Malware analysis utweb_installer.exe Malicious activity

Add for printing

File name:	utweb_installer.exe
Full analysis:	https://app.any.run/tasks/73d69130-8f82-45f1-a27f-5fd5bc8dd676
Verdict:	Malicious activity
Analysis date:	August 06, 2023, 20:53:07
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	installer
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	11A5830F7F4A1037D8230587944548F1
SHA1:	334FE1859D430D72C0CC031B609AECD6CE89AFAC
SHA256:	1BB2C481300ADDBA00EC81DDE4C27895677DA7EC64DD5E84E0881C2344BFC442
SSDEEP:	24576:e4nXubIQGyxbPV0db26wzeYCWWAmCdqotxoBcXRGEtLi+F/WY4O5bu:eqe3f606VWlmCdqogBcvhtlg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
Opera 12.15 (12.15.1748)
Opera 12.15 (12.15.1748)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.29 (8.29)
Skype version 8.29 (8.29)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Loads dropped or rewritten executable
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.exe (PID: 3616)
  - utweb.exe (PID: 2140)
- Application was dropped or rewritten from another process
  - utweb.exe (PID: 2140)
  - helper.exe (PID: 1884)
SUSPICIOUS
- Executable content was dropped or overwritten
  - utweb_installer.exe (PID: 3752)
  - utweb_installer.exe (PID: 4064)
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.exe (PID: 3616)
  - utweb.exe (PID: 2140)
- Reads the Windows owner or organization settings
  - utweb_installer.tmp (PID: 2256)
- Reads settings of System Certificates
  - utweb_installer.tmp (PID: 2256)
  - utweb.exe (PID: 2140)
  - helper.exe (PID: 1884)
- The process creates files with name similar to system file names
  - utweb_installer.exe (PID: 3616)
- Reads the Internet Settings
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.exe (PID: 3616)
  - utweb.exe (PID: 2140)
- Reads security settings of Internet Explorer
  - utweb.exe (PID: 2140)
- Checks Windows Trust Settings
  - utweb.exe (PID: 2140)
INFO
- Checks supported languages
  - utweb_installer.tmp (PID: 1812)
  - utweb_installer.exe (PID: 3752)
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.exe (PID: 4064)
  - utweb_installer.exe (PID: 3616)
  - utweb.exe (PID: 2140)
  - helper.exe (PID: 1884)
- Create files in a temporary directory
  - utweb_installer.exe (PID: 3752)
  - utweb_installer.exe (PID: 4064)
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.exe (PID: 3616)
- Reads the computer name
  - utweb_installer.tmp (PID: 1812)
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.exe (PID: 3616)
  - utweb.exe (PID: 2140)
  - helper.exe (PID: 1884)
- The process checks LSA protection
  - utweb_installer.tmp (PID: 1812)
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.exe (PID: 3616)
  - utweb.exe (PID: 2140)
  - helper.exe (PID: 1884)
- Application was dropped or rewritten from another process
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.tmp (PID: 1812)
- Reads the machine GUID from the registry
  - utweb_installer.tmp (PID: 2256)
  - utweb_installer.exe (PID: 3616)
  - utweb.exe (PID: 2140)
- Checks proxy server information
  - utweb_installer.exe (PID: 3616)
- Creates files or folders in the user directory
  - utweb_installer.exe (PID: 3616)
  - utweb.exe (PID: 2140)
  - helper.exe (PID: 1884)
- Application launched itself
  - msedge.exe (PID: 2508)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (65.1)
.exe	\|	Win32 EXE PECompact compressed (generic) (24.6)
.dll	\|	Win32 Dynamic Link Library (generic) (3.9)
.exe	\|	Win32 Executable (generic) (2.6)
.exe	\|	Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

ProductVersion:	1.3
ProductName:	µTorrent Web®
OriginalFileName:
LegalCopyright:	©2020 BitTorrent, Inc. All Rights Reserved
FileVersion:	1.3
FileDescription:	µTorrent Web®
CompanyName:
Comments:	This installation was built with Inno Setup.
CharacterSet:	Unicode
LanguageCode:	Neutral
FileSubtype:	-
ObjectFileType:	Executable application
FileOS:	Win32
FileFlags:	(none)
FileFlagsMask:	0x003f
ProductVersionNumber:	1.3.0.0
FileVersionNumber:	1.3.0.0
Subsystem:	Windows GUI
SubsystemVersion:	6.1
ImageVersion:	6
OSVersion:	6.1
EntryPoint:	0xb5eec
UninitializedDataSize:	-
InitializedDataSize:	76288
CodeSize:	741376
LinkerVersion:	2.25
PEType:	PE32
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
TimeStamp:	2021:06:03 08:09:11+00:00
MachineType:	Intel 386 or later, and compatibles

Summary

Architecture:	IMAGE_FILE_MACHINE_I386
Subsystem:	IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:	03-Jun-2021 08:09:11
Detected languages:	English - United States
Comments:	This installation was built with Inno Setup.
CompanyName:	-
FileDescription:	µTorrent Web®
FileVersion:	1.3
LegalCopyright:	©2020 BitTorrent, Inc. All Rights Reserved
OriginalFileName:	-
ProductName:	µTorrent Web®
ProductVersion:	1.3

DOS Header

Magic number:	MZ
Bytes on last page of file:	0x0050
Pages in file:	0x0002
Relocations:	0x0000
Size of header:	0x0004
Min extra paragraphs:	0x000F
Max extra paragraphs:	0xFFFF
Initial SS value:	0x0000
Initial SP value:	0x00B8
Checksum:	0x0000
Initial IP value:	0x0000
Initial CS value:	0x0000
Overlay number:	0x001A
OEM identifier:	0x0000
OEM information:	0x0000
Address of NE header:	0x00000100

PE Headers

Signature:	PE
Machine:	IMAGE_FILE_MACHINE_I386
Number of sections:	10
Time date stamp:	03-Jun-2021 08:09:11
Pointer to Symbol Table:	0x00000000
Number of symbols:	0
Size of Optional Header:	0x00E0
Characteristics:	IMAGE_FILE_32BIT_MACHINE IMAGE_FILE_BYTES_REVERSED_HI IMAGE_FILE_BYTES_REVERSED_LO IMAGE_FILE_EXECUTABLE_IMAGE IMAGE_FILE_LINE_NUMS_STRIPPED IMAGE_FILE_LOCAL_SYMS_STRIPPED IMAGE_FILE_RELOCS_STRIPPED

Sections

Name	Virtual Address	Virtual Size	Raw Size	Charateristics	Entropy
.text	0x00001000	0x000B361C	0x000B3800	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.35606
.itext	0x000B5000	0x00001688	0x00001800	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.97275
.data	0x000B7000	0x000037A4	0x00003800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.0444
.bss	0x000BB000	0x00006DE8	0x00000000	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0
.idata	0x000C2000	0x00000F36	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.8987
.didata	0x000C3000	0x000001A4	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	2.75636
.edata	0x000C4000	0x0000009A	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.87222
.tls	0x000C5000	0x00000018	0x00000000	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0
.rdata	0x000C6000	0x0000005D	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.38389
.rsrc	0x000C7000	0x0000DA94	0x0000DC00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.7437

Resources

Title	Entropy	Size	Codepage	Language	Type
1	5.18295	1830	Latin 1 / Western European	English - United States	RT_MANIFEST
2	5.46872	2440	Latin 1 / Western European	English - United States	RT_ICON
3	5.03722	4264	Latin 1 / Western European	English - United States	RT_ICON
4	4.37726	9640	Latin 1 / Western European	English - United States	RT_ICON
5	7.94497	25084	Latin 1 / Western European	English - United States	RT_ICON
4086	3.16547	864	Latin 1 / Western European	UNKNOWN	RT_STRING
4087	3.40938	608	Latin 1 / Western European	UNKNOWN	RT_STRING
4088	3.31153	1116	Latin 1 / Western European	UNKNOWN	RT_STRING
4089	3.33977	1036	Latin 1 / Western European	UNKNOWN	RT_STRING
4090	3.36723	724	Latin 1 / Western European	UNKNOWN	RT_STRING

Imports


advapi32.dll
comctl32.dll
kernel32.dll
kernel32.dll (delay-loaded)
netapi32.dll
oleaut32.dll
user32.dll
version.dll

Exports

Title	Ordinal	Address
dbkFCallWrapperAddr	1	0x000BE63C
__dbk_fcall_wrapper	2	0x0000D0A0
TMethodImplementationIntercept	3	0x00054060

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1060

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3648 --field-trial-handle=1320,i,15716894607047215571,12129748953667495303,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll

1652

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4192 --field-trial-handle=1320,i,15716894607047215571,12129748953667495303,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1812

"C:\Users\admin\AppData\Local\Temp\is-12A2R.tmp\utweb_installer.tmp" /SL5="$1301DC,897614,818688,C:\Users\admin\AppData\Local\Temp\utweb_installer.exe"

C:\Users\admin\AppData\Local\Temp\is-12A2R.tmp\utweb_installer.tmp

—

utweb_installer.exe

User:

admin

Company:

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-12a2r.tmp\utweb_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\user32.dll

1884

helper/helper.exe 49424 -- ut_web/1.3.0.5672 hval/b08b025c9b34ee11915012a9866c77de

C:\Users\admin\AppData\Roaming\uTorrent Web\helper\helper.exe

utweb.exe

User:

admin

Company:

BitTorrent Inc.

Integrity Level:

MEDIUM

Description:

µTorrent Helper

Exit code:

Version:

2.1.6.2679

Modules

Images
c:\users\admin\appdata\roaming\utorrent web\helper\helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\lpk.dll

2140

"C:\Users\admin\AppData\Roaming\uTorrent Web\utweb.exe" /RUNONSTARTUP

C:\Users\admin\AppData\Roaming\uTorrent Web\utweb.exe

utweb_installer.tmp

User:

admin

Company:

BitTorrent Inc.

Integrity Level:

MEDIUM

Description:

µTorrent Web

Exit code:

Version:

1.3.0.5672

Modules

Images
c:\users\admin\appdata\roaming\utorrent web\utweb.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll

2256

"C:\Users\admin\AppData\Local\Temp\is-1KEBD.tmp\utweb_installer.tmp" /SL5="$1101D2,897614,818688,C:\Users\admin\AppData\Local\Temp\utweb_installer.exe" /SPAWNWND=$110264 /NOTIFYWND=$1301DC

C:\Users\admin\AppData\Local\Temp\is-1KEBD.tmp\utweb_installer.tmp

utweb_installer.exe

User:

admin

Company:

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-1kebd.tmp\utweb_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2316

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4032 --field-trial-handle=1320,i,15716894607047215571,12129748953667495303,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll

2448

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3312 --field-trial-handle=1320,i,15716894607047215571,12129748953667495303,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

2476

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4452 --field-trial-handle=1320,i,15716894607047215571,12129748953667495303,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll

2508

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://utweb.rainberrytv.com/gui/index.html?v=1.3.0.5672&firstrun=1&localauth=localapidcecc086b6b4c520:

C:\Program Files\Microsoft\Edge\Application\msedge.exe

utweb.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

11 294

Read events

11 222

Write events

Delete events

Modification events


(PID) Process:	(2256) utweb_installer.tmp	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000004E010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(3616) utweb_installer.exe	Key:	HKEY_CLASSES_ROOT\.torrent\OpenWithProgids
Operation:	delete key	Name:	(default)
Value:

Add for printing

Executable files

Suspicious files

259

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2256	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BNNOF.tmp\is-OROS6.tmp		image
		MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24	SHA256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
3616	utweb_installer.exe	C:\Users\admin\AppData\Local\Temp\nssF1FD.tmp\UAC.dll		executable
		MD5:ADB29E6B186DAA765DC750128649B63D	SHA256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
2256	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BNNOF.tmp\uTorrent.png		image
		MD5:B2163B465C31D3BE9350FE76428CA388	SHA256:83EFCB5C0C18BB4A4F116252711DA5E1FB238AA851E6E108A47884EFDE1BBC22
2256	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BNNOF.tmp\license.rtf		text
		MD5:CA9C80605FF244AE36C584FFFFA09435	SHA256:81C21179CB42FA44D8B7AA07925081B899F0EF5F18AC00FFB75B303309078634
2256	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BNNOF.tmp\utweb_installer.exe		executable
		MD5:1E9C3ACA4EF8A5EB1EBC0FBF43C12A18	SHA256:9B9E1B5C4E492C3B9C3EADF21FA3E82D95F47E1F30046F3ABA8C8F3163F23F2E
4064	utweb_installer.exe	C:\Users\admin\AppData\Local\Temp\is-1KEBD.tmp\utweb_installer.tmp		executable
		MD5:67BF20135A695FABDAAAA3A5B5FAB93C	SHA256:DC65AB657292474F6331058D8CCC6F23920F39798A1A37135E80FCFE4A5B5B26
2256	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BNNOF.tmp\Logo.png		image
		MD5:A00CFE887E254C462AD0C6A6D3FB25B6	SHA256:BCA0271F56F7384942FF3AFFB79FA78CCDCEABF7DDA89AD3C138226DA324CDB1
2256	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BNNOF.tmp\botva2.dll		executable
		MD5:67965A5957A61867D661F05AE1F4773E	SHA256:450B9B0BA25BF068AFBC2B23D252585A19E282939BF38326384EA9112DFD0105
3616	utweb_installer.exe	C:\Users\admin\AppData\Roaming\uTorrent Web\localization\fr.lang		text
		MD5:11A3F9F9D7F238D2B1E8D7699DBAFF02	SHA256:53656932C41719FCD2B809CC3FB84F40EC39DB344E527450D8A830E271E49A28
3616	utweb_installer.exe	C:\Users\admin\AppData\Roaming\uTorrent Web\localization\it.lang		text
		MD5:8174C1F56BF731097B872A9FDF499EDF	SHA256:EC1E9FA1CD24181AEB7695BFFEF8AB782CE89962782A8E48169E1BA364D0F82F

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

272

DNS requests

145

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2140	utweb.exe	GET	—	178.79.242.16:80	http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall	DE	—	—	suspicious
2140	utweb.exe	POST	—	34.232.197.68:80	http://i-4101.b-10401.utweb_ui.bench.utorrent.com/e?i=4101&e=eyJhY3Rpb24iOiJ2MS4xMDQwMS5jYS5wYWdldmlldy5wbGFjZWhvbGRlci5wbGFjZWhvbGRlci5wbGFjZWhvbGRlciIsImFwcE5hbWUiOiJ1dHdlYiIsImFwcFZlcnNpb24iOiIxLjMuMC41NjcyLjEwNDAxIiwiaXNVdHdlYiI6dHJ1ZSwidHV0b3JpYWxWaWRlb0hhc2hMaXN0IjpbIjgwYjM5YTJlMzdhYTM1MmNkMmZjYmZiZWY3YzRhNmU5ZThjZmU0MzgiLCI5YTIzYmU2YzU1ZDVmOGQxZTI4MjYwZTQwM2JhZTU0MTI0NDM1NzllIiwiMzhlOTcyMzRmZDYwYzRmMzAzNDRkOWZhZTgwODk5YTc1ZmNmYmZmZSIsIjYxYjNiODg1NmM0ODM5ZWRmNTFmNWMyMzQ2NTk5YjZiZWM1MjQxNDUiLCI1NjJlMjljNzgzNmRhZGJjZjU1YjNkZWJmODMwNjMyNzE3NjljOTRmIl0sInV1aWQiOiJiMDhiMDI1YzliMzRlZTExOTE1MDEyYTk4NjZjNzdkZSIsImJlbmNoR2VvIjoiY2EiLCJ1dHdlYlNhbXBsZVJhdGUiOjEsImdhQmxvY2tlckRldGVjdGVkIjpudWxsLCJuYW1lIjoidDAiLCJ0cmFja2luZ0lkIjoiVUEtODg2OTgxMDItMTAiLCJjb29raWVOYW1lIjoiX2dhIiwiY29va2llRG9tYWluIjoicmFpbmJlcnJ5dHYuY29tIiwiY29va2llUGF0aCI6Ii8iLCJjb29raWVFeHBpcmVzIjo2MzA3MjAwMCwibGVnYWN5SGlzdG9yeUltcG9ydCI6dHJ1ZSwiYWxsb3dMaW5rZXIiOmZhbHNlLCJhbGxvd0FuY2hvciI6dHJ1ZSwic2FtcGxlUmF0ZSI6MTAwLCJzaXRlU3BlZWRTYW1wbGVSYXRlIjoxLCJhbHdheXNTZW5kUmVmZXJyZXIiOmZhbHNlLCJzdG9yYWdlIjoiY29va2llIiwiX2dlIjp0cnVlLCJhcGlWZXJzaW9uIjoxLCJjbGllbnRWZXJzaW9uIjoiajU2IiwiX2djbiI6Il9naWQiLCJjbGllbnRJZCI6IjQ1Njg4NTQyMC4xNjkxMzU1MjQzIiwiX2dpZCI6IjEyOTU4NTIyMy4xNjkxMzU1MjQzIiwibG9jYXRpb24iOiJodHRwczovL3V0d2ViLnJhaW5iZXJyeXR2LmNvbS9ndWkvaW5kZXguaHRtbD92PTEuMy4wLjU2NzIiLCJzY3JlZW5SZXNvbHV0aW9uIjoiMTI4MHg3MjAiLCJzY3JlZW5Db2xvcnMiOiIyNC1iaXQiLCJ2aWV3cG9ydFNpemUiOiIxMjgweDU3NCIsImVuY29kaW5nIjoiVVRGLTgiLCJqYXZhRW5hYmxlZCI6ZmFsc2UsImxhbmd1YWdlIjoiZW4tdXMiLCJhZFNlbnNlSWQiOjE3OTUwNDIwMjgsImRpbWVuc2lvbjEiOiI0NTY4ODU0MjAuMTY5MTM1NTI0MyIsImRpbWVuc2lvbjYiOjEsInRpdGxlIjoizrxUb3JyZW50IFdlYiIsInNjcmVlbk5hbWUiOiJkYXNoYm9hcmQiLCJwYWdlIjoiL2Rhc2hib2FyZCIsImRpbWVuc2lvbjIiOjE2OTEzNTUyNDMxNTYsImRpbWVuc2lvbjMiOjAsImRpbWVuc2lvbjciOiJiMDhiMDI1YzliMzRlZTExOTE1MDEyYTk4NjZjNzdkZSIsImhpdFR5cGUiOiJwYWdldmlldyIsIl90aSI6MTY5MTM1NTI0MzM3NywiX3RvIjoxOSwiX2hjIjoxLCJfajEiOiIxNTc0ODAwOTM4IiwiX2oyIjoiNjY3MjM3NzI5IiwiX3IiOjEsInRyYW5zcG9ydFVybCI6Imh0dHBzOi8vd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tL3IvY29sbGVjdCIsIl9zIjoxLCJldmVudE5hbWUiOiJ1dHdlYl91aSIsIkJVSUxEX05VTUJFUiI6IjEwNDAxIn0=	US	—	—	suspicious
2140	utweb.exe	POST	—	34.232.197.68:80	http://i-4101.b-10401.utweb_ui.bench.utorrent.com/e?i=4101&e=eyJhY3Rpb24iOiJ2MS4xMDQwMS5jYS5hcHAucGxhY2Vob2xkZXIuZGFzaGJvYXJkLnBsYWNlaG9sZGVyIiwiYXBwTmFtZSI6InV0d2ViIiwiYXBwVmVyc2lvbiI6IjEuMy4wLjU2NzIuMTA0MDEiLCJpc1V0d2ViIjp0cnVlLCJ0dXRvcmlhbFZpZGVvSGFzaExpc3QiOlsiODBiMzlhMmUzN2FhMzUyY2QyZmNiZmJlZjdjNGE2ZTllOGNmZTQzOCIsIjlhMjNiZTZjNTVkNWY4ZDFlMjgyNjBlNDAzYmFlNTQxMjQ0MzU3OWUiLCIzOGU5NzIzNGZkNjBjNGYzMDM0NGQ5ZmFlODA4OTlhNzVmY2ZiZmZlIiwiNjFiM2I4ODU2YzQ4MzllZGY1MWY1YzIzNDY1OTliNmJlYzUyNDE0NSIsIjU2MmUyOWM3ODM2ZGFkYmNmNTViM2RlYmY4MzA2MzI3MTc2OWM5NGYiXSwidXVpZCI6ImIwOGIwMjVjOWIzNGVlMTE5MTUwMTJhOTg2NmM3N2RlIiwiYmVuY2hHZW8iOiJjYSIsInV0d2ViU2FtcGxlUmF0ZSI6MSwiZ2FCbG9ja2VyRGV0ZWN0ZWQiOm51bGwsIm5hbWUiOiJ0MCIsInRyYWNraW5nSWQiOiJVQS04ODY5ODEwMi0xMCIsImNvb2tpZU5hbWUiOiJfZ2EiLCJjb29raWVEb21haW4iOiJyYWluYmVycnl0di5jb20iLCJjb29raWVQYXRoIjoiLyIsImNvb2tpZUV4cGlyZXMiOjYzMDcyMDAwLCJsZWdhY3lIaXN0b3J5SW1wb3J0Ijp0cnVlLCJhbGxvd0xpbmtlciI6ZmFsc2UsImFsbG93QW5jaG9yIjp0cnVlLCJzYW1wbGVSYXRlIjoxMDAsInNpdGVTcGVlZFNhbXBsZVJhdGUiOjEsImFsd2F5c1NlbmRSZWZlcnJlciI6ZmFsc2UsInN0b3JhZ2UiOiJjb29raWUiLCJfZ2UiOnRydWUsImFwaVZlcnNpb24iOjEsImNsaWVudFZlcnNpb24iOiJqNTYiLCJfZ2NuIjoiX2dpZCIsImNsaWVudElkIjoiNDU2ODg1NDIwLjE2OTEzNTUyNDMiLCJfZ2lkIjoiMTI5NTg1MjIzLjE2OTEzNTUyNDMiLCJsb2NhdGlvbiI6Imh0dHBzOi8vdXR3ZWIucmFpbmJlcnJ5dHYuY29tL2d1aS9pbmRleC5odG1sP3Y9MS4zLjAuNTY3MiIsInNjcmVlblJlc29sdXRpb24iOiIxMjgweDcyMCIsInNjcmVlbkNvbG9ycyI6IjI0LWJpdCIsInZpZXdwb3J0U2l6ZSI6IjEyODB4NTc0IiwiZW5jb2RpbmciOiJVVEYtOCIsImphdmFFbmFibGVkIjpmYWxzZSwibGFuZ3VhZ2UiOiJlbi11cyIsImFkU2Vuc2VJZCI6MTc5NTA0MjAyOCwiZGltZW5zaW9uMSI6IjQ1Njg4NTQyMC4xNjkxMzU1MjQzIiwiZGltZW5zaW9uNiI6MSwidGl0bGUiOiLOvFRvcnJlbnQgV2ViIiwic2NyZWVuTmFtZSI6ImRhc2hib2FyZCIsInBhZ2UiOiIvZGFzaGJvYXJkIiwiZGltZW5zaW9uMiI6MTY5MTM1NTI0MzE2MywiZGltZW5zaW9uMyI6MCwiZGltZW5zaW9uNyI6ImIwOGIwMjVjOWIzNGVlMTE5MTUwMTJhOTg2NmM3N2RlIiwiaGl0VHlwZSI6ImV2ZW50IiwiX3RpIjoxNjkxMzU1MjQzMzc3LCJfdG8iOjE3LCJfaGMiOjMsIl9qMSI6IiIsIl9qMiI6IiIsIl9zIjozLCJldmVudENhdGVnb3J5IjoiYXBwIiwiZXZlbnRBY3Rpb24iOiJwYWdlbG9hZCIsImV2ZW50TGFiZWwiOiJkYXNoYm9hcmQiLCJldmVudE5hbWUiOiJ1dHdlYl91aSIsIkJVSUxEX05VTUJFUiI6IjEwNDAxIn0=	US	—	—	suspicious
2140	utweb.exe	POST	—	34.232.197.68:80	http://i-4101.b-10401.utweb_ui.bench.utorrent.com/e?i=4101&e=eyJhY3Rpb24iOiJ2MS4xMDQwMS5jYS5hZGNvbmZpZy5wbGFjZWhvbGRlci5wbGFjZWhvbGRlci5wbGFjZWhvbGRlciIsImFwcE5hbWUiOiJ1dHdlYiIsImFwcFZlcnNpb24iOiIxLjMuMC41NjcyLjEwNDAxIiwiaXNVdHdlYiI6dHJ1ZSwidHV0b3JpYWxWaWRlb0hhc2hMaXN0IjpbIjgwYjM5YTJlMzdhYTM1MmNkMmZjYmZiZWY3YzRhNmU5ZThjZmU0MzgiLCI5YTIzYmU2YzU1ZDVmOGQxZTI4MjYwZTQwM2JhZTU0MTI0NDM1NzllIiwiMzhlOTcyMzRmZDYwYzRmMzAzNDRkOWZhZTgwODk5YTc1ZmNmYmZmZSIsIjYxYjNiODg1NmM0ODM5ZWRmNTFmNWMyMzQ2NTk5YjZiZWM1MjQxNDUiLCI1NjJlMjljNzgzNmRhZGJjZjU1YjNkZWJmODMwNjMyNzE3NjljOTRmIl0sInV1aWQiOiJiMDhiMDI1YzliMzRlZTExOTE1MDEyYTk4NjZjNzdkZSIsImJlbmNoR2VvIjoiY2EiLCJ1dHdlYlNhbXBsZVJhdGUiOjEsImdhQmxvY2tlckRldGVjdGVkIjpudWxsLCJuYW1lIjoidDAiLCJ0cmFja2luZ0lkIjoiVUEtODg2OTgxMDItMTAiLCJjb29raWVOYW1lIjoiX2dhIiwiY29va2llRG9tYWluIjoicmFpbmJlcnJ5dHYuY29tIiwiY29va2llUGF0aCI6Ii8iLCJjb29raWVFeHBpcmVzIjo2MzA3MjAwMCwibGVnYWN5SGlzdG9yeUltcG9ydCI6dHJ1ZSwiYWxsb3dMaW5rZXIiOmZhbHNlLCJhbGxvd0FuY2hvciI6dHJ1ZSwic2FtcGxlUmF0ZSI6MTAwLCJzaXRlU3BlZWRTYW1wbGVSYXRlIjoxLCJhbHdheXNTZW5kUmVmZXJyZXIiOmZhbHNlLCJzdG9yYWdlIjoiY29va2llIiwiX2dlIjp0cnVlLCJhcGlWZXJzaW9uIjoxLCJjbGllbnRWZXJzaW9uIjoiajU2IiwiX2djbiI6Il9naWQiLCJjbGllbnRJZCI6IjQ1Njg4NTQyMC4xNjkxMzU1MjQzIiwiX2dpZCI6IjEyOTU4NTIyMy4xNjkxMzU1MjQzIiwibG9jYXRpb24iOiJodHRwczovL3V0d2ViLnJhaW5iZXJyeXR2LmNvbS9ndWkvaW5kZXguaHRtbD92PTEuMy4wLjU2NzIiLCJzY3JlZW5SZXNvbHV0aW9uIjoiMTI4MHg3MjAiLCJzY3JlZW5Db2xvcnMiOiIyNC1iaXQiLCJ2aWV3cG9ydFNpemUiOiIxMjgweDU3NCIsImVuY29kaW5nIjoiVVRGLTgiLCJqYXZhRW5hYmxlZCI6ZmFsc2UsImxhbmd1YWdlIjoiZW4tdXMiLCJhZFNlbnNlSWQiOjE3OTUwNDIwMjgsImRpbWVuc2lvbjEiOiI0NTY4ODU0MjAuMTY5MTM1NTI0MyIsImRpbWVuc2lvbjYiOjEsInRpdGxlIjoizrxUb3JyZW50IFdlYiIsInNjcmVlbk5hbWUiOiJkYXNoYm9hcmQiLCJwYWdlIjoiL2Rhc2hib2FyZCIsImRpbWVuc2lvbjIiOjE2OTEzNTUyNDMxNjUsImRpbWVuc2lvbjMiOjAsImRpbWVuc2lvbjciOiJiMDhiMDI1YzliMzRlZTExOTE1MDEyYTk4NjZjNzdkZSIsImhpdFR5cGUiOiJldmVudCIsIl90aSI6MTY5MTM1NTI0MzM3NywiX3RvIjoxNiwiX2hjIjo0LCJfajEiOiIiLCJfajIiOiIiLCJfcyI6NCwiZXZlbnRDYXRlZ29yeSI6ImFkY29uZmlnIiwiZXZlbnRBY3Rpb24iOiJuZXciLCJub25JbnRlcmFjdGlvbiI6dHJ1ZSwiZXZlbnROYW1lIjoidXR3ZWJfdWkiLCJCVUlMRF9OVU1CRVIiOiIxMDQwMSJ9	US	—	—	suspicious
2140	utweb.exe	POST	—	34.232.197.68:80	http://i-4101.b-10401.utweb_ui.bench.utorrent.com/e?i=4101&e=eyJhY3Rpb24iOiJ2MS4xMDQwMS5jYS51c2VyLnBsYWNlaG9sZGVyLjE2OTEzNTUyNDE3OTkucGxhY2Vob2xkZXIiLCJhcHBOYW1lIjoidXR3ZWIiLCJhcHBWZXJzaW9uIjoiMS4zLjAuNTY3Mi4xMDQwMSIsImlzVXR3ZWIiOnRydWUsInR1dG9yaWFsVmlkZW9IYXNoTGlzdCI6WyI4MGIzOWEyZTM3YWEzNTJjZDJmY2JmYmVmN2M0YTZlOWU4Y2ZlNDM4IiwiOWEyM2JlNmM1NWQ1ZjhkMWUyODI2MGU0MDNiYWU1NDEyNDQzNTc5ZSIsIjM4ZTk3MjM0ZmQ2MGM0ZjMwMzQ0ZDlmYWU4MDg5OWE3NWZjZmJmZmUiLCI2MWIzYjg4NTZjNDgzOWVkZjUxZjVjMjM0NjU5OWI2YmVjNTI0MTQ1IiwiNTYyZTI5Yzc4MzZkYWRiY2Y1NWIzZGViZjgzMDYzMjcxNzY5Yzk0ZiJdLCJ1dWlkIjoiYjA4YjAyNWM5YjM0ZWUxMTkxNTAxMmE5ODY2Yzc3ZGUiLCJiZW5jaEdlbyI6ImNhIiwidXR3ZWJTYW1wbGVSYXRlIjoxLCJnYUJsb2NrZXJEZXRlY3RlZCI6bnVsbCwibmFtZSI6InQwIiwidHJhY2tpbmdJZCI6IlVBLTg4Njk4MTAyLTEwIiwiY29va2llTmFtZSI6Il9nYSIsImNvb2tpZURvbWFpbiI6InJhaW5iZXJyeXR2LmNvbSIsImNvb2tpZVBhdGgiOiIvIiwiY29va2llRXhwaXJlcyI6NjMwNzIwMDAsImxlZ2FjeUhpc3RvcnlJbXBvcnQiOnRydWUsImFsbG93TGlua2VyIjpmYWxzZSwiYWxsb3dBbmNob3IiOnRydWUsInNhbXBsZVJhdGUiOjEwMCwic2l0ZVNwZWVkU2FtcGxlUmF0ZSI6MSwiYWx3YXlzU2VuZFJlZmVycmVyIjpmYWxzZSwic3RvcmFnZSI6ImNvb2tpZSIsIl9nZSI6dHJ1ZSwiYXBpVmVyc2lvbiI6MSwiY2xpZW50VmVyc2lvbiI6Imo1NiIsIl9nY24iOiJfZ2lkIiwiY2xpZW50SWQiOiI0NTY4ODU0MjAuMTY5MTM1NTI0MyIsIl9naWQiOiIxMjk1ODUyMjMuMTY5MTM1NTI0MyIsImxvY2F0aW9uIjoiaHR0cHM6Ly91dHdlYi5yYWluYmVycnl0di5jb20vZ3VpL2luZGV4Lmh0bWw/dj0xLjMuMC41NjcyIiwic2NyZWVuUmVzb2x1dGlvbiI6IjEyODB4NzIwIiwic2NyZWVuQ29sb3JzIjoiMjQtYml0Iiwidmlld3BvcnRTaXplIjoiMTI4MHg1NzQiLCJlbmNvZGluZyI6IlVURi04IiwiamF2YUVuYWJsZWQiOmZhbHNlLCJsYW5ndWFnZSI6ImVuLXVzIiwiYWRTZW5zZUlkIjoxNzk1MDQyMDI4LCJkaW1lbnNpb24xIjoiNDU2ODg1NDIwLjE2OTEzNTUyNDMiLCJkaW1lbnNpb242IjoxLCJ0aXRsZSI6Is68VG9ycmVudCBXZWIiLCJzY3JlZW5OYW1lIjoiZGFzaGJvYXJkIiwicGFnZSI6Ii9kYXNoYm9hcmQiLCJkaW1lbnNpb24yIjoxNjkxMzU1MjQzMTU2LCJkaW1lbnNpb24zIjowLCJkaW1lbnNpb243IjoiYjA4YjAyNWM5YjM0ZWUxMTkxNTAxMmE5ODY2Yzc3ZGUiLCJoaXRUeXBlIjoiZXZlbnQiLCJfdGkiOjE2OTEzNTUyNDMzNzcsIl90byI6MTgsIl9oYyI6MiwiX2oxIjoiIiwiX2oyIjoiIiwiX3MiOjIsImV2ZW50Q2F0ZWdvcnkiOiJ1c2VyIiwiZXZlbnRBY3Rpb24iOiJmaXJzdF9ydW4iLCJldmVudExhYmVsIjoxNjkxMzU1MjQxNzk5LCJldmVudE5hbWUiOiJ1dHdlYl91aSIsIkJVSUxEX05VTUJFUiI6IjEwNDAxIn0=	US	—	—	suspicious
2140	utweb.exe	POST	—	34.232.197.68:80	http://i-4101.b-10401.utweb_ui.bench.utorrent.com/e?i=4101&e=eyJhY3Rpb24iOiJ2MS4xMDQwMS5jYS5yZWFsQWRPcHBvcnR1bml0eS5wbGFjZWhvbGRlci5oaWRkZW4ucGxhY2Vob2xkZXIiLCJhcHBOYW1lIjoidXR3ZWIiLCJhcHBWZXJzaW9uIjoiMS4zLjAuNTY3Mi4xMDQwMSIsImlzVXR3ZWIiOnRydWUsInR1dG9yaWFsVmlkZW9IYXNoTGlzdCI6WyI4MGIzOWEyZTM3YWEzNTJjZDJmY2JmYmVmN2M0YTZlOWU4Y2ZlNDM4IiwiOWEyM2JlNmM1NWQ1ZjhkMWUyODI2MGU0MDNiYWU1NDEyNDQzNTc5ZSIsIjM4ZTk3MjM0ZmQ2MGM0ZjMwMzQ0ZDlmYWU4MDg5OWE3NWZjZmJmZmUiLCI2MWIzYjg4NTZjNDgzOWVkZjUxZjVjMjM0NjU5OWI2YmVjNTI0MTQ1IiwiNTYyZTI5Yzc4MzZkYWRiY2Y1NWIzZGViZjgzMDYzMjcxNzY5Yzk0ZiJdLCJ1dWlkIjoiYjA4YjAyNWM5YjM0ZWUxMTkxNTAxMmE5ODY2Yzc3ZGUiLCJiZW5jaEdlbyI6ImNhIiwidXR3ZWJTYW1wbGVSYXRlIjoxLCJnYUJsb2NrZXJEZXRlY3RlZCI6bnVsbCwibmFtZSI6InQwIiwidHJhY2tpbmdJZCI6IlVBLTg4Njk4MTAyLTEwIiwiY29va2llTmFtZSI6Il9nYSIsImNvb2tpZURvbWFpbiI6InJhaW5iZXJyeXR2LmNvbSIsImNvb2tpZVBhdGgiOiIvIiwiY29va2llRXhwaXJlcyI6NjMwNzIwMDAsImxlZ2FjeUhpc3RvcnlJbXBvcnQiOnRydWUsImFsbG93TGlua2VyIjpmYWxzZSwiYWxsb3dBbmNob3IiOnRydWUsInNhbXBsZVJhdGUiOjEwMCwic2l0ZVNwZWVkU2FtcGxlUmF0ZSI6MSwiYWx3YXlzU2VuZFJlZmVycmVyIjpmYWxzZSwic3RvcmFnZSI6ImNvb2tpZSIsIl9nZSI6dHJ1ZSwiYXBpVmVyc2lvbiI6MSwiY2xpZW50VmVyc2lvbiI6Imo1NiIsIl9nY24iOiJfZ2lkIiwiY2xpZW50SWQiOiI0NTY4ODU0MjAuMTY5MTM1NTI0MyIsIl9naWQiOiIxMjk1ODUyMjMuMTY5MTM1NTI0MyIsImxvY2F0aW9uIjoiaHR0cHM6Ly91dHdlYi5yYWluYmVycnl0di5jb20vZ3VpL2luZGV4Lmh0bWw/dj0xLjMuMC41NjcyIiwic2NyZWVuUmVzb2x1dGlvbiI6IjEyODB4NzIwIiwic2NyZWVuQ29sb3JzIjoiMjQtYml0Iiwidmlld3BvcnRTaXplIjoiMTI4MHg1NzQiLCJlbmNvZGluZyI6IlVURi04IiwiamF2YUVuYWJsZWQiOmZhbHNlLCJsYW5ndWFnZSI6ImVuLXVzIiwiYWRTZW5zZUlkIjoxNzk1MDQyMDI4LCJkaW1lbnNpb24xIjoiNDU2ODg1NDIwLjE2OTEzNTUyNDMiLCJkaW1lbnNpb242IjoxLCJ0aXRsZSI6Is68VG9ycmVudCBXZWIiLCJzY3JlZW5OYW1lIjoiZGFzaGJvYXJkIiwicGFnZSI6Ii9kYXNoYm9hcmQiLCJkaW1lbnNpb24yIjoxNjkxMzU1MjQ3NTQ2LCJkaW1lbnNpb24zIjowLCJkaW1lbnNpb243IjoiYjA4YjAyNWM5YjM0ZWUxMTkxNTAxMmE5ODY2Yzc3ZGUiLCJoaXRUeXBlIjoiZXZlbnQiLCJfdGkiOjE2OTEzNTUyNDc1NDYsIl90byI6MTksIl9oYyI6NSwiX2oxIjoiIiwiX2oyIjoiIiwiX3MiOjUsImV2ZW50Q2F0ZWdvcnkiOiJyZWFsQWRPcHBvcnR1bml0eSIsImV2ZW50QWN0aW9uIjoidXR3ZWJfbWVkaXVtX3JlY3RhbmdsZV9kYXNoYm9hcmQiLCJldmVudExhYmVsIjoiaGlkZGVuIiwiZXZlbnRWYWx1ZSI6NCwibm9uSW50ZXJhY3Rpb24iOnRydWUsImV2ZW50TmFtZSI6InV0d2ViX3VpIiwiQlVJTERfTlVNQkVSIjoiMTA0MDEifQ==	US	—	—	suspicious
2140	utweb.exe	POST	—	34.232.197.68:80	http://i-4101.b-10401.utweb_ui.bench.utorrent.com/e?i=4101&e=eyJhY3Rpb24iOiJ2MS4xMDQwMS5jYS5yZWFsQWRPcHBvcnR1bml0eS5wbGFjZWhvbGRlci5yb3V0ZUNoYW5nZS1saWJyYXJ5LnBsYWNlaG9sZGVyIiwiYXBwTmFtZSI6InV0d2ViIiwiYXBwVmVyc2lvbiI6IjEuMy4wLjU2NzIuMTA0MDEiLCJpc1V0d2ViIjp0cnVlLCJ0dXRvcmlhbFZpZGVvSGFzaExpc3QiOlsiODBiMzlhMmUzN2FhMzUyY2QyZmNiZmJlZjdjNGE2ZTllOGNmZTQzOCIsIjlhMjNiZTZjNTVkNWY4ZDFlMjgyNjBlNDAzYmFlNTQxMjQ0MzU3OWUiLCIzOGU5NzIzNGZkNjBjNGYzMDM0NGQ5ZmFlODA4OTlhNzVmY2ZiZmZlIiwiNjFiM2I4ODU2YzQ4MzllZGY1MWY1YzIzNDY1OTliNmJlYzUyNDE0NSIsIjU2MmUyOWM3ODM2ZGFkYmNmNTViM2RlYmY4MzA2MzI3MTc2OWM5NGYiXSwidXVpZCI6ImIwOGIwMjVjOWIzNGVlMTE5MTUwMTJhOTg2NmM3N2RlIiwiYmVuY2hHZW8iOiJjYSIsInV0d2ViU2FtcGxlUmF0ZSI6MSwiZ2FCbG9ja2VyRGV0ZWN0ZWQiOm51bGwsIm5hbWUiOiJ0MCIsInRyYWNraW5nSWQiOiJVQS04ODY5ODEwMi0xMCIsImNvb2tpZU5hbWUiOiJfZ2EiLCJjb29raWVEb21haW4iOiJyYWluYmVycnl0di5jb20iLCJjb29raWVQYXRoIjoiLyIsImNvb2tpZUV4cGlyZXMiOjYzMDcyMDAwLCJsZWdhY3lIaXN0b3J5SW1wb3J0Ijp0cnVlLCJhbGxvd0xpbmtlciI6ZmFsc2UsImFsbG93QW5jaG9yIjp0cnVlLCJzYW1wbGVSYXRlIjoxMDAsInNpdGVTcGVlZFNhbXBsZVJhdGUiOjEsImFsd2F5c1NlbmRSZWZlcnJlciI6ZmFsc2UsInN0b3JhZ2UiOiJjb29raWUiLCJfZ2UiOnRydWUsImFwaVZlcnNpb24iOjEsImNsaWVudFZlcnNpb24iOiJqNTYiLCJfZ2NuIjoiX2dpZCIsImNsaWVudElkIjoiNDU2ODg1NDIwLjE2OTEzNTUyNDMiLCJfZ2lkIjoiMTI5NTg1MjIzLjE2OTEzNTUyNDMiLCJsb2NhdGlvbiI6Imh0dHBzOi8vdXR3ZWIucmFpbmJlcnJ5dHYuY29tL2d1aS9pbmRleC5odG1sP3Y9MS4zLjAuNTY3MiIsInNjcmVlblJlc29sdXRpb24iOiIxMjgweDcyMCIsInNjcmVlbkNvbG9ycyI6IjI0LWJpdCIsInZpZXdwb3J0U2l6ZSI6IjEyODB4NTc0IiwiZW5jb2RpbmciOiJVVEYtOCIsImphdmFFbmFibGVkIjpmYWxzZSwibGFuZ3VhZ2UiOiJlbi11cyIsImFkU2Vuc2VJZCI6MTc5NTA0MjAyOCwiZGltZW5zaW9uMSI6IjQ1Njg4NTQyMC4xNjkxMzU1MjQzIiwiZGltZW5zaW9uNiI6MSwidGl0bGUiOiLOvFRvcnJlbnQgV2ViIiwic2NyZWVuTmFtZSI6ImRhc2hib2FyZCIsInBhZ2UiOiIvZGFzaGJvYXJkIiwiZGltZW5zaW9uMiI6MTY5MTM1NTI0NzU5NSwiZGltZW5zaW9uMyI6MCwiZGltZW5zaW9uNyI6ImIwOGIwMjVjOWIzNGVlMTE5MTUwMTJhOTg2NmM3N2RlIiwiaGl0VHlwZSI6ImV2ZW50IiwiX3RpIjoxNjkxMzU1MjQ3NTQ2LCJfdG8iOjE4LCJfaGMiOjYsIl9qMSI6IiIsIl9qMiI6IiIsIl9zIjo2LCJldmVudENhdGVnb3J5IjoicmVhbEFkT3Bwb3J0dW5pdHkiLCJldmVudEFjdGlvbiI6InV0d2ViX2Jhbm5lcl9kYXNoYm9hcmQiLCJldmVudExhYmVsIjoicm91dGVDaGFuZ2UtbGlicmFyeSIsImV2ZW50VmFsdWUiOjQsIm5vbkludGVyYWN0aW9uIjp0cnVlLCJldmVudE5hbWUiOiJ1dHdlYl91aSIsIkJVSUxEX05VTUJFUiI6IjEwNDAxIn0=	US	—	—	suspicious
2140	utweb.exe	POST	200	34.238.68.92:80	http://i-4101.b-10401.utweb.bench.utorrent.com/e?i=4101&e=eyJldmVudE5hbWUiOiJ1dHdlYiIsImFjdGlvbiI6ImdhQmxvY2suYWJzZW50LnBhZ2Vsb2FkIiwiQlVJTERfTlVNQkVSIjoiMTA0MDEiLCJhcHBOYW1lIjoidXR3ZWIiLCJhcHBWZXJzaW9uIjoiMS4zLjAuNTY3Mi4xMDQwMSIsImlzVXR3ZWIiOnRydWUsInR1dG9yaWFsVmlkZW9IYXNoTGlzdCI6WyI4MGIzOWEyZTM3YWEzNTJjZDJmY2JmYmVmN2M0YTZlOWU4Y2ZlNDM4IiwiOWEyM2JlNmM1NWQ1ZjhkMWUyODI2MGU0MDNiYWU1NDEyNDQzNTc5ZSIsIjM4ZTk3MjM0ZmQ2MGM0ZjMwMzQ0ZDlmYWU4MDg5OWE3NWZjZmJmZmUiLCI2MWIzYjg4NTZjNDgzOWVkZjUxZjVjMjM0NjU5OWI2YmVjNTI0MTQ1IiwiNTYyZTI5Yzc4MzZkYWRiY2Y1NWIzZGViZjgzMDYzMjcxNzY5Yzk0ZiJdLCJ1dWlkIjoiYjA4YjAyNWM5YjM0ZWUxMTkxNTAxMmE5ODY2Yzc3ZGUiLCJnYUJsb2NrZXJEZXRlY3RlZCI6bnVsbCwiYmVuY2hHZW8iOiIiLCJ1dHdlYlNhbXBsZVJhdGUiOjF9	US	binary	21 b	suspicious
2140	utweb.exe	POST	200	34.238.68.92:80	http://i-4101.b-10401.utweb.bench.utorrent.com/e?i=4101&e=eyJldmVudE5hbWUiOiJ1dHdlYiIsImFjdGlvbiI6ImFkQmxvY2suYWJzZW50LnBhZ2Vsb2FkIiwiQlVJTERfTlVNQkVSIjoiMTA0MDEiLCJhcHBOYW1lIjoidXR3ZWIiLCJhcHBWZXJzaW9uIjoiMS4zLjAuNTY3Mi4xMDQwMSIsImlzVXR3ZWIiOnRydWUsInR1dG9yaWFsVmlkZW9IYXNoTGlzdCI6WyI4MGIzOWEyZTM3YWEzNTJjZDJmY2JmYmVmN2M0YTZlOWU4Y2ZlNDM4IiwiOWEyM2JlNmM1NWQ1ZjhkMWUyODI2MGU0MDNiYWU1NDEyNDQzNTc5ZSIsIjM4ZTk3MjM0ZmQ2MGM0ZjMwMzQ0ZDlmYWU4MDg5OWE3NWZjZmJmZmUiLCI2MWIzYjg4NTZjNDgzOWVkZjUxZjVjMjM0NjU5OWI2YmVjNTI0MTQ1IiwiNTYyZTI5Yzc4MzZkYWRiY2Y1NWIzZGViZjgzMDYzMjcxNzY5Yzk0ZiJdLCJ1dWlkIjoiYjA4YjAyNWM5YjM0ZWUxMTkxNTAxMmE5ODY2Yzc3ZGUiLCJnYUJsb2NrZXJEZXRlY3RlZCI6ZmFsc2UsImJlbmNoR2VvIjoiIiwidXR3ZWJTYW1wbGVSYXRlIjoxfQ==	US	binary	21 b	suspicious
3616	utweb_installer.exe	POST	200	34.238.68.92:80	http://i-4101.b-5672.utweb.bench.utorrent.com/e?i=4101	US	binary	21 b	suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2140	utweb.exe	109.252.128.21:1875	—	—	—	unknown
1088	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
2640	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
2256	utweb_installer.tmp	13.225.84.76:443	d4w1kp01cnm54.cloudfront.net	AMAZON-02	US	unknown
2256	utweb_installer.tmp	18.66.107.195:443	d3cfdnjelz8u20.cloudfront.net	AMAZON-02	US	unknown
2256	utweb_installer.tmp	18.66.97.76:443	api.playanext.com	—	US	suspicious
2256	utweb_installer.tmp	52.222.206.176:443	d4bohzj3dmv4j.cloudfront.net	AMAZON-02	US	unknown
2256	utweb_installer.tmp	67.215.238.66:443	download-lb.utorrent.com	ASN-QUADRANET-GLOBAL	US	suspicious

DNS requests

Domain	IP	Reputation
d4w1kp01cnm54.cloudfront.net	13.225.84.76 13.225.84.24 13.225.84.53 13.225.84.109	whitelisted
d3cfdnjelz8u20.cloudfront.net	18.66.107.195 18.66.107.12 18.66.107.151 18.66.107.74	whitelisted
api.playanext.com	18.66.97.76 18.66.97.18 18.66.97.82 18.66.97.48	whitelisted
d4bohzj3dmv4j.cloudfront.net	52.222.206.176 52.222.206.185 52.222.206.112 52.222.206.57	whitelisted
download-lb.utorrent.com	67.215.238.66	whitelisted
i-4101.b-5672.utweb.bench.utorrent.com	34.238.68.92 54.243.104.126 52.207.25.148 44.194.174.147 34.196.201.5 44.213.167.216 52.54.2.219 35.171.174.173	suspicious
dht.libtorrent.org	185.157.221.247	suspicious
router.bittorrent.com	67.215.246.10	shared
router.utorrent.com	82.221.103.244	whitelisted
web.utorrent.com	13.224.189.62 13.224.189.34 13.224.189.97 13.224.189.61	shared

Threats

PID	Process	Class	Message
3616	utweb_installer.exe	Potentially Bad Traffic	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
3616	utweb_installer.exe	Potentially Bad Traffic	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
2140	utweb.exe	Potential Corporate Privacy Violation	ET P2P BitTorrent DHT ping request
2140	utweb.exe	Potentially Bad Traffic	ET POLICY Executable served from Amazon S3
2140	utweb.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP

Add for printing

No debug info

General Info

utweb_installer.exe

11A5830F7F4A1037D8230587944548F1

334FE1859D430D72C0CC031B609AECD6CE89AFAC

1BB2C481300ADDBA00EC81DDE4C27895677DA7EC64DD5E84E0881C2344BFC442

24576:e4nXubIQGyxbPV0db26wzeYCWWAmCdqotxoBcXRGEtLi+F/WY4O5bu:eqe3f606VWlmCdqogBcvhtlg

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Loads dropped or rewritten executable

Application was dropped or rewritten from another process

SUSPICIOUS

Executable content was dropped or overwritten

Reads the Windows owner or organization settings

Reads settings of System Certificates

The process creates files with name similar to system file names

Reads the Internet Settings

Reads security settings of Internet Explorer

Checks Windows Trust Settings

INFO

Checks supported languages

Create files in a temporary directory

Reads the computer name

The process checks LSA protection

Application was dropped or rewritten from another process

Reads the machine GUID from the registry

Checks proxy server information

Creates files or folders in the user directory

Application launched itself

Malware configuration

Static information

TRiD

EXIF

EXE

Summary

DOS Header

PE Headers

Sections

Resources

Imports

Exports

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings