URL:

https://download-new.utorrent.com/endpoint/btweb/os/windows/track/stable

Full analysis: https://app.any.run/tasks/6d4de9c9-78c7-4381-ae65-70b6c56e7b6e
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: April 06, 2020, 07:38:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
pua
lavasoft
loader
Indicators:
MD5:

75BBBC710C1054FC89EB9DCBB1AC6085

SHA1:

0321ECF9AA9C12263BF9FF89255EA290F9798C0C

SHA256:

0CA96DFCA907281032B04ABEC528A7BCC5BC9F618C8E8A0F04871CD5FB654C1E

SSDEEP:

3:N8SEmL3XeRLKeKc0iwbEXWNRXn:2SBeRLiPbNNRXn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • btweb_installer.exe (PID: 4052)
      • GenericSetup.exe (PID: 856)
      • btweb_installer.exe (PID: 3064)
      • installer.exe (PID: 3580)
      • Carrier.exe (PID: 3392)
      • jvvfvhno.vle.exe (PID: 2348)
      • d2jut1rw.qcj.exe (PID: 2972)
      • d2jut1rw.qcj.exe (PID: 1744)
      • d2jut1rw.qcj.exe (PID: 3468)
      • d2jut1rw.qcj.exe (PID: 3988)
      • d2jut1rw.qcj.exe (PID: 2556)
      • btweb.exe (PID: 1356)
      • WebCompanion.exe (PID: 3456)
      • WebCompanionInstaller.exe (PID: 2720)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3400)
      • helper.exe (PID: 3136)

    • Loads dropped or rewritten executable

      • GenericSetup.exe (PID: 856)
      • Carrier.exe (PID: 3392)
      • d2jut1rw.qcj.exe (PID: 2556)
      • d2jut1rw.qcj.exe (PID: 3468)
      • d2jut1rw.qcj.exe (PID: 2972)
      • d2jut1rw.qcj.exe (PID: 3988)
      • d2jut1rw.qcj.exe (PID: 1744)
      • WebCompanionInstaller.exe (PID: 2720)
      • WebCompanion.exe (PID: 3456)
      • btweb.exe (PID: 1356)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3400)

    • LAVASOFT was detected

      • installer.exe (PID: 3580)

    • Actions looks like stealing of personal data

      • d2jut1rw.qcj.exe (PID: 2972)
      • d2jut1rw.qcj.exe (PID: 1744)
      • d2jut1rw.qcj.exe (PID: 3988)
      • d2jut1rw.qcj.exe (PID: 2556)
      • WebCompanion.exe (PID: 3456)

    • Changes settings of System certificates

      • WebCompanionInstaller.exe (PID: 2720)
      • d2jut1rw.qcj.exe (PID: 2972)
      • GenericSetup.exe (PID: 856)
      • WebCompanion.exe (PID: 3456)

    • Loads the Task Scheduler COM API

      • GenericSetup.exe (PID: 856)

    • Changes internet zones settings

      • WebCompanionInstaller.exe (PID: 2720)

    • Changes the autorun value in the registry

      • WebCompanion.exe (PID: 3456)
      • btweb.exe (PID: 1356)

    • Downloads executable files from the Internet

      • btweb.exe (PID: 1356)

    • Starts Visual C# compiler

      • WebCompanion.exe (PID: 3456)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2796)
      • btweb_installer.exe (PID: 4052)
      • Carrier.exe (PID: 3392)
      • d2jut1rw.qcj.exe (PID: 2972)
      • GenericSetup.exe (PID: 856)
      • jvvfvhno.vle.exe (PID: 2348)
      • d2jut1rw.qcj.exe (PID: 3988)
      • d2jut1rw.qcj.exe (PID: 2556)
      • d2jut1rw.qcj.exe (PID: 1744)
      • WebCompanionInstaller.exe (PID: 2720)
      • btweb.exe (PID: 1356)

    • Reads Environment values

      • GenericSetup.exe (PID: 856)

    • Reads the Windows organization settings

      • GenericSetup.exe (PID: 856)

    • Reads Windows owner or organization settings

      • GenericSetup.exe (PID: 856)

    • Starts CMD.EXE for commands execution

      • GenericSetup.exe (PID: 856)
      • WebCompanionInstaller.exe (PID: 2720)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3400)

    • Creates files in the user directory

      • Carrier.exe (PID: 3392)
      • d2jut1rw.qcj.exe (PID: 1744)
      • WebCompanionInstaller.exe (PID: 2720)
      • btweb.exe (PID: 1356)

    • Creates a software uninstall entry

      • Carrier.exe (PID: 3392)
      • WebCompanionInstaller.exe (PID: 2720)

    • Modifies the open verb of a shell class

      • Carrier.exe (PID: 3392)

    • Reads Internet Cache Settings

      • Carrier.exe (PID: 3392)
      • d2jut1rw.qcj.exe (PID: 2972)

    • Starts itself from another location

      • d2jut1rw.qcj.exe (PID: 2972)

    • Adds / modifies Windows certificates

      • WebCompanionInstaller.exe (PID: 2720)
      • d2jut1rw.qcj.exe (PID: 2972)
      • GenericSetup.exe (PID: 856)
      • WebCompanion.exe (PID: 3456)

    • Application launched itself

      • d2jut1rw.qcj.exe (PID: 2972)

    • Creates files in the program directory

      • WebCompanionInstaller.exe (PID: 2720)
      • WebCompanion.exe (PID: 3456)
      • Lavasoft.WCAssistant.WinService.exe (PID: 3400)

    • Starts SC.EXE for service management

      • WebCompanionInstaller.exe (PID: 2720)

    • Uses NETSH.EXE for network configuration

      • cmd.exe (PID: 2596)
      • cmd.exe (PID: 3852)

    • Starts Internet Explorer

      • btweb.exe (PID: 1356)

    • Removes files from Windows directory

      • Lavasoft.WCAssistant.WinService.exe (PID: 3400)

    • Creates files in the Windows directory

      • Lavasoft.WCAssistant.WinService.exe (PID: 3400)

    • Executed via Task Scheduler

      • btweb.exe (PID: 1356)

    • Executed as Windows Service

      • Lavasoft.WCAssistant.WinService.exe (PID: 3400)

    • Searches for installed software

      • GenericSetup.exe (PID: 856)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2796)
      • iexplore.exe (PID: 3240)
      • iexplore.exe (PID: 3044)
      • iexplore.exe (PID: 3008)

    • Changes internet zones settings

      • iexplore.exe (PID: 2796)
      • iexplore.exe (PID: 3044)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2796)
      • GenericSetup.exe (PID: 856)
      • iexplore.exe (PID: 3240)
      • btweb.exe (PID: 1356)
      • iexplore.exe (PID: 3008)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2796)

    • Creates files in the user directory

      • iexplore.exe (PID: 2796)
      • iexplore.exe (PID: 3008)

    • Dropped object may contain Bitcoin addresses

      • WebCompanionInstaller.exe (PID: 2720)

    • Application launched itself

      • iexplore.exe (PID: 3044)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3008)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2796)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2796)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
84
Monitored processes
34
Malicious processes
17
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe btweb_installer.exe no specs btweb_installer.exe #LAVASOFT installer.exe genericsetup.exe cmd.exe no specs carrier.exe cmd.exe no specs cmd.exe no specs jvvfvhno.vle.exe d2jut1rw.qcj.exe d2jut1rw.qcj.exe webcompanioninstaller.exe d2jut1rw.qcj.exe no specs d2jut1rw.qcj.exe d2jut1rw.qcj.exe sc.exe no specs sc.exe no specs sc.exe no specs cmd.exe no specs netsh.exe no specs btweb.exe iexplore.exe iexplore.exe webcompanion.exe helper.exe lavasoft.wcassistant.winservice.exe cmd.exe no specs netsh.exe no specs csc.exe no specs cvtres.exe no specs csc.exe no specs cvtres.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
816"C:\Windows\system32\cmd.exe" /C ""C:\Users\admin\AppData\Local\Temp\jvvfvhno.vle.exe" --silent --homepage=1 --search=1 --partner=BT170602"C:\Windows\system32\cmd.exeGenericSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
856"C:\Users\admin\AppData\Local\Temp\7zS4DFE2F97\GenericSetup.exe" C:\Users\admin\AppData\Local\Temp\7zS4DFE2F97\GenericSetup.exe C:\Users\admin\AppData\Local\Temp\7zS4DFE2F97\GenericSetup.exe
installer.exe
User:
admin
Company:
Adaware
Integrity Level:
HIGH
Description:
BitTorrent Web
Exit code:
0
Version:
1.0.1.2599
Modules
Images
c:\users\admin\appdata\local\temp\7zs4dfe2f97\genericsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1116"C:\Windows\system32\cmd.exe" /C ""C:\Users\admin\AppData\Local\Temp\d2jut1rw.qcj.exe" --silent --otd="utm.medium:pb,utm.source:lavasoft,utm.campaign:CSW_NA_5cc218580d987a5cb28ead66""C:\Windows\system32\cmd.exeGenericSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1356"C:\Users\admin\AppData\Roaming\BitTorrent Web\btweb.exe" /RUNONSTARTUPC:\Users\admin\AppData\Roaming\BitTorrent Web\btweb.exe
taskeng.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
BitTorrent Web
Exit code:
0
Version:
1.0.9.2491
Modules
Images
c:\users\admin\appdata\roaming\bittorrent web\btweb.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
1720"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\czb3v9r1.cmdline"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeWebCompanion.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Visual C# Command Line Compiler
Exit code:
0
Version:
8.0.50727.4927 (NetFXspW7.050727-4900)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1744C:\Users\admin\AppData\Local\Temp\d2jut1rw.qcj.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=67.0.3575.115 --initial-client-data=0xe4,0xec,0xf0,0xe8,0xf4,0x64584518,0x64584528,0x64584534C:\Users\admin\AppData\Local\Temp\d2jut1rw.qcj.exe
d2jut1rw.qcj.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
67.0.3575.115
Modules
Images
c:\users\admin\appdata\local\temp\d2jut1rw.qcj.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1780C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESFFCC.tmp" "c:\Users\admin\AppData\Local\Temp\CSCFFCB.tmp"C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.execsc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Resource File To COFF Object Conversion Utility
Exit code:
0
Version:
8.00.50727.4940 (Win7SP1.050727-5400)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
2348"C:\Users\admin\AppData\Local\Temp\jvvfvhno.vle.exe" --silent --homepage=1 --search=1 --partner=BT170602C:\Users\admin\AppData\Local\Temp\jvvfvhno.vle.exe
cmd.exe
User:
admin
Company:
Lavasoft
Integrity Level:
HIGH
Description:
Web Companion Installer
Exit code:
0
Version:
4.10.2225.4082
Modules
Images
c:\users\admin\appdata\local\temp\jvvfvhno.vle.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2424netsh http add urlacl url=http://+:9007/ user=EveryoneC:\Windows\system32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
2464"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\vubv7-um.cmdline"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exeWebCompanion.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Visual C# Command Line Compiler
Exit code:
0
Version:
8.0.50727.4927 (NetFXspW7.050727-4900)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
16 019
Read events
10 782
Write events
4 042
Delete events
1 195

Modification events

(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
2064265564
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30804966
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
121
Suspicious files
105
Text files
164
Unknown types
54

Dropped files

PID
Process
Filename
Type
3240iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab4C8D.tmp
MD5:
SHA256:
3240iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar4C8E.tmp
MD5:
SHA256:
2796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3240iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\btweb_installer[1].exe
MD5:
SHA256:
3240iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\btweb_installer.exe.1pc429i.partial
MD5:
SHA256:
2796iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFB1162FE09C162EE9.TMP
MD5:
SHA256:
2796iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\btweb_installer.exe.1pc429i.partial:Zone.Identifier
MD5:
SHA256:
3240iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DC9863BDD91599535D571389CDF6C72Ebinary
MD5:
SHA256:
3240iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1der
MD5:
SHA256:
3240iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1binary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
102
TCP/UDP connections
224
DNS requests
69
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3240
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJaiu8Zb34NbCEEshrmcCs%3D
US
der
471 b
whitelisted
2972
d2jut1rw.qcj.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
3240
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJaiu8Zb34NbCEEshrmcCs%3D
US
der
471 b
whitelisted
2972
d2jut1rw.qcj.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAUHBxy%2BWxvmne7kCwTn4NE%3D
US
der
471 b
whitelisted
2972
d2jut1rw.qcj.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
2796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2796
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
3240
iexplore.exe
GET
200
93.184.220.29:80
http://cdp.thawte.com/ThawteRSACA2018.crl
US
binary
189 Kb
whitelisted
2972
d2jut1rw.qcj.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3240
iexplore.exe
67.215.238.66:443
download-new.utorrent.com
QuadraNet, Inc
US
suspicious
3240
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2796
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
856
GenericSetup.exe
104.16.235.79:443
sos.adaware.com
Cloudflare Inc
US
shared
3580
installer.exe
104.18.87.101:80
flow.lavasoft.com
Cloudflare Inc
US
shared
856
GenericSetup.exe
104.17.177.102:80
webcompanion.com
Cloudflare Inc
US
shared
856
GenericSetup.exe
185.26.182.112:80
net.geo.opera.com
Opera Software AS
malicious
856
GenericSetup.exe
104.18.88.101:443
flow.lavasoft.com
Cloudflare Inc
US
shared
2796
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3392
Carrier.exe
107.22.221.32:80
i-4102.b-2491.btweb.bench.utorrent.com
Amazon.com, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
download-new.utorrent.com
  • 67.215.238.66
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
status.thawte.com
  • 93.184.220.29
whitelisted
cdp.thawte.com
  • 93.184.220.29
whitelisted
www.google.com
  • 172.217.22.100
malicious
sos.adaware.com
  • 104.16.235.79
  • 104.16.236.79
whitelisted
flow.lavasoft.com
  • 104.18.87.101
  • 104.18.88.101
whitelisted
net.geo.opera.com
  • 185.26.182.112
  • 185.26.182.111
whitelisted

Threats

PID
Process
Class
Message
3580
installer.exe
A Network Trojan was detected
ET MALWARE Lavasoft PUA/Adware Client Install
3392
Carrier.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
856
GenericSetup.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
856
GenericSetup.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
856
GenericSetup.exe
Misc activity
ET INFO EXE - Served Attached HTTP
3392
Carrier.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
856
GenericSetup.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
856
GenericSetup.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
856
GenericSetup.exe
Misc activity
ET INFO EXE - Served Attached HTTP
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
Process
Message
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
GenericSetup.exe
GenericSetup.exe
GenericSetup.exe
GenericSetup.exe
Error: File not found - h2osciter:console.tis
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
GenericSetup.exe
at sciter:init-script.tis
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://download-new.utorrent.com/endpoint/btweb/os/windows/track/stable