URL:

https://rutracker.org/forum/viewtopic.php?t=5756196

Full analysis: https://app.any.run/tasks/973bc839-4763-4005-afaa-e71f25cf1a75
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 11, 2020, 10:12:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
adware
pua
lavasoft
Indicators:
MD5:

08FF6D806A491B947990E04CD393FC41

SHA1:

F66DFC18642FD2406583711576546DD72F7B7F18

SHA256:

077C87F5BAB430EF1AB97E20BD73C58285E629C12F2A464FB75690482E4CBB01

SSDEEP:

3:N8cSDKXQwhKVMGbVaLV:2cSDKdO7VC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • uTorrent.exe (PID: 2612)
      • uTorrent.exe (PID: 1708)
      • installer.exe (PID: 4000)
      • uTorrent.exe (PID: 2208)
      • uTorrent.exe (PID: 404)
      • installer.exe (PID: 3668)
      • GenericSetup.exe (PID: 3908)
      • Carrier.exe (PID: 3120)
      • uTorrent.exe (PID: 2344)
      • uTorrent.exe (PID: 3452)
      • utorrentie.exe (PID: 4084)
      • utorrentie.exe (PID: 968)
      • uTorrentPro3.5.5.45449.exe (PID: 2052)
      • helper.exe (PID: 2976)
      • uTorrent.exe (PID: 316)
      • uTorrent.exe (PID: 988)

    • Downloads executable files from the Internet

      • chrome.exe (PID: 2156)
      • uTorrent.exe (PID: 3452)

    • Loads dropped or rewritten executable

      • GenericSetup.exe (PID: 3908)
      • uTorrent.exe (PID: 316)

    • LAVASOFT was detected

      • installer.exe (PID: 4000)

    • Changes the autorun value in the registry

      • Carrier.exe (PID: 3120)
      • uTorrent.exe (PID: 3452)

    • Changes settings of System certificates

      • Carrier.exe (PID: 3120)
      • GenericSetup.exe (PID: 3908)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2156)
      • chrome.exe (PID: 2320)
      • uTorrent.exe (PID: 1708)
      • uTorrent.exe (PID: 404)
      • Carrier.exe (PID: 3120)
      • uTorrent.exe (PID: 3452)
      • uTorrent.exe (PID: 316)
      • uTorrent.exe (PID: 988)
      • uTorrentPro3.5.5.45449.exe (PID: 2052)

    • Reads the Windows organization settings

      • GenericSetup.exe (PID: 3908)

    • Reads Environment values

      • GenericSetup.exe (PID: 3908)

    • Reads Windows owner or organization settings

      • GenericSetup.exe (PID: 3908)

    • Starts CMD.EXE for commands execution

      • GenericSetup.exe (PID: 3908)

    • Creates files in the user directory

      • Carrier.exe (PID: 3120)
      • uTorrent.exe (PID: 3452)
      • utorrentie.exe (PID: 968)
      • utorrentie.exe (PID: 4084)
      • uTorrent.exe (PID: 316)
      • uTorrent.exe (PID: 988)
      • uTorrentPro3.5.5.45449.exe (PID: 2052)

    • Reads Internet Cache Settings

      • Carrier.exe (PID: 3120)
      • uTorrent.exe (PID: 3452)
      • utorrentie.exe (PID: 968)
      • utorrentie.exe (PID: 4084)
      • uTorrent.exe (PID: 316)
      • uTorrent.exe (PID: 988)

    • Modifies the open verb of a shell class

      • Carrier.exe (PID: 3120)

    • Creates a software uninstall entry

      • Carrier.exe (PID: 3120)

    • Adds / modifies Windows certificates

      • Carrier.exe (PID: 3120)
      • GenericSetup.exe (PID: 3908)

    • Changes IE settings (feature browser emulation)

      • uTorrent.exe (PID: 3452)
      • uTorrent.exe (PID: 316)

    • Reads internet explorer settings

      • utorrentie.exe (PID: 968)
      • utorrentie.exe (PID: 4084)
      • uTorrentPro3.5.5.45449.exe (PID: 2052)

    • Writes to a desktop.ini file (may be used to cloak folders)

      • uTorrentPro3.5.5.45449.exe (PID: 2052)

    • Searches for installed software

      • GenericSetup.exe (PID: 3908)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1252)
      • iexplore.exe (PID: 2296)
      • chrome.exe (PID: 2320)

    • Reads the hosts file

      • chrome.exe (PID: 2320)
      • chrome.exe (PID: 2156)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 1252)
      • uTorrentPro3.5.5.45449.exe (PID: 2052)

    • Manual execution by user

      • chrome.exe (PID: 2320)
      • taskmgr.exe (PID: 1920)
      • uTorrent.exe (PID: 988)

    • Changes internet zones settings

      • iexplore.exe (PID: 2296)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2156)
      • chrome.exe (PID: 2320)
      • iexplore.exe (PID: 2296)
      • iexplore.exe (PID: 1252)
      • utorrentie.exe (PID: 968)
      • GenericSetup.exe (PID: 3908)

    • Creates files in the user directory

      • iexplore.exe (PID: 2296)
      • iexplore.exe (PID: 1252)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1252)

    • Application launched itself

      • chrome.exe (PID: 2320)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2296)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2296)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
108
Monitored processes
50
Malicious processes
12
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs utorrent.exe no specs utorrent.exe #LAVASOFT installer.exe genericsetup.exe utorrent.exe no specs utorrent.exe installer.exe no specs cmd.exe no specs carrier.exe utorrent.exe no specs utorrent.exe utorrentie.exe utorrentie.exe helper.exe utorrentpro3.5.5.45449.exe taskmgr.exe no specs utorrent.exe utorrent.exe

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
uTorrentPro3.5.5.45449.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
µTorrent
Exit code:
0
Version:
3.5.5.45449
Modules
Images
c:\users\admin\appdata\roaming\utorrent\utorrent.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
404"C:\Users\admin\Downloads\uTorrent.exe" C:\Users\admin\Downloads\uTorrent.exe
chrome.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
HIGH
Description:
µTorrent
Exit code:
0
Version:
3.5.5.45449
Modules
Images
c:\users\admin\downloads\utorrent.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
968"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_45449\utorrentie.exe" uTorrent_3452_01F4E838_855436220 µTorrent4823DF041B09 uTorrentC:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.5_45449\utorrentie.exe
uTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.5.5_45449\utorrentie.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
984"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,8880034083505711633,3482026617648403120,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15847792051718953745 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
988"C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
explorer.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
µTorrent
Exit code:
0
Version:
3.5.5.45449
Modules
Images
c:\users\admin\appdata\roaming\utorrent\utorrent.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
1252"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2296 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1428"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,8880034083505711633,3482026617648403120,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11061559235165588763 --mojo-platform-channel-handle=4212 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1444"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,8880034083505711633,3482026617648403120,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10797318562407815791 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1460"C:\Windows\system32\cmd.exe" /C ""C:\Users\admin\AppData\Local\Temp\7zSCA6FACD9\Carrier.exe" /S /FORCEINSTALL 1110010101111110"C:\Windows\system32\cmd.exeGenericSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1492"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,8880034083505711633,3482026617648403120,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17669110202085110968 --mojo-platform-channel-handle=3996 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
21 497
Read events
14 142
Write events
5 624
Delete events
1 731

Modification events

(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
3326848712
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30812028
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2296) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
326
Suspicious files
222
Text files
402
Unknown types
56

Dropped files

PID
Process
Filename
Type
1252iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab86F1.tmp
MD5:
SHA256:
1252iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar86F2.tmp
MD5:
SHA256:
2296iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1252iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\3b5dca04bf8ff0ce2140e582baf5cece.bb.min[1].jstext
MD5:
SHA256:
1252iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\1e1dd949c4f1c9269749268381a9359a.all.min[1].csstext
MD5:
SHA256:
1252iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08der
MD5:
SHA256:
1252iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\viewtopic[1].htmhtml
MD5:
SHA256:
1252iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\66c16d301d24493acd5e3996ca1d7175.lib.min[1].jstext
MD5:
SHA256:
1252iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08binary
MD5:
SHA256:
1252iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\3576149[1].jpgimage
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
83
TCP/UDP connections
487
DNS requests
127
Threats
36

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2156
chrome.exe
GET
176.126.58.207:80
http://r4---sn-x2pm-3ufk.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Qx&mip=84.17.55.74&mm=28&mn=sn-x2pm-3ufk&ms=nvh&mt=1589191875&mv=m&mvi=3&pl=23&shardbypass=yes
PL
whitelisted
1252
iexplore.exe
GET
200
80.233.186.11:80
http://i89.fastpic.ru/big/2017/0127/45/c1662968977aea03c6f472c76792aa45.png?r=1
LV
image
151 Kb
unknown
1252
iexplore.exe
GET
200
2.16.186.9:80
http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
unknown
der
1.37 Kb
whitelisted
1252
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D
US
der
1.47 Kb
whitelisted
1252
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEHbYt4bR81JP7pU%2BcUA9mdU%3D
US
der
471 b
whitelisted
1252
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEHbYt4bR81JP7pU%2BcUA9mdU%3D
US
der
471 b
whitelisted
1252
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D
US
der
471 b
whitelisted
1252
iexplore.exe
GET
200
151.139.236.246:80
http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w%2FsCEQCTkoVAAWVxX5R%2FKI%2FvyZso
US
der
1.62 Kb
whitelisted
1252
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEHJqaUWUuUGuV9euEAx07js%3D
US
der
312 b
whitelisted
1252
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAEDtB27K27GIGNL%2FunOTMk%3D
US
der
278 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1252
iexplore.exe
2.16.186.9:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
whitelisted
1252
iexplore.exe
195.82.146.214:443
rutracker.org
Dreamtorrent Corp
RU
unknown
2296
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1252
iexplore.exe
195.82.146.216:443
static.t-ru.org
Dreamtorrent Corp
RU
unknown
1252
iexplore.exe
195.82.146.52:443
rutrk.org
Dreamtorrent Corp
RU
unknown
1252
iexplore.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
1252
iexplore.exe
92.53.68.202:443
cdn.advg.agency
AO Infolika
RU
suspicious
1252
iexplore.exe
104.16.88.20:443
cdn.jsdelivr.net
Cloudflare Inc
US
shared
1252
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1252
iexplore.exe
80.233.186.11:80
i89.fastpic.ru
Telia Latvija SIA
LV
unknown

DNS requests

Domain
IP
Reputation
rutracker.org
  • 195.82.146.214
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
isrg.trustid.ocsp.identrust.com
  • 2.16.186.9
  • 2.16.186.35
whitelisted
static.t-ru.org
  • 195.82.146.216
whitelisted
rutrk.org
  • 195.82.146.52
unknown
cdn.advg.agency
  • 92.53.68.202
  • 92.53.68.201
  • 92.53.68.205
  • 92.53.68.203
  • 92.53.68.204
suspicious
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
cdn.jsdelivr.net
  • 104.16.88.20
  • 104.16.85.20
  • 104.16.87.20
  • 104.16.86.20
  • 104.16.89.20
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

PID
Process
Class
Message
2156
chrome.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2156
chrome.exe
Misc activity
ET INFO EXE - Served Attached HTTP
4000
installer.exe
A Network Trojan was detected
ET MALWARE Lavasoft PUA/Adware Client Install
3120
Carrier.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
3120
Carrier.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
3452
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3452
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3452
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3452
uTorrent.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
3452
uTorrent.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
GenericSetup.exe
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
GenericSetup.exe
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
Error: File not found - h2osciter:console.tis
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://rutracker.org/forum/viewtopic.php?t=5756196