File name:

PicoTorrent-0.25.0-x64.exe

Full analysis: https://app.any.run/tasks/003cedff-fcf4-49b1-a3c3-36d0efed9d9c
Verdict: Malicious activity
Analysis date: June 12, 2024, 18:55:13
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

D665E9AFBE4D8AAC93ED80E3D9167AB5

SHA1:

732E0FC16A7212535E9B8AE241186EFC8839680F

SHA256:

3B034AC4EFF0FC296634C27C8B41B2629D57284A4BB1E366150FD04CFA23D801

SSDEEP:

98304:TLbkHLWqniKHqv1MWVracIJrxoUTUlvmqs+t0/m2Bqo2lzFmBxvRpl29/sNq/4dk:oeEaJcs96Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • PicoTorrent-0.25.0-x64.exe (PID: 4628)
      • PicoTorrent-0.25.0-x64.exe (PID: 1428)
      • PicoTorrent-0.25.0-x64.exe (PID: 628)
      • msiexec.exe (PID: 2308)

    • Changes the autorun value in the registry

      • PicoTorrent-0.25.0-x64.exe (PID: 628)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • PicoTorrent-0.25.0-x64.exe (PID: 4628)
      • PicoTorrent-0.25.0-x64.exe (PID: 1428)
      • PicoTorrent-0.25.0-x64.exe (PID: 628)

    • Starts itself from another location

      • PicoTorrent-0.25.0-x64.exe (PID: 4628)
      • PicoTorrent-0.25.0-x64.exe (PID: 1428)

    • The process creates files with name similar to system file names

      • PicoTorrent-0.25.0-x64.exe (PID: 1428)

    • Reads security settings of Internet Explorer

      • PicoTorrent-0.25.0-x64.exe (PID: 1428)

    • Searches for installed software

      • PicoTorrent-0.25.0-x64.exe (PID: 1428)
      • PicoTorrent-0.25.0-x64.exe (PID: 628)
      • dllhost.exe (PID: 3500)

    • Reads the date of Windows installation

      • PicoTorrent-0.25.0-x64.exe (PID: 1428)

    • Creates a software uninstall entry

      • PicoTorrent-0.25.0-x64.exe (PID: 628)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 2308)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4384)

  • INFO

    • Create files in a temporary directory

      • PicoTorrent-0.25.0-x64.exe (PID: 4628)
      • PicoTorrent-0.25.0-x64.exe (PID: 1428)
      • PicoTorrent-0.25.0-x64.exe (PID: 628)

    • Checks supported languages

      • PicoTorrent-0.25.0-x64.exe (PID: 4628)
      • PicoTorrent-0.25.0-x64.exe (PID: 1428)
      • PicoTorrent-0.25.0-x64.exe (PID: 628)
      • msiexec.exe (PID: 2308)
      • msiexec.exe (PID: 432)
      • msiexec.exe (PID: 1116)
      • PicoTorrent.exe (PID: 6192)
      • crashpad_handler.exe (PID: 6220)

    • Reads the machine GUID from the registry

      • PicoTorrent-0.25.0-x64.exe (PID: 1428)
      • PicoTorrent-0.25.0-x64.exe (PID: 628)
      • PicoTorrent.exe (PID: 6192)

    • Reads the computer name

      • PicoTorrent-0.25.0-x64.exe (PID: 1428)
      • PicoTorrent-0.25.0-x64.exe (PID: 628)
      • msiexec.exe (PID: 2308)
      • msiexec.exe (PID: 432)
      • msiexec.exe (PID: 1116)
      • PicoTorrent.exe (PID: 6192)

    • Process checks computer location settings

      • PicoTorrent-0.25.0-x64.exe (PID: 1428)

    • Creates files in the program directory

      • PicoTorrent-0.25.0-x64.exe (PID: 628)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2308)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2308)

    • Creates files or folders in the user directory

      • PicoTorrent.exe (PID: 6192)
      • crashpad_handler.exe (PID: 6220)

    • Reads the software policy settings

      • PicoTorrent.exe (PID: 6192)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:09:17 05:33:38+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.16
CodeSize: 299008
InitializedDataSize: 185856
UninitializedDataSize: -
EntryPoint: 0x2df71
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 0.25.0.0
ProductVersionNumber: 0.25.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: PicoTorrent contributors.
FileDescription: PicoTorrent
FileVersion: 0.25.0
InternalName: setup
LegalCopyright: Copyright (c) PicoTorrent contributors.. All rights reserved.
OriginalFileName: PicoTorrent-0.25.0-x64.exe
ProductName: PicoTorrent
ProductVersion: 0.25.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
131
Monitored processes
12
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start picotorrent-0.25.0-x64.exe picotorrent-0.25.0-x64.exe picotorrent-0.25.0-x64.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe no specs picotorrent.exe crashpad_handler.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
432C:\Windows\syswow64\MsiExec.exe -Embedding 1C03BF946F1CA17138E17E90DB2242DBC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
628"C:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.be\PicoTorrent-0.25.0-x64.exe" -q -burn.elevated BurnPipe.{0A50FDA2-B87F-4DA7-8C72-871EF76E643E} {8A34CA4D-D238-4FF5-868A-1856DB6E8EEE} 1428C:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.be\PicoTorrent-0.25.0-x64.exe
PicoTorrent-0.25.0-x64.exe
User:
admin
Company:
PicoTorrent contributors.
Integrity Level:
HIGH
Description:
PicoTorrent
Exit code:
0
Version:
0.25.0
Modules
Images
c:\users\admin\appdata\local\temp\{16c60eca-7c9b-4f6a-a45d-9623072b47f6}\.be\picotorrent-0.25.0-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1116C:\Windows\syswow64\MsiExec.exe -Embedding DC93766BCF663732ECD99D1124434C9F E Global\MSI0000C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1428"C:\Users\admin\AppData\Local\Temp\{F0340944-B230-43C1-8489-1DBC74705061}\.cr\PicoTorrent-0.25.0-x64.exe" -burn.clean.room="C:\Users\admin\Desktop\PicoTorrent-0.25.0-x64.exe" -burn.filehandle.attached=580 -burn.filehandle.self=688 C:\Users\admin\AppData\Local\Temp\{F0340944-B230-43C1-8489-1DBC74705061}\.cr\PicoTorrent-0.25.0-x64.exe
PicoTorrent-0.25.0-x64.exe
User:
admin
Company:
PicoTorrent contributors.
Integrity Level:
MEDIUM
Description:
PicoTorrent
Exit code:
0
Version:
0.25.0
Modules
Images
c:\users\admin\appdata\local\temp\{f0340944-b230-43c1-8489-1dbc74705061}\.cr\picotorrent-0.25.0-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2308C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3500C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
4004C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4384C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4628"C:\Users\admin\Desktop\PicoTorrent-0.25.0-x64.exe" C:\Users\admin\Desktop\PicoTorrent-0.25.0-x64.exe
explorer.exe
User:
admin
Company:
PicoTorrent contributors.
Integrity Level:
MEDIUM
Description:
PicoTorrent
Exit code:
0
Version:
0.25.0
Modules
Images
c:\users\admin\desktop\picotorrent-0.25.0-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5520\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
14 711
Read events
14 328
Write events
348
Delete events
35

Modification events

(PID) Process:(1428) PicoTorrent-0.25.0-x64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1428) PicoTorrent-0.25.0-x64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1428) PicoTorrent-0.25.0-x64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1428) PicoTorrent-0.25.0-x64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(628) PicoTorrent-0.25.0-x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
40000000000000008A919A1AFABCDA01740200007C0A0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3500) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000008A919A1AFABCDA01AC0D00004C0F0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3500) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000F14EFC1AFABCDA01AC0D00004C0F0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3500) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000F14EFC1AFABCDA01AC0D00004C0F0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3500) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000CD65031BFABCDA01AC0D00004C0F0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3500) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
48000000000000002AC9051BFABCDA01AC0D00004C0F0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
18
Suspicious files
22
Text files
31
Unknown types
3

Dropped files

PID
Process
Filename
Type
4628PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{F0340944-B230-43C1-8489-1DBC74705061}\.cr\PicoTorrent-0.25.0-x64.exeexecutable
MD5:8DA17393A6D1624FCD44EB1F51748573
SHA256:4FCED138B8633794D36F0E7B1E9EB50C4D1FC9C61956D22D82C003BF9AA5E070
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\1036\mbapreq.wxlxml
MD5:AA32A059AADD42431F7837CB1BE7257F
SHA256:88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\1029\mbapreq.wxlxml
MD5:CC8C6D04DC707B38E0F0C08BA16FE49B
SHA256:DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\1035\mbapreq.wxlxml
MD5:E338408F1101499EB22507A3451F7B06
SHA256:B7D9528F29761C82C3D926EFE5E0D5036A0E0D83EB4CCA7282846C86A9D6F9F3
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\BootstrapperCore.dllexecutable
MD5:B0D10A2A622A322788780E7A3CBB85F3
SHA256:F2C2B3CE2DF70A3206F3111391FFC7B791B32505FA97AEF22C0C2DBF6F3B0426
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\mbahost.dllexecutable
MD5:C59832217903CE88793A6C40888E3CAE
SHA256:9DFA1BC5D2AB4C652304976978749141B8C312784B05CB577F338A0AA91330DB
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\mbapreq.dllexecutable
MD5:FE7E0BD53F52E6630473C31299A49FDD
SHA256:2BEA14D70943A42D344E09B7C9DE5562FA7E109946E1C615DD584DA30D06CC80
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\mbapreq.wxlxml
MD5:4D2C8D10C5DCCA6B938B71C8F02CA8A8
SHA256:C63DE5F309502F9272402587A6BE22624D1BC2FEACD1BD33FB11E44CD6614B96
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\mbapreq.pngimage
MD5:A356956FD269567B8F4612A33802637B
SHA256:A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
1428PicoTorrent-0.25.0-x64.exeC:\Users\admin\AppData\Local\Temp\{16C60ECA-7C9B-4F6A-A45D-9623072B47F6}\.ba\1030\mbapreq.wxlxml
MD5:7C6E4CE87870B3B5E71D3EF4555500F8
SHA256:CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
28
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5632
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5632
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5520
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
GET
null:443
https://api.picotorrent.org/releases/latest
unknown
POST
200
20.42.65.94:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
9 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
5632
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4364
svchost.exe
239.255.255.250:1900
unknown
5140
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5520
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5632
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
5632
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
5520
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
5456
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
router.bittorrent.com
  • 67.215.246.10
shared
router.utorrent.com
  • 82.221.103.244
whitelisted
dht.transmissionbt.com
  • 87.98.162.88
  • 212.129.33.59
unknown
dht.aelitis.com
  • 34.229.89.117
malicious
api.picotorrent.org
  • 37.123.190.138
unknown
self.events.data.microsoft.com
  • 20.42.73.30
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PicoTorrent-0.25.0-x64.exe