File name:

Sleep Away.mp3

Full analysis: https://app.any.run/tasks/239d2e49-38e2-48dc-9486-ed0820c07017
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 28, 2018, 20:07:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/octet-stream
File info: Audio file with ID3 version 2.3.0
MD5:

B8B5BD53E23DD40B5C4A650E272F2E19

SHA1:

608243FA9E4C194D24AD094A95F52A9322BDFA89

SHA256:

2D282AEFDEE57DC3F024314EC0032DC146A92B63182701E3AD4C5B4B2F83605C

SSDEEP:

98304:UG/wPAIazhE3Q0RWrOo7vjdJiYs8m8oq7Y8WuXaJvWCXhzwuozqSns:z4PH3QmSLdJThoq0Nua9Wnzps

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads the Task Scheduler COM API

      • software_reporter_tool.exe (PID: 3204)

  • SUSPICIOUS

    • Creates files in the user directory

      • vlc.exe (PID: 2832)
      • uTorrent.exe (PID: 3880)

    • Changes IE settings (feature browser emulation)

      • uTorrent.exe (PID: 3880)

    • Reads internet explorer settings

      • utorrentie.exe (PID: 3384)
      • utorrentie.exe (PID: 2504)

    • Application launched itself

      • software_reporter_tool.exe (PID: 3204)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 3396)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3396)

    • Dropped object may contain URL's

      • uTorrent.exe (PID: 3880)
      • vlc.exe (PID: 2832)
      • chrome.exe (PID: 3396)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.mp3 | MP3 audio (ID3 v2.x tag) (100)

EXIF

ID3

AverageLevel: 2939
WM_MediaClassSecondaryID: 00000000-0000-0000-0000-000000000000
WM_MediaClassPrimaryID: D1607DBC-E323-4BE2-86A1-48A42A28441E
PeakValue: 32161
PictureMIMEType: image/jpeg
PictureType: Front Cover
PictureDescription: thumbnail
Picture: (Binary data 27852 bytes, use -b option to extract)
Track: 3
Album: Bob Acri
Year: 2004
Title: Sleep Away
Genre: Jazz
Band: Bob Acri
Composer: Robert R. Acri
Artist: Bob Acri
Comment: Blujazz Productions

Composite

DateTimeOriginal: 2004
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
12
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start vlc.exe utorrent.exe utorrentie.exe no specs utorrentie.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1016"c:\users\admin\appdata\local\google\chrome\user data\swreporter\23.129.0\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=23.129.0 --initial-client-data=0xe4,0xec,0xf0,0xe8,0xf4,0xcbc42c,0xcbc43c,0xcbc44cc:\users\admin\appdata\local\google\chrome\user data\swreporter\23.129.0\software_reporter_tool.exesoftware_reporter_tool.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
0
Version:
23.129.0
Modules
Images
c:\users\admin\appdata\local\google\chrome\user data\swreporter\23.129.0\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
2020"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,771960416131895365,14895946739638557741,131072 --service-pipe-token=724CB7648E978827DF418703A29BBF3C --lang=en-US --disable-client-side-phishing-detection --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=724CB7648E978827DF418703A29BBF3C --renderer-client-id=5 --mojo-platform-channel-handle=1564 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=61.0.3163.100 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x68227d7c,0x68227da4,0x68227d8cC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2504"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe" uTorrent_3880_003079C8_728802861 µTorrent4823DF041B09 uTorrentC:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exeuTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.5.0_44090\utorrentie.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2832"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Temp\Sleep Away.mp3"C:\Program Files\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Exit code:
0
Version:
2.2.6
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3040"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,771960416131895365,14895946739638557741,131072 --service-pipe-token=C1750AA1CE4C136B784C4DC1398742C4 --lang=en-US --disable-client-side-phishing-detection --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=C1750AA1CE4C136B784C4DC1398742C4 --renderer-client-id=4 --mojo-platform-channel-handle=1620 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3204"C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwReporter\23.129.0\software_reporter_tool.exe" --session-id=0/CUf71yAoBj9383yekthIfEXoglSk1j3jIaUBOyC:\Users\admin\AppData\Local\Google\Chrome\User Data\SwReporter\23.129.0\software_reporter_tool.exechrome.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
2
Version:
23.129.0
Modules
Images
c:\users\admin\appdata\local\google\chrome\user data\swreporter\23.129.0\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
3384"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe" uTorrent_3880_00307898_63942299 µTorrent4823DF041B09 uTorrentC:\Users\admin\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exeuTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.5.0_44090\utorrentie.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3396"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exeexplorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3880"C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
explorer.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
µTorrent
Exit code:
0
Version:
3.5.0.44090
Modules
Images
c:\users\admin\appdata\roaming\utorrent\utorrent.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
Total events
1 055
Read events
763
Write events
282
Delete events
10

Modification events

(PID) Process:(3880) uTorrent.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\8F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3880) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:utorrentie.exe
Value:
11000
(PID) Process:(3880) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
Operation:writeName:utorrentie.exe
Value:
1
(PID) Process:(3880) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION
Operation:writeName:utorrentie.exe
Value:
0
(PID) Process:(3880) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3880) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D00000009000000000000000000000000000000040000000000000090CE7F108CAFD301000000000000000000000000020000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A8640B000000000000000002000000C0A864640000000000000000000000000000000000000000000000000C00000C37D0000010A73800D8703600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081F800009000230090002300380023000000000000702C000A00000000000000F8412C00
(PID) Process:(2504) utorrentie.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{83CCBB90-220C-4C0F-9BBD-360241D30CC7}
Operation:writeName:WpadDecisionReason
Value:
1
(PID) Process:(2504) utorrentie.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{83CCBB90-220C-4C0F-9BBD-360241D30CC7}
Operation:writeName:WpadDecisionTime
Value:
40D1B977D0C6D301
(PID) Process:(2504) utorrentie.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{83CCBB90-220C-4C0F-9BBD-360241D30CC7}
Operation:writeName:WpadDecision
Value:
3
(PID) Process:(2504) utorrentie.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{83CCBB90-220C-4C0F-9BBD-360241D30CC7}
Operation:writeName:WpadNetworkName
Value:
Network 6
Executable files
2
Suspicious files
36
Text files
47
Unknown types
2

Dropped files

PID
Process
Filename
Type
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCDAA.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF12.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF13.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF24.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF25.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF26.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF27.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF28.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF29.tmp
MD5:
SHA256:
2832vlc.exeC:\Users\admin\AppData\Local\Temp\VLCCF2A.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
129
DNS requests
31
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
68.232.34.240:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
whitelisted
GET
304
208.111.178.96:80
http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=35FmVrb4p-7SQFSt&v=111258682&ol=en&ul=&tk=stable34&c=uTorrent
US
whitelisted
GET
304
69.164.0.0:80
http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=35FmVrb4p-7SQFSt&v=111258682&ol=en&ul=&tk=stable34&c=uTorrent
US
whitelisted
GET
200
178.79.251.1:80
http://www.bt.co/network/index.html?site=954555&reload=true&rules=eyI0IjpbNF0sIjUiOls1XSwiMzgwIjpbMzgwLCA1XX0&adt=4&browser=ie&clientdata=utorrent%7c3%2e5%2e0%2e44090%7c290&geo=us&ie=8&page=torrent&w=498139398&langs=en
GB
html
599 b
whitelisted
GET
200
178.79.251.1:80
http://www.bt.co/adzerk/ados-00dce7.js
GB
text
25.1 Kb
whitelisted
GET
200
104.17.30.15:80
http://static.ap.bittorrent.com/ados.js
US
text
7.62 Kb
shared
GET
200
178.79.251.1:80
http://www.bt.co/network/start.html?langs=en
GB
html
1.34 Kb
whitelisted
GET
200
178.79.251.1:80
http://www.bt.co/assets/js/index-bundled.js
GB
text
109 Kb
whitelisted
GET
200
178.79.251.1:80
http://www.bt.co/assets/js/3p/ie8.js
GB
text
7.34 Kb
whitelisted
POST
200
54.235.208.27:80
http://i-30.b-44090.ut.bench.utorrent.com/e?i=30
US
text
21 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
68.232.34.240:80
www.download.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
54.235.208.27:80
i-30.b-44090.ut.bench.utorrent.com
Amazon.com, Inc.
US
whitelisted
69.164.0.0:80
apps.bittorrent.com
Limelight Networks, Inc.
US
suspicious
208.111.178.96:80
apps.bittorrent.com
Limelight Networks, Inc.
US
suspicious
52.222.173.17:80
now.bt.co
Amazon.com, Inc.
US
unknown
52.222.173.17:443
now.bt.co
Amazon.com, Inc.
US
unknown
173.254.195.58:80
update.bittorrent.com
QuadraNet, Inc
US
suspicious
208.111.178.129:80
cdn.ap.bittorrent.com
Limelight Networks, Inc.
US
suspicious
151.226.217.199:35000
Sky UK Limited
GB
unknown
90.150.199.42:61404
PJSC Rostelecom
RU
unknown

DNS requests

Domain
IP
Reputation
www.download.windowsupdate.com
  • 68.232.34.240
whitelisted
router.bittorrent.com
  • 67.215.246.10
shared
router.utorrent.com
  • 82.221.103.244
whitelisted
i-30.b-44090.ut.bench.utorrent.com
  • 54.235.208.27
  • 107.22.221.32
  • 174.129.255.167
  • 23.21.139.158
  • 23.23.215.82
  • 23.23.85.1
  • 54.197.251.114
  • 107.20.217.71
shared
apps.bittorrent.com
  • 208.111.178.96
  • 69.164.0.0
whitelisted
now.bt.co
  • 52.222.173.17
whitelisted
utclient.utorrent.com
  • 52.222.171.20
  • 52.222.171.254
  • 52.222.171.235
  • 52.222.171.47
  • 52.222.171.22
  • 52.222.171.38
  • 52.222.171.226
  • 52.222.171.196
shared
update.bittorrent.com
  • 173.254.195.58
whitelisted
cdn.ap.bittorrent.com
  • 208.111.178.129
  • 208.111.171.129
shared
i-29.b-44090.ut.bench.utorrent.com
  • 107.20.217.71
  • 23.23.85.1
  • 107.22.221.32
  • 23.21.139.158
  • 174.129.255.167
  • 23.23.215.82
  • 54.197.251.114
  • 54.235.208.27
shared

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
Misc Attack
ET CINS Active Threat Intelligence Poor Reputation IP group 87
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Process
Message
vlc.exe
core libvlc: one instance mode ENABLED
vlc.exe
core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
vlc.exe
mpgatofixed32 audio converter error: libmad error: bad main_data_begin pointer
vlc.exe
mpgatofixed32 audio converter error: libmad error: Huffman data overrun
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sleep Away.mp3