File name:

utorrent-for-windows-ru.exe

Full analysis: https://app.any.run/tasks/f2eb5dc4-7dea-404f-a666-c921d8273e0c
Verdict: Malicious activity
Analysis date: April 16, 2025, 16:16:25
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

699EEE9C5D4F3C79DF7080F63FD9D579

SHA1:

D9B8B6C06FF20B979C68EE14AA88EF3A6ABF5F4D

SHA256:

618FDCC08C81ACC946ED078F651F40070566B7866E34F5A2847D863BD2043B80

SSDEEP:

98304:sorb/9i4Oz0XJ3IOUZMK02TX2958hTrZaday0dCcCZnalyvc2n1aZln+t12dZ0P/:yhpg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • utorrent-for-windows-ru.exe (PID: 7656)

    • Opens an HTTP connection (SCRIPT)

      • cscript.exe (PID: 7324)

    • Sends HTTP request (SCRIPT)

      • cscript.exe (PID: 7324)

    • Creates internet connection object (SCRIPT)

      • cscript.exe (PID: 7324)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • utorrent-for-windows-ru.exe (PID: 7508)
      • utorrent-for-windows-ru.exe (PID: 7656)

    • Application launched itself

      • utorrent-for-windows-ru.exe (PID: 7508)

    • Runs PING.EXE to delay simulation

      • mshta.exe (PID: 7748)

    • The process executes JS scripts

      • mshta.exe (PID: 7748)

    • Accesses command line arguments (SCRIPT)

      • cscript.exe (PID: 7324)

    • Checks for external IP

      • svchost.exe (PID: 2196)
      • mshta.exe (PID: 7748)

  • INFO

    • Reads the machine GUID from the registry

      • utorrent-for-windows-ru.exe (PID: 7508)
      • utorrent-for-windows-ru.exe (PID: 7656)

    • Checks supported languages

      • utorrent-for-windows-ru.exe (PID: 7508)
      • utorrent-for-windows-ru.exe (PID: 7656)

    • The sample compiled with english language support

      • utorrent-for-windows-ru.exe (PID: 7508)

    • Reads the computer name

      • utorrent-for-windows-ru.exe (PID: 7508)
      • utorrent-for-windows-ru.exe (PID: 7656)

    • Creates files or folders in the user directory

      • utorrent-for-windows-ru.exe (PID: 7508)
      • utorrent-for-windows-ru.exe (PID: 7656)

    • Checks proxy server information

      • utorrent-for-windows-ru.exe (PID: 7508)
      • utorrent-for-windows-ru.exe (PID: 7656)
      • mshta.exe (PID: 7748)

    • Process checks computer location settings

      • utorrent-for-windows-ru.exe (PID: 7508)
      • utorrent-for-windows-ru.exe (PID: 7656)

    • Create files in a temporary directory

      • utorrent-for-windows-ru.exe (PID: 7508)
      • utorrent-for-windows-ru.exe (PID: 7656)

    • Reads security settings of Internet Explorer

      • cscript.exe (PID: 7324)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (39.3)
.exe | Win32 EXE Yoda's Crypter (38.6)
.dll | Win32 Dynamic Link Library (generic) (9.5)
.exe | Win32 Executable (generic) (6.5)
.exe | Generic Win/DOS Executable (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:11:18 21:31:28+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 2265088
InitializedDataSize: 126976
UninitializedDataSize: 3735552
EntryPoint: 0x5b8820
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 3.4.9.42973
ProductVersionNumber: 3.4.9.42973
FileFlagsMask: 0x002b
FileFlags: Special build
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: BitTorrent Inc.
FileDescription: µTorrent
FileVersion: 3.4.9.42973
InternalName: uTorrent.exe
OriginalFileName: uTorrent.exe
LegalCopyright: ©2016 BitTorrent, Inc. All Rights Reserved.
ProductName: µTorrent
ProductVersion: 3.4.9.42973
SpecialBuild: stable34 stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
9
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start utorrent-for-windows-ru.exe utorrent-for-windows-ru.exe mshta.exe sppextcomobj.exe no specs ping.exe no specs conhost.exe no specs cscript.exe conhost.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
7324"C:\Windows\System32\cscript.exe" shell_scripts/shell_ping_after_close.js "http://i-50.b-000.XYZ.bench.utorrent.com/e?i=50&e=eyJldmVudE5hbWUiOiJoeWRyYTEiLCJhY3Rpb24iOiJodGFiZWdpbiIsInBpZCI6Ijc2NTYiLCJoIjoiRFdFOEtTVklUc3FYN19YUCIsInYiOiIxMTAzNDAwNjEiLCJiIjo0Mjk3MywiY2wiOiJ1VG9ycmVudCIsIm9zYSI6IjY0Iiwic2xuZyI6ImVuIiwiZGIiOiIiLCJkYnYiOiIxMS4wIiwiaWJyIjpbeyJuYW1lIjoiIiwidmVyc2lvbiI6IjEyMy4wIiwiZXhlTmFtZSI6ImZpcmVmb3gifSx7Im5hbWUiOiIiLCJ2ZXJzaW9uIjoiMTIyLjAiLCJleGVOYW1lIjoiY2hyb21lIn0seyJuYW1lIjoiIiwidmVyc2lvbiI6IjExLjAiLCJleGVOYW1lIjoiaWV4cGxvcmUifSx7Im5hbWUiOiIiLCJ2ZXJzaW9uIjoiMTIyLjAiLCJleGVOYW1lIjoibXNlZGdlIn1dLCJpcCI6IjE4NS4yMjEuMTMyLjIwNCIsImNuIjoiTHV4ZW1ib3VyZyIsInBhY2tpZCI6ImRlZmF1bHQifQ==" C:\Windows\SysWOW64\cscript.exe
mshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Console Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\syswow64\cscript.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
7376\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7508"C:\Users\admin\AppData\Local\Temp\utorrent-for-windows-ru.exe" C:\Users\admin\AppData\Local\Temp\utorrent-for-windows-ru.exe
explorer.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
µTorrent
Exit code:
0
Version:
3.4.9.42973
Modules
Images
c:\users\admin\appdata\local\temp\utorrent-for-windows-ru.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7656"C:\Users\admin\AppData\Local\Temp\utorrent-for-windows-ru.exe" /HYDRA_PERMISSIONS_RESTART /HYDRA_LOG "C:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\index.hta.log" /HYDRA_HTADIR "C:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\HTA"C:\Users\admin\AppData\Local\Temp\utorrent-for-windows-ru.exe
utorrent-for-windows-ru.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
HIGH
Description:
µTorrent
Exit code:
0
Version:
3.4.9.42973
Modules
Images
c:\users\admin\appdata\local\temp\utorrent-for-windows-ru.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7748"C:\WINDOWS\System32\mshta.exe" "C:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\HTA\index.hta?utorrent" "C:\Users\admin\AppData\Local\Temp\utorrent-for-windows-ru.exe" /LOG "C:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\index.hta.log" /PID "7656" /CID "DWE8KSVITsqX7_XP" /VERSION "110340061" /BUCKET "0" /SSB "1" /COUNTRY "US" /OS "10.0" /BROWSERS "\"C:\Program Files\Mozilla Firefox\firefox.exe\",\"C:\Program Files\Google\Chrome\Application\chrome.exe\",C:\Program Files\Internet Explorer\iexplore.exe,\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\",\"C:\Program Files (x86)\Opera\Opera.exe\"" /ARCHITECTURE "64" /LANG "en" /USERNAME "admin" /SID "S-1-5-21-1693682860-607145093-2874071422-1001" /CLIENT "utorrent"C:\Windows\SysWOW64\mshta.exe
utorrent-for-windows-ru.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft (R) HTML Application host
Exit code:
0
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wbem\wbemdisp.dll
c:\windows\syswow64\wbemcomn.dll
c:\windows\syswow64\wbem\wbemprox.dll
c:\windows\syswow64\wbem\wmiutils.dll
c:\windows\syswow64\wbem\wbemsvc.dll
c:\windows\syswow64\wbem\fastprox.dll
c:\windows\syswow64\amsi.dll
c:\programdata\microsoft\windows defender\platform\4.18.2207.7-0\x86\mpoav.dll
c:\windows\syswow64\ondemandconnroutehelper.dll
c:\windows\syswow64\mswsock.dll
7844C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
8068"C:\Windows\System32\PING.EXE" 8.8.8.8 -n 2 -w 500C:\Windows\SysWOW64\PING.EXEmshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\ws2_32.dll
8076\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exePING.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
2 924
Read events
2 908
Write events
16
Delete events
0

Modification events

(PID) Process:(7508) utorrent-for-windows-ru.exeKey:HKEY_CLASSES_ROOT\FalconBetaAccount
Operation:writeName:remote_access_client_id
Value:
8506492025
(PID) Process:(7508) utorrent-for-windows-ru.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
Operation:writeName:OfferProvider
Value:
(PID) Process:(7508) utorrent-for-windows-ru.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
Operation:writeName:OfferName
Value:
(PID) Process:(7508) utorrent-for-windows-ru.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
Operation:writeName:OfferAccepted
Value:
0
(PID) Process:(7508) utorrent-for-windows-ru.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
Operation:writeName:OfferViaCAU
Value:
0
(PID) Process:(7656) utorrent-for-windows-ru.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
Operation:writeName:OfferProvider
Value:
(PID) Process:(7656) utorrent-for-windows-ru.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
Operation:writeName:OfferName
Value:
(PID) Process:(7656) utorrent-for-windows-ru.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
Operation:writeName:OfferAccepted
Value:
0
(PID) Process:(7656) utorrent-for-windows-ru.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent\uTorrent
Operation:writeName:OfferViaCAU
Value:
0
(PID) Process:(7748) mshta.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
0
Suspicious files
21
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Local\Temp\uttC834.tmp
MD5:
SHA256:
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Roaming\uTorrent\settings.datbinary
MD5:645BF1BEDC0D787EBBE7D3A2E33DCAAC
SHA256:54CC8C4BEE004C23A9C88987E92738C67D050602EE0A9388CE810BD9718B1379
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\index.hta.logtext
MD5:2B632A88AF93F552846FDBF6890E8613
SHA256:2B1D8F74B6B7EF3811B62E9320953577A736ED64AB9DD5C3E2390D994A10D234
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1693682860-607145093-2874071422-1001\1f91d2d17ea675d4c2c3192e241743f9_bb926e54-e3ca-40fd-ae90-2764341e7792binary
MD5:75398B4451F9ABF6BD5BC752B2694182
SHA256:8A327234B30B3CAF572D7D2DD134350257A5126AE17201D2D6C840A567CDCFDC
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\HTA\i18n\en.jsonbinary
MD5:FDBF70C76CF4C3077571C0EED1B9848D
SHA256:81639B0A15DEF13CD646EFD2BA40442524A3DFFAE3ACD218B812BE9F12364CF9
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\HTA\i18n\it.jsonbinary
MD5:985938F0DF5251B549A1B99DBAC1F69C
SHA256:ACA4F9BF79A3F84AE6A9D36680DF5D182AC93B1AA649775E1618B49FBD22A34B
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\HTA\i18n\fr.jsonbinary
MD5:D126F1776772BE7164691F18B9FCB041
SHA256:0416441F460D82C68525EB15CB72E6B260433E509AEDCD4ABDB1326C6D242A7D
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\HTA\images\bt_icon_48px.pngimage
MD5:6B6BD42C4A13B48F45A9F278B23D6B2B
SHA256:7C5123103DC089C1912B1EAE0BBBE2B7C32E39ECF83649A53A8E9F3AEA960602
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\HTA\images\main_bittorrent.icoimage
MD5:1FB4E488B81D0180D4A05C2E6B8B2CE3
SHA256:AA5DAECEE872CA7C079B5363C2FFB0A6BBB335414AC3CE2006BC18015FCD45E4
7508utorrent-for-windows-ru.exeC:\Users\admin\AppData\Local\Temp\HYDCA77.tmp.1744820194\HTA\images\loading.gifimage
MD5:C910E2A5DB424644AEAD18E1758C5EFD
SHA256:00C62ED42795F996B5F963C69CE918C2623D72896EBB628DFD9BC800514900CE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
32
DNS requests
19
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7656
utorrent-for-windows-ru.exe
POST
200
52.5.183.94:80
http://i-50.b-000.xyz.bench.utorrent.com/e?i=50
unknown
whitelisted
7324
cscript.exe
GET
200
52.5.183.94:80
http://i-50.b-000.xyz.bench.utorrent.com/e?i=50&e=eyJldmVudE5hbWUiOiJoeWRyYTEiLCJhY3Rpb24iOiJodGFiZWdpbiIsInBpZCI6Ijc2NTYiLCJoIjoiRFdFOEtTVklUc3FYN19YUCIsInYiOiIxMTAzNDAwNjEiLCJiIjo0Mjk3MywiY2wiOiJ1VG9ycmVudCIsIm9zYSI6IjY0Iiwic2xuZyI6ImVuIiwiZGIiOiIiLCJkYnYiOiIxMS4wIiwiaWJyIjpbeyJuYW1lIjoiIiwidmVyc2lvbiI6IjEyMy4wIiwiZXhlTmFtZSI6ImZpcmVmb3gifSx7Im5hbWUiOiIiLCJ2ZXJzaW9uIjoiMTIyLjAiLCJleGVOYW1lIjoiY2hyb21lIn0seyJuYW1lIjoiIiwidmVyc2lvbiI6IjExLjAiLCJleGVOYW1lIjoiaWV4cGxvcmUifSx7Im5hbWUiOiIiLCJ2ZXJzaW9uIjoiMTIyLjAiLCJleGVOYW1lIjoibXNlZGdlIn1dLCJpcCI6IjE4NS4yMjEuMTMyLjIwNCIsImNuIjoiTHV4ZW1ib3VyZyIsInBhY2tpZCI6ImRlZmF1bHQifQ==
unknown
whitelisted
7656
utorrent-for-windows-ru.exe
POST
200
52.5.183.94:80
http://i-50.b-000.xyz.bench.utorrent.com/e?i=50
unknown
whitelisted
7508
utorrent-for-windows-ru.exe
GET
302
18.244.18.50:80
http://download-lb.utorrent.com/endpoint/hydra-ut/os/win10/track/stable/browser/other/os-region/US/os-lang/en/os-ver/10.0/enc-ver/110340061/
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.140:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7508
utorrent-for-windows-ru.exe
POST
200
52.5.183.94:80
http://i-50.b-000.xyz.bench.utorrent.com/e?i=50
unknown
whitelisted
7508
utorrent-for-windows-ru.exe
POST
200
52.5.183.94:80
http://i-50.b-000.xyz.bench.utorrent.com/e?i=50
unknown
whitelisted
7508
utorrent-for-windows-ru.exe
POST
200
52.5.183.94:80
http://i-50.b-000.xyz.bench.utorrent.com/e?i=50
unknown
whitelisted
7508
utorrent-for-windows-ru.exe
POST
200
52.5.183.94:80
http://i-50.b-000.xyz.bench.utorrent.com/e?i=50
unknown
whitelisted
7508
utorrent-for-windows-ru.exe
POST
200
52.5.183.94:80
http://i-50.b-000.xyz.bench.utorrent.com/e?i=50
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.140:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4244
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7508
utorrent-for-windows-ru.exe
52.5.183.94:80
i-50.b-000.xyz.bench.utorrent.com
AMAZON-AES
US
whitelisted
7508
utorrent-for-windows-ru.exe
18.244.18.50:80
download-lb.utorrent.com
US
whitelisted
7656
utorrent-for-windows-ru.exe
52.5.183.94:80
i-50.b-000.xyz.bench.utorrent.com
AMAZON-AES
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.140
  • 23.48.23.145
  • 23.48.23.190
  • 23.48.23.143
  • 23.48.23.156
  • 23.48.23.150
  • 23.48.23.141
  • 23.48.23.194
  • 23.48.23.147
whitelisted
google.com
  • 216.58.212.142
whitelisted
router.bittorrent.com
  • 67.215.246.10
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
router.utorrent.com
  • 82.221.103.244
whitelisted
i-50.b-000.xyz.bench.utorrent.com
  • 52.5.183.94
  • 44.195.239.248
  • 54.84.120.194
  • 44.213.18.236
  • 54.165.132.207
  • 3.214.187.24
whitelisted
download-lb.utorrent.com
  • 18.244.18.50
  • 18.244.18.73
  • 18.244.18.72
  • 18.244.18.57
whitelisted
ip-api.com
  • 208.95.112.1
whitelisted
update.utorrent.com
  • 82.221.103.246
  • 82.221.103.245
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Device Retrieving External IP Address Detected
INFO [ANY.RUN] External IP Check (ip-api .com)
7748
mshta.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ip-api.com
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
utorrent-for-windows-ru.exe