File name:

qbittorrent_enhanced_5.0.5.10_x64_setup.exe

Full analysis: https://app.any.run/tasks/a447c6de-4696-439e-8326-4bf0fe7cb83d
Verdict: Malicious activity
Analysis date: May 02, 2025, 21:13:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

711F75DCA03C0D3998EDFF580C6F8872

SHA1:

0E0CE8F404CA3BAC50892856B78B53B7460FE6EA

SHA256:

44A4E7493806F2D0FC779D05E70153634B46E2521ADBF19984C4936E5B101958

SSDEEP:

196608:ysR5xcqFWwKPQo6XwwzzCuj7YGnSYZ3QzYQ7neFBGs/:vlO96XwuzIlYJQzYgeFl/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)
      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

    • Reads security settings of Internet Explorer

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

    • Application launched itself

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)

    • The process creates files with name similar to system file names

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

    • There is functionality for taking screenshot (YARA)

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)
      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)

    • Creates a software uninstall entry

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

    • Starts CMD.EXE for commands execution

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

  • INFO

    • Checks supported languages

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)
      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

    • The sample compiled with english language support

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)

    • Reads the computer name

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)
      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

    • Create files in a temporary directory

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)
      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

    • Process checks computer location settings

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 4040)

    • Creates files in the program directory

      • qbittorrent_enhanced_5.0.5.10_x64_setup.exe (PID: 6112)

    • Checks proxy server information

      • slui.exe (PID: 2772)

    • Reads the software policy settings

      • slui.exe (PID: 2772)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:08:01 02:44:18+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x35d8
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.0.5.10
ProductVersionNumber: 5.0.5.10
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: The qBittorrent Enhanced project
FileDescription: qBittorrent Enhanced - A Enhanced Bittorrent Client
FileVersion: 5.0.5.10
LegalCopyright: Copyright ©2006-2025 The qBittorrent project
ProductName: qBittorrent Enhanced
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
131
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start qbittorrent_enhanced_5.0.5.10_x64_setup.exe qbittorrent_enhanced_5.0.5.10_x64_setup.exe cmd.exe no specs conhost.exe no specs compact.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
728COMPACT /C "C:\Program Files\qBittorrent\qbittorrent.pdb"C:\Windows\SysWOW64\compact.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
File Compress Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\compact.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2772C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4040"C:\Users\admin\Desktop\qbittorrent_enhanced_5.0.5.10_x64_setup.exe" C:\Users\admin\Desktop\qbittorrent_enhanced_5.0.5.10_x64_setup.exe
explorer.exe
User:
admin
Company:
The qBittorrent Enhanced project
Integrity Level:
MEDIUM
Description:
qBittorrent Enhanced - A Enhanced Bittorrent Client
Exit code:
0
Version:
5.0.5.10
Modules
Images
c:\users\admin\desktop\qbittorrent_enhanced_5.0.5.10_x64_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4628\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5112"cmd.exe" /c COMPACT /C "C:\Program Files\qBittorrent\qbittorrent.pdb"C:\Windows\SysWOW64\cmd.exeqbittorrent_enhanced_5.0.5.10_x64_setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6112"C:\Users\admin\Desktop\qbittorrent_enhanced_5.0.5.10_x64_setup.exe" /UAC:7030E /NCRC C:\Users\admin\Desktop\qbittorrent_enhanced_5.0.5.10_x64_setup.exe
qbittorrent_enhanced_5.0.5.10_x64_setup.exe
User:
admin
Company:
The qBittorrent Enhanced project
Integrity Level:
HIGH
Description:
qBittorrent Enhanced - A Enhanced Bittorrent Client
Exit code:
0
Version:
5.0.5.10
Modules
Images
c:\users\admin\desktop\qbittorrent_enhanced_5.0.5.10_x64_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
3 910
Read events
3 891
Write events
19
Delete events
0

Modification events

(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent
Operation:writeName:DisplayName
Value:
qBittorrent
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent
Operation:writeName:UninstallString
Value:
"C:\Program Files\qBittorrent\uninst.exe"
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent
Operation:writeName:DisplayIcon
Value:
"C:\Program Files\qBittorrent\qbittorrent.exe",0
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent
Operation:writeName:Publisher
Value:
The qBittorrent project
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent
Operation:writeName:URLInfoAbout
Value:
https://www.qbittorrent.org
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent
Operation:writeName:DisplayVersion
Value:
5.0.5.10
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent
Operation:writeName:NoModify
Value:
1
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent
Operation:writeName:NoRepair
Value:
1
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem
Operation:writeName:LongPathsEnabled
Value:
1
(PID) Process:(6112) qbittorrent_enhanced_5.0.5.10_x64_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\qBittorrent
Operation:writeName:Installer Language
Value:
1033
Executable files
8
Suspicious files
37
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Program Files\qBittorrent\qbittorrent.exe
MD5:
SHA256:
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Program Files\qBittorrent\qbittorrent.pdb
MD5:
SHA256:
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Users\admin\AppData\Local\Temp\nsiCBB0.tmp\LangDLL.dllexecutable
MD5:014A3BE4A7C1CCB217916DBF4F222BD1
SHA256:09ACFC5EE34A1DFA1AF3A9D34F00C3B1327B56641FEEBD536E13752349C08AC8
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Users\admin\AppData\Local\Temp\nsiCBB0.tmp\UAC.dllexecutable
MD5:ADB29E6B186DAA765DC750128649B63D
SHA256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Users\admin\AppData\Local\Temp\nsiCBB0.tmp\nsDialogs.dllexecutable
MD5:48F3E7860E1DE2B4E63EC744A5E9582A
SHA256:6BF9CCCD8A600F4D442EFE201E8C07B49605BA35F49A4B3AB22FA2641748E156
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Users\admin\AppData\Local\Temp\nsiCBB0.tmp\FindProcDLL.dllexecutable
MD5:B4FAF654DE4284A89EAF7D073E4E1E63
SHA256:C0948B2EC36A69F82C08935FAC4B212238B6792694F009B93B4BDB478C4F26E3
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Users\admin\AppData\Local\Temp\nsiCBB0.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Program Files\qBittorrent\translations\qt_sl.qmbinary
MD5:D35A0FE35476BE8BD149CEE46E42B5E9
SHA256:C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Program Files\qBittorrent\translations\qt_pt_PT.qmbinary
MD5:6656500F7A28EF820AE9F97FD47FB5BB
SHA256:2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
6112qbittorrent_enhanced_5.0.5.10_x64_setup.exeC:\Program Files\qBittorrent\translations\qtbase_bg.qmbinary
MD5:660413AD666A6B31A1ACF8F216781D6E
SHA256:E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
23
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
2104
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
976
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2772
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 2.19.11.105
  • 2.19.11.120
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
  • 20.83.72.98
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
qbittorrent_enhanced_5.0.5.10_x64_setup.exe