URL:

http://web.utorrent.com

Full analysis: https://app.any.run/tasks/28ad8095-9012-4c72-b13c-037e1011bc52
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 28, 2020, 06:34:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
pua
lavasoft
loader
Indicators:
MD5:

E253046CDABD208CC528BB19418986EA

SHA1:

11F10583F10E7A1D3F4A8C5EC3E382159A3A15FF

SHA256:

445D1B60CC72540529D9017A35BB64B7C398641A96C21F374FA6D162AB0BFEB7

SSDEEP:

3:N1KJAERKORLKn:COEBRLK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • utweb_installer.exe (PID: 1904)
      • utweb_installer.exe (PID: 4040)
      • installer.exe (PID: 1260)
      • Carrier.exe (PID: 1256)
      • GenericSetup.exe (PID: 1264)
      • utweb.exe (PID: 1468)

    • Loads dropped or rewritten executable

      • GenericSetup.exe (PID: 1264)
      • Carrier.exe (PID: 1256)
      • utweb.exe (PID: 1468)

    • Loads the Task Scheduler COM API

      • GenericSetup.exe (PID: 1264)

    • Changes the autorun value in the registry

      • utweb.exe (PID: 1468)

    • LAVASOFT was detected

      • installer.exe (PID: 1260)

    • Downloads executable files from the Internet

      • utweb.exe (PID: 1468)

    • Changes settings of System certificates

      • GenericSetup.exe (PID: 1264)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2100)
      • chrome.exe (PID: 884)
      • utweb_installer.exe (PID: 1904)
      • Carrier.exe (PID: 1256)
      • utweb.exe (PID: 1468)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2100)

    • Reads the Windows organization settings

      • GenericSetup.exe (PID: 1264)

    • Reads Environment values

      • GenericSetup.exe (PID: 1264)

    • Reads Windows owner or organization settings

      • GenericSetup.exe (PID: 1264)

    • Creates a software uninstall entry

      • Carrier.exe (PID: 1256)

    • Reads Internet Cache Settings

      • Carrier.exe (PID: 1256)

    • Modifies the open verb of a shell class

      • Carrier.exe (PID: 1256)

    • Executed via Task Scheduler

      • cmd.exe (PID: 2108)

    • Creates files in the user directory

      • Carrier.exe (PID: 1256)
      • utweb.exe (PID: 1468)

    • Starts CMD.EXE for commands execution

      • GenericSetup.exe (PID: 1264)

    • Starts Internet Explorer

      • utweb.exe (PID: 1468)

    • Searches for installed software

      • GenericSetup.exe (PID: 1264)

    • Adds / modifies Windows certificates

      • GenericSetup.exe (PID: 1264)

  • INFO

    • Reads Internet Cache Settings

      • chrome.exe (PID: 2100)
      • iexplore.exe (PID: 4040)
      • iexplore.exe (PID: 3708)

    • Reads the hosts file

      • chrome.exe (PID: 2100)
      • chrome.exe (PID: 884)

    • Application launched itself

      • chrome.exe (PID: 2100)
      • iexplore.exe (PID: 4040)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2100)
      • GenericSetup.exe (PID: 1264)
      • chrome.exe (PID: 884)
      • utweb.exe (PID: 1468)
      • iexplore.exe (PID: 3708)
      • iexplore.exe (PID: 4040)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3708)

    • Creates files in the user directory

      • iexplore.exe (PID: 3708)
      • iexplore.exe (PID: 4040)

    • Changes settings of System certificates

      • iexplore.exe (PID: 4040)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 4040)

    • Changes internet zones settings

      • iexplore.exe (PID: 4040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
84
Monitored processes
37
Malicious processes
8
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs utweb_installer.exe no specs utweb_installer.exe #LAVASOFT installer.exe chrome.exe no specs genericsetup.exe cmd.exe no specs carrier.exe cmd.exe no specs utweb.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
728"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,2492978707893793246,8121804726781981629,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2974839115827386282 --mojo-platform-channel-handle=4196 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
860"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,2492978707893793246,8121804726781981629,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=18003285970878009066 --mojo-platform-channel-handle=4680 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
884"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,2492978707893793246,8121804726781981629,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=15550816157542317003 --mojo-platform-channel-handle=1596 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1044"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,2492978707893793246,8121804726781981629,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=6790164241906646891 --mojo-platform-channel-handle=4084 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1256"C:\Users\admin\AppData\Local\Temp\7zS07720563\Carrier.exe" /SC:\Users\admin\AppData\Local\Temp\7zS07720563\Carrier.exe
cmd.exe
User:
admin
Company:
BitTorrent, Inc.
Integrity Level:
HIGH
Description:
uTorrent Web
Exit code:
0
Version:
1.1.0.2686
Modules
Images
c:\users\admin\appdata\local\temp\7zs07720563\carrier.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1260.\installer.exeC:\Users\admin\AppData\Local\Temp\7zS07720563\installer.exe
utweb_installer.exe
User:
admin
Company:
adaware
Integrity Level:
HIGH
Description:
uTorrent Web
Exit code:
0
Version:
1.0.2.2892
Modules
Images
c:\users\admin\appdata\local\temp\7zs07720563\installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1264"C:\Users\admin\AppData\Local\Temp\7zS07720563\GenericSetup.exe" C:\Users\admin\AppData\Local\Temp\7zS07720563\GenericSetup.exe C:\Users\admin\AppData\Local\Temp\7zS07720563\GenericSetup.exe
installer.exe
User:
admin
Company:
Adaware
Integrity Level:
HIGH
Description:
uTorrent Web
Exit code:
3221225547
Version:
1.0.2.2892
Modules
Images
c:\users\admin\appdata\local\temp\7zs07720563\genericsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1468"C:\Users\admin\AppData\Roaming\uTorrent Web\utweb.exe" /RUNONSTARTUPC:\Users\admin\AppData\Roaming\uTorrent Web\utweb.exe
cmd.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
µTorrent Web
Exit code:
0
Version:
1.1.0.2686
Modules
Images
c:\users\admin\appdata\roaming\utorrent web\utweb.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll
1472"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,2492978707893793246,8121804726781981629,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8944583728941948655 --mojo-platform-channel-handle=3920 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1896"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,2492978707893793246,8121804726781981629,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=18344619997695693823 --mojo-platform-channel-handle=1044 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
13 426
Read events
11 904
Write events
1 512
Delete events
10

Modification events

(PID) Process:(2808) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2100-13235121293999875
Value:
259
(PID) Process:(2100) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2100) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2100) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2100) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2100) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2100) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2100) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2100) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3120-13213713943555664
Value:
0
(PID) Process:(2100) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
42
Suspicious files
115
Text files
356
Unknown types
58

Dropped files

PID
Process
Filename
Type
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5ECF5B8E-834.pma
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\33d6314e-1b99-46ea-84f1-4cb1f21cb071.tmp
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF129c19.TMPtext
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF129c19.TMPtext
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2100chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF129e5b.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
126
DNS requests
67
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
884
chrome.exe
GET
302
172.217.21.206:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
518 b
whitelisted
3708
iexplore.exe
GET
200
52.222.168.157:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
884
chrome.exe
GET
302
172.217.21.206:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
523 b
whitelisted
3708
iexplore.exe
GET
200
52.222.168.157:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
884
chrome.exe
GET
200
173.194.184.167:80
http://r2---sn-p5qlsndz.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Qx&mip=85.203.20.17&mm=28&mn=sn-p5qlsndz&ms=nvh&mt=1590647611&mv=m&mvi=1&pl=24&shardbypass=yes
US
crx
816 Kb
whitelisted
3708
iexplore.exe
GET
200
52.222.168.55:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
3708
iexplore.exe
GET
200
52.222.168.157:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
1468
utweb.exe
GET
200
178.79.242.181:80
http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall
DE
executable
3.88 Mb
suspicious
3708
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
3708
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCJIRnrbzaAWwIAAAAAZzJX
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
884
chrome.exe
172.217.18.163:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
884
chrome.exe
52.222.167.13:80
web.utorrent.com
Amazon.com, Inc.
US
unknown
884
chrome.exe
178.79.242.19:443
www.utorrent.com
Limelight Networks, Inc.
DE
suspicious
884
chrome.exe
209.197.3.15:443
netdna.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
884
chrome.exe
209.197.3.24:443
code.jquery.com
Highwinds Network Group, Inc.
US
malicious
884
chrome.exe
172.217.21.234:443
fonts.googleapis.com
Google Inc.
US
whitelisted
884
chrome.exe
104.16.133.229:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
884
chrome.exe
52.222.167.195:443
cdn-assets.bittorrent.com
Amazon.com, Inc.
US
malicious
884
chrome.exe
172.217.16.142:443
www.google-analytics.com
Google Inc.
US
whitelisted
884
chrome.exe
62.113.194.12:443
cl.qualaroo.com
23media GmbH
DE
suspicious

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.18.163
whitelisted
web.utorrent.com
  • 52.222.167.13
  • 52.222.167.95
  • 52.222.167.199
  • 52.222.167.156
shared
accounts.google.com
  • 172.217.22.45
shared
www.utorrent.com
  • 178.79.242.19
whitelisted
netdna.bootstrapcdn.com
  • 209.197.3.15
whitelisted
code.jquery.com
  • 209.197.3.24
whitelisted
fonts.googleapis.com
  • 172.217.21.234
whitelisted
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
fonts.gstatic.com
  • 172.217.22.3
whitelisted
cdnjs.cloudflare.com
  • 104.16.133.229
  • 104.16.132.229
whitelisted

Threats

PID
Process
Class
Message
1260
installer.exe
A Network Trojan was detected
ET MALWARE Lavasoft PUA/Adware Client Install
1256
Carrier.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1256
Carrier.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
1468
utweb.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
1468
utweb.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
GenericSetup.exe
Error: File not found - h2osciter:console.tis
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
GenericSetup.exe
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
at sciter:init-script.tis
GenericSetup.exe
GenericSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://web.utorrent.com