWithProgids	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btskin\Content Type = "application/x-bittorrent-skin"	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin\Extension = ".btskin"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\uTorrent\Content Type\ = "application/x-bittorrent"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Magnet\Content Type = "application/x-magnet"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Magnet\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\maindoc.ico"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btsearch\OpenWithProgids	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Applications	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\Extension = ".btsearch"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Magnet\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\ = "bittorrent URI"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btkey\Content Type = "application/x-bittorrent-key"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btsearch\OpenWithProgids\uTorrent	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Applications\uTorrent.exe\shell	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\uTorrent\shell\ = "open"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\shell	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\bittorrent\shell\ = "open"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btskin	utorrent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\Extension = ".btinstall"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\uTorrent	utorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\uTorrent\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" \"%1\" /SHELLASSOC"	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.btsearch\ = "uTorrent"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\Applications\uTorrent.exe\shell\ = "open"	utorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\MIME\Database\Content Type\application/x-bittorrent	utorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1210443139-7911939-2760828654-1000_Classes\.torrent\OpenWithProgids\uTorrent	utorrent.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	14	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
1496	utorrent_installer.tmp
2160	uTorrent.exe
2160	uTorrent.exe
2800	utorrentie.exe
2800	utorrentie.exe
4844	utorrentie.exe
4844	utorrentie.exe
2260	msedgewebview2.exe
2260	msedgewebview2.exe
1044	msedgewebview2.exe
1044	msedgewebview2.exe
4912	msedgewebview2.exe
4912	msedgewebview2.exe
2956	msedgewebview2.exe
2956	msedgewebview2.exe
1004	msedge.exe
1004	msedge.exe
2576	msedge.exe
2576	msedge.exe
4844	utorrentie.exe
4844	utorrentie.exe
4844	utorrentie.exe
4844	utorrentie.exe
2800	utorrentie.exe
2800	utorrentie.exe
4844	utorrentie.exe
4844	utorrentie.exe
2800	utorrentie.exe
2800	utorrentie.exe
2800	utorrentie.exe
2800	utorrentie.exe
6056	msedgewebview2.exe
6056	msedgewebview2.exe
2800	utorrentie.exe
2800	utorrentie.exe
2468	msedgewebview2.exe
2468	msedgewebview2.exe
4844	utorrentie.exe
4844	utorrentie.exe
2800	utorrentie.exe
2800	utorrentie.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2328	msedgewebview2.exe
2576	msedge.exe
2328	msedgewebview2.exe
2328	msedgewebview2.exe
2328	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3528	utorrent.exe
Token: SeManageVolumePrivilege	2160	uTorrent.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1496	utorrent_installer.tmp
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2160	uTorrent.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2328	msedgewebview2.exe
2328	msedgewebview2.exe
2328	msedgewebview2.exe
2576	msedge.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2160	uTorrent.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe
2160	uTorrent.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4616	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 1496	4572	utorrent_installer.exe	78
PID 4572 wrote to memory of 1496	4572	utorrent_installer.exe	78
PID 4572 wrote to memory of 1496	4572	utorrent_installer.exe	78
PID 1496 wrote to memory of 2188	1496	utorrent_installer.tmp	80
PID 1496 wrote to memory of 2188	1496	utorrent_installer.tmp	80
PID 1496 wrote to memory of 2188	1496	utorrent_installer.tmp	80
PID 2188 wrote to memory of 3528	2188	uTorrent.exe	81
PID 2188 wrote to memory of 3528	2188	uTorrent.exe	81
PID 2188 wrote to memory of 3528	2188	uTorrent.exe	81
PID 1496 wrote to memory of 2160	1496	utorrent_installer.tmp	84
PID 1496 wrote to memory of 2160	1496	utorrent_installer.tmp	84
PID 1496 wrote to memory of 2160	1496	utorrent_installer.tmp	84
PID 2160 wrote to memory of 4880	2160	uTorrent.exe	85
PID 2160 wrote to memory of 4880	2160	uTorrent.exe	85
PID 2160 wrote to memory of 4880	2160	uTorrent.exe	85
PID 4880 wrote to memory of 2228	4880	utorrentie.exe	86
PID 4880 wrote to memory of 2228	4880	utorrentie.exe	86
PID 2228 wrote to memory of 1640	2228	msedgewebview2.exe	87
PID 2228 wrote to memory of 1640	2228	msedgewebview2.exe	87
PID 2160 wrote to memory of 2800	2160	uTorrent.exe	88
PID 2160 wrote to memory of 2800	2160	uTorrent.exe	88
PID 2160 wrote to memory of 2800	2160	uTorrent.exe	88
PID 2160 wrote to memory of 4844	2160	uTorrent.exe	89
PID 2160 wrote to memory of 4844	2160	uTorrent.exe	89
PID 2160 wrote to memory of 4844	2160	uTorrent.exe	89
PID 2800 wrote to memory of 856	2800	utorrentie.exe	90
PID 2800 wrote to memory of 856	2800	utorrentie.exe	90
PID 856 wrote to memory of 2136	856	msedgewebview2.exe	91
PID 856 wrote to memory of 2136	856	msedgewebview2.exe	91
PID 4844 wrote to memory of 2328	4844	utorrentie.exe	92
PID 4844 wrote to memory of 2328	4844	utorrentie.exe	92
PID 2328 wrote to memory of 4280	2328	msedgewebview2.exe	93
PID 2328 wrote to memory of 4280	2328	msedgewebview2.exe	93
PID 2160 wrote to memory of 3728	2160	uTorrent.exe	94
PID 2160 wrote to memory of 3728	2160	uTorrent.exe	94
PID 2160 wrote to memory of 3728	2160	uTorrent.exe	94
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95
PID 856 wrote to memory of 408	856	msedgewebview2.exe	95

C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe
"C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Users\Admin\AppData\Local\Temp\is-IL1RC.tmp\utorrent_installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-IL1RC.tmp\utorrent_installer.tmp" /SL5="$5027A,875149,815616,C:\Users\Admin\AppData\Local\Temp\utorrent_installer.exe"
  2⤵
  - Checks for any installed AV software in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\is-770SN.tmp\uTorrent.exe
    "C:\Users\Admin\AppData\Local\Temp\is-770SN.tmp\uTorrent.exe" /S /FORCEINSTALL 1110000101110100
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\nsx85DC.tmp\utorrent.exe
      "C:\Users\Admin\AppData\Local\Temp\nsx85DC.tmp\utorrent.exe" /S /FORCEINSTALL 1110000101110100
      4⤵
      Identifies Wine through registry keys
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:3528
- - C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
    "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"
    3⤵
    - Identifies Wine through registry keys
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks SCSI registry key(s)
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2160
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe" uTorrent_2160_00CDA038_120642431 µTorrent4823DF041B09 uTorrent ce unp
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4880
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4880.4752.6493027940322138439
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2228
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x114,0x7fffa0473cb8,0x7fffa0473cc8,0x7fffa0473cd8
        6⤵
        
        PID:1640
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1900,1721666145440562007,17785034945963046855,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        6⤵
        
        PID:3160
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,1721666145440562007,17785034945963046855,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2112 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1044
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,1721666145440562007,17785034945963046855,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2356 /prefetch:8
        6⤵
        
        PID:1244
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe" uTorrent_2160_00CB1BC0_715979959 µTorrent4823DF041B09 uTorrent ce unp
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2800.3388.9600322908544482358
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:856
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7fffa0473cb8,0x7fffa0473cc8,0x7fffa0473cd8
        6⤵
        
        PID:2136
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1828,6064724248392309467,3568335468249966051,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
        6⤵
        
        PID:408
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,6064724248392309467,3568335468249966051,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1992 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2260
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe" uTorrent_2160_00CDA038_1636188874 µTorrent4823DF041B09 uTorrent ce unp
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4844
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4844.4708.7812806572916223406
        5⤵
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:2328
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7fffa0473cb8,0x7fffa0473cc8,0x7fffa0473cd8
        6⤵
        
        PID:4280
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
        6⤵
        
        PID:4888
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1916 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4912
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3048 /prefetch:8
        6⤵
        
        PID:5340
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
        6⤵
        
        PID:5356
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
        6⤵
        
        PID:5472
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
        6⤵
        
        PID:5756
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4348 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6056
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=entity_extraction --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=5160 /prefetch:8
        6⤵
        
        PID:1052
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1856,4587191128737073376,17239047502193775414,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
        6⤵
        
        PID:2128
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe" uTorrent_2160_03CE9768_592497392 µTorrent4823DF041B09 uTorrent ce unp
      4⤵
      Executes dropped EXE
      PID:3728
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3728.4036.8326918830525051938
        5⤵
        
        PID:1808
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x114,0x7fffa0473cb8,0x7fffa0473cc8,0x7fffa0473cd8
        6⤵
        
        PID:2140
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1688,2573136388991400092,11248529575208125667,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
        6⤵
        
        PID:3936
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,2573136388991400092,11248529575208125667,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=1980 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://utorrent.com/prodnews?v=3%2e6%2e0%2e1%2e47132&pv=0.0.0.0.0
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:2576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa0473cb8,0x7fffa0473cc8,0x7fffa0473cd8
        5⤵
        
        PID:1784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,15759101425285848696,4060516240634448830,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
        5⤵
        
        PID:4380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,15759101425285848696,4060516240634448830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,15759101425285848696,4060516240634448830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
        5⤵
        
        PID:2596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15759101425285848696,4060516240634448830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
        5⤵
        
        PID:5424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15759101425285848696,4060516240634448830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
        5⤵
        
        PID:5432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15759101425285848696,4060516240634448830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe
      "C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.6.0_47132\utorrentie.exe" uTorrent_2160_05BB4BD0_312705989 µTorrent4823DF041B09 uTorrent ce unp
      4⤵
      Executes dropped EXE
      PID:5852
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=utorrentie.exe --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-features=msEnhancedTrackingPreventionEnabled --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=5852.4476.16129636496688092394
        5⤵
        
        PID:5412
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1a4,0x7fffa0473cb8,0x7fffa0473cc8,0x7fffa0473cd8
        6⤵
        
        PID:6064
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1800,1680729860533316489,11825529151939133496,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
        6⤵
        
        PID:6008
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,1680729860533316489,11825529151939133496,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnhancedTrackingPreventionEnabled,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView" --webview-exe-name=utorrentie.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2268 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2468

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4616

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
1⤵
PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7EF516642261549A23D49DB36FFE5F3F_8E33BDEDF6D76E3537C65DA74B1F1D6D

Filesize
1KB

MD5
9f048a6d8a966170e8985daee4ee95df

SHA1
77bcfdd72c9c506d07e679227909bf46065bfe2d

SHA256
3169e349720c3fe55de39613d9b3702671e8c58dfc945da8447b9e695a35abde

SHA512
c593053aba68658c8ca88dc747cfcbb546484760537f1cded3591f1e5c82667b4c6d462aafa0488c3a52029e751de52059d224cd55407ab03072f02f29a662e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
d104701f68e2e227586ef09c89f4bdd7

SHA1
60db9efb1bd601f6ea70da9e6b6e25cf6cd55d79

SHA256
1abf9ce386cdc49f4712f8b4dd0c6ca4b7d26ddfbd19803b3c0b66b2c97a9acb

SHA512
14e8eacedd0c75adb3173c0de1bd90758e151035a79693be677eb0f0ede2136696db997d1375e77587627b2c03c767d0b058a00589c7d2b48b9e28513c142873

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7EF516642261549A23D49DB36FFE5F3F_8E33BDEDF6D76E3537C65DA74B1F1D6D

Filesize
560B

MD5
d18dc38d982f7008d83605afcc189a95

SHA1
b4f8d27da42bbe4e7ce8c24dc9ec72de8099d8ee

SHA256
90b35307679e59f86b7ba13d63c13df08723a3fe97ed23269435c38dc9f8eb96

SHA512
4eb302896a81323f0d9fcd2beba1b2cde860879c9ee31eff3f81ac52b72a5de39982e344b30840bc69d4f973749d9d1c9c3392ff92e3cbbd1d421ab19849c766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7EF516642261549A23D49DB36FFE5F3F_8E33BDEDF6D76E3537C65DA74B1F1D6D

Filesize
560B

MD5
d44e09a1756d5abfd125f3fcb6248221

SHA1
74ec6a628eefa34978088191411779495e396b49

SHA256
7113867340806187100975883c12d115e03abe20b86f47a7cc201fa01c6a6ae3

SHA512
54e17a7502ec48361119a3b982b281aad09c24d7bcd8748aaa571b8ee7a4e0f2ff2db575f4703b75b9575b01029b132e8c3a874dea1f1e25303020bb32efae72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
89e534703bed3a59af539c02fde0805e

SHA1
0cbc34a0892064bba5a679b64217209baf507dce

SHA256
88fb2d96fa40e0ac59089c9d6a1e9ffe0ef22d2706fdab6180f8138d100c97e7

SHA512
5c0d76d298b7fc203ff8f917164b70bd45bfdd3140c88cedc410fdf531e5e4ae12780770b32bbad273a31c4c7b31b46710075790dcd94283752d6e7e9fc8a92d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
cd40e9e5b6c8182e375acb57ee094c5c

SHA1
1279c1cc8e6a3aa8f5918434c14f8f054698e67c

SHA256
ff75be7b83c03ca7d64de8f843ecc3f0211a1cc4e322b5c5d7551b172d7b49dc

SHA512
d8fd2ca81886842a61676f80e40af6f52d84c9b5c4fba69af6aff1c6d36f234d14d69f3ab27b8f6d16f03ffccdebc414e772f0d7602772801affe4e3f5587fa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
09db6bf0f0e0d45f9c23616c796c6a13

SHA1
aaae16cb8961779954dd750f32448924bf7506a7

SHA256
b8c42a6efab7c93c14c92fe1e93c0ae17093e7f3021ab7a49e138b28761b0467

SHA512
5cf73a1a092acf0960075d6102ee6ccfa777a7dccfe41ccae26eb4557bb1b19f78966af615de6222b734b8c99e64620afd2656ccd2940206fea53eb84b3dd532

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
ceede89ca4df80754e0e11400c6a4070

SHA1
170e80d1bd9f11374699c36662cebbbc25d0ab32

SHA256
aa4e01f47942ec1de2976cdd8016ac2d231b0962c158e50c05d0cf6aae06bbe7

SHA512
3abffea7c71e1ec4728e3fb5b9823682abcf8949fb6cc93893ce978969558a2f7325e0cd816978ad634255f3477609357f6f013db77ceaf88cacccae7544cd6f

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
00ab3261c15fb80b50508a5486c32cc2

SHA1
67d4ee74cfd8188d5ffda055b14bae1aca9a7db2

SHA256
be8dc12833919c4ee62a4b8c13fd82fa9b0c2f030fe3cb7c8dfb688065dcf826

SHA512
d596727bc38c35d20b49f592058e2a3002a980fd97eb301b5f7e19bf5dcc47fe75f31c60f5b238311af70b33dd1d1264661496354cd8b5910aef560d9065704d

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
d3ef96066c3c3c03183c5ea405443736

SHA1
8147cfb8d75c25abb9eac8f63d9c221cbd9fc5e0

SHA256
5aad914c4a4d47c1369334425b02a89aca82751e71c237568543765be8143b00

SHA512
749218f8a04423e075b33ea5697ca61ff8be4eede981b699847744c46e80abc374149552074ed43dcc251a0d50b3a3d214ea7606808755bc354eb824148f579e

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
cc8fca185367e5b49b5d227b4f5f1131

SHA1
c3d21cad324e1ee3e9c75cf7f6605f5223a6159a

SHA256
207d77e52df8f7c40d0831f76c0e49afb6815041c26621e574d2a2b88ca3b13a

SHA512
b5c9aae197829b0c4bb6cf518fe5a1f354752658d7c548aceab56e960a2a872195ef9841697b4dc3fd66adb707f12306bd6662dae0e7c28b597042185dc91d40

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\66e476f8-fda1-4aa1-8aca-1e1784d422f1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Cache\f_00000c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
2bfa4853876b7cfa3361a6799a75aab1

SHA1
5fcfb2126a0c277adc3e9d3fc98ffce20f99c1df

SHA256
62ddecc3beb01ab22de4ea26ebb504fdb4a3f555a957c836327c6ea5be6e6fe9

SHA512
42cd6e8fab5ff8244b160ada4a1c5960897ced0bb94f0eb9429269d6b8e164920df2172f269b6cee5240c86f5d1d42940dad504ffd4c8cbd44ad631ce0624e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5afb59.TMP

Filesize
48B

MD5
ba5715ccf5151a8a0b364a50c4648e8e

SHA1
feaee94acd4e3c7fd2427318378917c2091ba688

SHA256
2c148276e052aefc9b1fbdb9aa5bf4b0b7c264a6cf37b669f93a904e61104540

SHA512
e48141c012998e9825a469c9103b0aa30b0fa0a5eefd6a7c4166ab9012ad9a16a1750c7382ffc82504ffa6ee8aaf17d93173758e631f1eacd9a65fc4881fb889

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Network Persistent State

Filesize
2KB

MD5
f4a82df6df582d3e3facef33e4e85ecf

SHA1
a9ebc66a82739ae7305ea7b3396927379f0e169d

SHA256
c35f5e63718a1df2b7fcbd8a29219b6228dc7141ef2a9faf3f3c81e0899ccb22

SHA512
3511175f8bb57ceb93b0a247303ad10e666893a4aaafbc46e7bb3c01deff3ddc5a4ff39de511a569c55584623b5385bdbbbc5dd15fc7ae67df362b9283f5775d

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences

Filesize
2KB

MD5
fba108c5773218c565ab68334e5a74bc

SHA1
6b0316e1957974dc9145be0e2b81884be62c0373

SHA256
dc526143c63909301ab96ba0f0c92da5964e1c7eb34fac24096dd25cff4ab316

SHA512
97bffd9d50750365ae7604409bf808b7710eaea3ecd3f0134d6fd8c067fdff53a187185a4d9378ceabf77fad7b465f5332d2e2f6479523c1956e9181d4ba4856

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences

Filesize
4KB

MD5
bff33f77135c47fe5dd2a7d08ddd4627

SHA1
f68d0e0998749bd068d9ac2e1743ab3f427d6fea

SHA256
51eb3ef9b7eec64190e53c990d480efd87a2587aa93963d80635d1428c8d38eb

SHA512
34b175fe4e91f6bb20e6b0c2429cbc789389d9163a877fb1a1ec723c43491c789563d4dc9bcc4b64848aeef73c0e0be9d3c6a9b4bf76f19afe5749bac52217c9

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Preferences

Filesize
344KB

MD5
aea8e144a6b2efc33125743abfa5884b

SHA1
723d4bb16513d07add8a95fedba53e59dfce1bbc

SHA256
19ee475fefe77699f4c1928dbfc89b04012a1e4bf63bf8d4f2cb914bad3eee6c

SHA512
53ce9e103e4591e586c17709c577217f52eac70771014b952c73fc2db297e4f96eb57b61f58ed38a0bf3deba0a563c6c3f5d3052d55ed51a444dfb6914c52b38

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Secure Preferences

Filesize
8KB

MD5
0b8d4274fa93ab17315b4662d916bfb4

SHA1
4394c9527463d70b24aaaba47c348e99b7233e99

SHA256
58b2570d28fe5d6e4619c096b55b2e9f516af6f9789b55c32f51de341b2c6c50

SHA512
33eabfeab77c0b1163ba38ca68aa54afd3f761bb3cabae6841087e13e1f09c17948bd64ebae7534d1a234d44ab353eb3e44b9eef49e1692f64a00ad2059ceef7

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Secure Preferences

Filesize
8KB

MD5
72fa20bec426ed7a78cc4d116d86f956

SHA1
0c1d5c595c3f9723695467c20b8573e3b1818955

SHA256
0fc67c2ce25dedc47b6a34aac4df5ef13ee6e407fb7953bf765b9ff655fcc461

SHA512
da02b6e00248c8321d43a32a2d97e4ce6d12a5e6b7085c07079c1c83126c47aec94926736c897e16d6ed5e040e973e05eb92726da48fb5dda005fbbb749ff385

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity

Filesize
1KB

MD5
9fe6717d33a52027d094c520a0ad27a5

SHA1
cff5f5096fd6b715757dce9cbe76b8acc7dd70c5

SHA256
8c9f4ce320e3245e5099531cceba640d6a0103ce94298df660cd0d22cdea4b3f

SHA512
c015d40dd03af5763b8baf64b844287982fbcc82c65b41c89c91ecd403f6fc76ca8e6fe97704ff104fd4f7cacfffd88cc9df417d12f7990601b8b72481fb216c

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\TransportSecurity~RFe5afbd6.TMP

Filesize
1KB

MD5
355f3cdf67f402476a6653f86b3d4d70

SHA1
d55976809cf6d9e405467fdb70c3967ae887a9b7

SHA256
3583df2a3c343c4d34171363153746df233785db976c9a0bfe4a2d2468a972de

SHA512
b8f7d055b63c79e87decfd7be3f6d49a0e53002584284338bbf8cf83b316fd3f397a44aea66929e614fe5afad0e6c5c6d2d838500e6128e117a6df2b86c0ff8b

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

Filesize
2KB

MD5
c6999ebd9ae68469aef08a8b6f610dce

SHA1
0f7375596081c1b072bc0a0a3ae2e39e9a8396e1

SHA256
2d589c2ff038d27b0a5c01276232b79f89bf5d6fa22eb4057f193eeaabf4f5ca

SHA512
b35bfd8179757404882a7d958feee4f1916e4cf021b55959f1defb147bc01e324c631250015028b2ae8a2832e97f1781f2e68e3ce5be8d784e8dd5ee739b6c98

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

Filesize
2KB

MD5
4c8345737b0299063499a08db6df70d9

SHA1
b7e74410f44f7aecc0d66da3a25878aa41e5d63b

SHA256
fde0c26854d92b46dde7cd9d1a705c1f9e12ee68725ad0a50c368f98bd942e78

SHA512
29eea4ee3b51ac84b28b0641997eff41ca0c8d1ef4465d425fd4e85c4548ff0472e951c819f7b1ecb71fe2f9f83c3c38b8bc8568e5782d0032894b23ee31ff0b

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

Filesize
8KB

MD5
10de24a2896f94387e04d8f101ee901b

SHA1
a97d0032fba85665dc81375f1bd56e2a89952861

SHA256
f631e9dee897e5a7d68ed25fe4342b1d9407a9142afb275f28724b3376fe0c23

SHA512
3aa43a1b3d8146dcf36b7c93c3a2cf0a51b4d178c8cc4ef983f99fe9102a9054d36181af77bfccbb713bc84a6298385351178d0e04cfd5b376b976f2e0201d94

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\Local State

Filesize
8KB

MD5
fe90d45765d4960c6828346956caff4e

SHA1
a980b7ee6f2ed0445bdf674f41cad6eaf5ee0cb3

SHA256
7f3472c6b96787284baeac7001b95ed39f4144fcb200f077956f18e01f2b437a

SHA512
02943c7b412e039a29e2f352d8ddf126d3421655921ffcd88fe7552b8fbe703c1506d38d07d4dfd1879315aa94a5cd9ff2c407f59c8d88ccb350405bccd69c86

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\LocalLow\uTorrent.WebView2\EBWebView\acd6316e-671e-419b-99ec-ba22b6163861.tmp

Filesize
1KB

MD5
b54696250df76d93d3abfd59270dfb38

SHA1
9c07b73a37d311a89c21e08d1a6d7cdc7fa7441f

SHA256
4ccf0164655e1a6d20a604c712a43fa9b2da7db2a6d04026819d13f5e8eb9192

SHA512
d6b5500e40ba629a86fd390326d8d472326dbc21b4f45ee3d8f22bc45a7436c13786c4d283a5c45b0d7943684264dadb56d02c0bc0bc7360436731e41e3b90a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b0c53c5fe6ad2ee4ffbde1b3384d027

SHA1
0c9ae4f75a65ed95159b6eb75c3c7b48971f3e71

SHA256
2e9fc3b050296902d0bb0ce6b8acc0bb54440f75f54f1f04ae95c9956108171f

SHA512
29f62e085d685d3b4902515790ab4f298454d0f8d53b6234fae9f9a0edffdd0d4edee57261e8eb0b94a4af8e86d3f7ab8b044c6f259576b89f91183002e58b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe63f44aa3aa9393e4251b4b74226e3

SHA1
29eef15e4d60afed127861deebc7196e97d19e4a

SHA256
7787181844d106768f78847869b5e784f07c1b65109d59b46932979bac823cd3

SHA512
f0f7951b5d55c2cbb71add5ab0c2ed3617a6fdf93f2c81ee9dd15d9f7c67881b42cbfd97cc4d2f17ba8a383624b23da1897fee069ddcee34233c1f625062a1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
2fa08dde62e9805202b208e72e8ca7d1

SHA1
37e7d7f120849dcb06235f71cbe0b5d654135cca

SHA256
a94bd86063ac7a5f515b64608fcd4878dc7a6a7fff01e5b26f7cf7087dac5ccf

SHA512
7479fad3938a8f0c511943f660dbb39da88d4b6ffd6d8a272f58064b67d41eb3a3242099ee31a6bc7f5f83321750fef1f4484ab809e1444079e130cdde9449ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
213b839e0ded7de0701165cfd4de95e0

SHA1
634d92fc9d18faac353a96397c6f7643aa46b055

SHA256
9b33e8723704b2b533e8737f85078031b69e82b241a5522ce5e052965b97e2e9

SHA512
395c35b1abd5081a1972729e1384a6b8dede004db9f10cd024bbd2fa6bb779ada37c2ccc4dc4d794288d0ffc2dadbfa654ec71e5c5f23ce6bc0b124b3341e884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4f626488f9b926471ec61081d4f4558

SHA1
4caf1f706e642a0be1eb4996b5df42366396273c

SHA256
a3f691f73cf70212599b5da1b50d2ca86009914b58dc221b39d170fa7a32a2f1

SHA512
5df1ffab855f912e2336552b0c5d3bfc1e9153e1c447a080efc5fc813432169eff1d8de5f53e08257b4bcd753ba87add182b129176c36f7bae333dcc5df36776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc4ea6cf540d578439a4544b8368e25b

SHA1
44ff7a87893cfc7d70bb25136aa482ea232aa212

SHA256
71e310c6a11de501a1f85f1ef9f36a854ae8df1dee85972e3d9191574708e1eb

SHA512
2e4c69e4d8f95a260965db34e611ddc88caffcc5dc2e3e3045d29916213fa6f615e7dbe3c14a4cae5539001432921856b2672b7c2993316431293e2abb4ff5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb1ec64accc2cf801ce3522316a79b7b

SHA1
185639aaaa313fff2ee63844425a5a4a3185bd2d

SHA256
8adece33f8a597454addc2eb53aa669dd8c328699e1224f8fd31e534ddca262c

SHA512
905935339c35e9163c0d4f0fac40de5e250bbf4e40515efe63ff8290d41e88016f7cf298c9dea43c794898b62ef9459a0a09b19d34ef5bcc338eeab950e3ccce

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-770SN.tmp\Logo.png

Filesize
7KB

MD5
5424804c80db74e1304535141a5392c6

SHA1
6d749f3b59672b0c243690811ec3240ff2eced8e

SHA256
9b7e2ea77e518b50e5dd78e0faec509e791949a7c7f360a967c9ee204a8f1412

SHA512
6c7364b9693ce9cbbdbca60ecef3911dfe3d2d836252d7650d34506d2aa41fc5892028ba93f2619caf7edb06576fddae7e5f91f5844b5c3a47f54ca39f84cc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-770SN.tmp\Opera_new.png

Filesize
65KB

MD5
ca01cd3778c987f64633d8af840ccccb

SHA1
85ecea538314c4c09ce79ce554a32331d83bb4f1

SHA256
3c1235a59c023bad329532d2c559350b40536ef859c00fb36425f76f348e82ab

SHA512
ddb561140f22c874b35849553314e034fc4a0b792486fca09f46cba947d0438cea73f84a1775f035d0c344a9a2745a9e10f610375da4948256ee249999b21cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-770SN.tmp\RAV_Cross.png

Filesize
74KB

MD5
cd09f361286d1ad2622ba8a57b7613bd

SHA1
4cd3e5d4063b3517a950b9d030841f51f3c5f1b1

SHA256
b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8

SHA512
f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-770SN.tmp\WebAdvisor.png

Filesize
47KB

MD5
4cfff8dc30d353cd3d215fd3a5dbac24

SHA1
0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

SHA256
0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

SHA512
9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-770SN.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-770SN.tmp\uTorrent.exe

Filesize
3.7MB

MD5
da579cae896bd49996ed1f4808b56964

SHA1
a5ac5fa959e47af3cbb0e78e56cbe37f174a5f83

SHA256
35fcec7b2054cec9fb6524de6c26f2e77956fc86adb6cfc728b486a6e91a88b5

SHA512
0972244e71549b35ba118ef47149e07c9d8d5a5fb2d068248b036cbc440bc68727633d3dc3decdf13943033791662f21164a5a0d1591c3884269dd3ae1b8edb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IL1RC.tmp\utorrent_installer.tmp

Filesize
3.0MB

MD5
27174a5611d8827d1736d9ac8382d19f

SHA1
f000848acdd1c152d32a44c928deace522983886

SHA256
36a40fb99c1b026e59c6ba286a02548c64ec7a7e280b19d3169af9aa3c59b994

SHA512
4b6180facd75a9f10e2122ed1ca513979752f953cb92f8436877aff341b40575125db43293259a291406d95f408fbebbd89081fc07f2a5779ec02e5ead23406d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx85DC.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx85DC.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx85DC.tmp\bt_datachannel.dll

Filesize
4.1MB

MD5
dfca05beb0d6a31913c04b1314ca8b4a

SHA1
5fbbccf13325828016446f63d21250c723578841

SHA256
d4c4e05fade7e76f4a2d0c9c58a6b9b82b761d9951ffddd838c381549368e153

SHA512
858d4fb9d073c51c0ab7a0b896c30e35376678cc12aec189085638376d3cc74c1821495692eac378e4509ef5dcab0e8b950ad5bfab66d2c62ab31bc0a75118cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx85DC.tmp\nsisFirewall.dll

Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx85DC.tmp\utorrent.exe

Filesize
2.2MB

MD5
3456eacf74bb68da5ac36c3a4311bd21

SHA1
c618a2aad7909f0fee6856440bb4aca84704974d

SHA256
048226c6707d8a1782e9fc38478490bf90d53261d34faa37d021104d371577aa

SHA512
767d80936eaebee1da1ea9000c61bbc35d23153260505f7b006d8d5636488dc691b68fedf2f5b6992e6ff14e877e38f6f5284b77bb913418e00c9b0dfbad3e15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1210443139-7911939-2760828654-1000\1f91d2d17ea675d4c2c3192e241743f9_d60ffe98-aa71-405d-96ae-e3b0b60a8920

Filesize
1KB

MD5
4cdb926154723c57ddc1798b9d8410c6

SHA1
74eeb8429d96f6f4627562d5c612cc70a15fc4df

SHA256
46b70c9dec4bf5d5e225811de8c291eb2308456e562f49fb6f60c55e857f5125

SHA512
61f8517adcdd74a50cb271d4053360a1c4fc65270de3fb4dc1233d909719048f9c5b9ae8971d4b56e815883b16e2336ae08e71b7ce6bcd596864837583e8bd67

Download Submit
C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat

Filesize
8KB

MD5
907391913dbcef91c00124f8606e8642

SHA1
933d748153aeb89f29920e12433e189dfdd28cc0

SHA256
b8f7c72205965261c007d210f9fc7088759eb26adf89445ca8c90b308f08906c

SHA512
141244f4aaaa5c5ea1c4bc805920bd8569c66df41d9c94221c44fcafc1c7cd531f15396da6d4a062d5ffa8cba573a7c9c92f2541196defeb5bc96437ba848d6d

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\settings.dat

Filesize
8KB

MD5
b995e168882ed2106c9537a63d95b67a

SHA1
a1f91bf23ec6dd81fe3a62c260fd29e74f84996e

SHA256
8fd65df56cfde315bb34628b6a218505a355dd37febf2d0c79481c9d76644004

SHA512
ebff6ba8cb6d3c1714f205cde5a25fa8de69516fd624c800a059186cfba0b62d1ae32b4f5459067c65fbee13a583ae55baab3dd3007310d77442d7a880adc3bb

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\settings.dat.old

Filesize
14KB

MD5
24a0d7d72b6562f448c17e9bf715d25a

SHA1
cdb31c36f6e4c2a23a48772fc5c372c3cd927cfc

SHA256
a75f26a781c83e498aa72ab1d209afe7604f27734d33c7ca0a3d202e746f6bc1

SHA512
e859ea757bff0e683af7d57ed7b0e5031fc151536e87ccd10203284c1246724e49354fd1f3f1ff9c36ddef8eb0a3031756964f3c8bfbeb8399bbc6d22d493d9a

Download Submit
C:\Users\Admin\AppData\Roaming\utorrent\updates\3.6.0_47132\utorrentie.exe

Filesize
693KB

MD5
be39bf87923b2317bb800f1a358e5280

SHA1
b5bbe2e73be0ea4468c57b1cf1702c9bbe8a5e09

SHA256
a1a5d6c83450dd43a201a5720619d6252fbd770f30945fe95553cff830026d03

SHA512
906abe4b8aa2ac61048234c9f8c54f20290fe26450c2c8f873c77ea42cae06172a645d932940f492f3d5a47d8929f555f3f337007e8423af3a843fc78da95715

Download Submit
memory/408-255-0x00007FFFB07F0000-0x00007FFFB07F1000-memory.dmp

Filesize
4KB

Download
memory/1496-71-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/1496-15-0x0000000004C50000-0x0000000004C5F000-memory.dmp

Filesize
60KB

Download
memory/1496-84-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/1496-187-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/1496-168-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/1496-85-0x0000000004C50000-0x0000000004C5F000-memory.dmp

Filesize
60KB

Download
memory/1496-6-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/1496-91-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/1496-22-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/1496-23-0x0000000004C50000-0x0000000004C5F000-memory.dmp

Filesize
60KB

Download
memory/1496-92-0x0000000004C50000-0x0000000004C5F000-memory.dmp

Filesize
60KB

Download
memory/2160-177-0x0000000000400000-0x00000000009C3000-memory.dmp

Filesize
5.8MB

Download
memory/3528-153-0x0000000000400000-0x00000000009C3000-memory.dmp

Filesize
5.8MB

Download
memory/3528-135-0x0000000000400000-0x00000000009C3000-memory.dmp

Filesize
5.8MB

Download
memory/4572-1-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/4572-21-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/4572-189-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/4572-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download