File name:

uTorria-a3815673.exe

Full analysis: https://app.any.run/tasks/bd3f5978-b3db-4d1f-89fb-818a0ea03745
Verdict: Malicious activity
Analysis date: March 13, 2026, 16:41:20
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 3 sections
MD5:

2C54DBD9AB33150BC490C3759EED6E50

SHA1:

19A3E319F9765FA8C61A0268BC1D0E2EE38D70B0

SHA256:

74957701DDC79294A7B68C596479AC91364D04B8F60AF7DFF0922EF7FE1C8E21

SSDEEP:

98304:DJh2zPIOT2Ro631U32iWqik+/dXJ1WuRd8yz6FIRuQwiDLxv1ToKxLxrRbMUlQQ+:7Djppobik1zWcuAr5njJ5jFEC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • uTorria-a3815673.exe (PID: 4712)
      • uTorria-a3815673.exe (PID: 8836)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • uTorria-a3815673.exe (PID: 4712)

    • Application launched itself

      • uTorria-a3815673.exe (PID: 4712)

  • INFO

    • Reads the computer name

      • uTorria-a3815673.exe (PID: 4712)
      • uTorria-a3815673.exe (PID: 8836)

    • Process checks computer location settings

      • uTorria-a3815673.exe (PID: 4712)

    • The sample compiled with english language support

      • uTorria-a3815673.exe (PID: 4712)

    • Reads security settings of Internet Explorer

      • uTorria-a3815673.exe (PID: 4712)

    • Checks supported languages

      • uTorria-a3815673.exe (PID: 4712)
      • uTorria-a3815673.exe (PID: 8836)

    • Creates files in the program directory

      • uTorria-a3815673.exe (PID: 4712)
      • uTorria-a3815673.exe (PID: 8836)

    • Launching a file from a Registry key

      • uTorria-a3815673.exe (PID: 4712)
      • uTorria-a3815673.exe (PID: 8836)

    • UPX packer has been detected

      • uTorria-a3815673.exe (PID: 8836)

    • There is functionality for taking screenshot (YARA)

      • uTorria-a3815673.exe (PID: 8836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (87.1)
.exe | Generic Win/DOS Executable (6.4)
.exe | DOS Executable Generic (6.4)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:11:07 18:10:05+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.29
CodeSize: 13041664
InitializedDataSize: 438272
UninitializedDataSize: 21684224
EntryPoint: 0x211cf90
OSVersion: 6
ImageVersion: 1
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.3.14
ProductVersionNumber: 1.0.3.14
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: uTorria
FileVersion: 1.0.3.14
LegalTrademarks1: All Rights Reserved
LegalTrademarks2: All Rights Reserved
OriginalFileName: uTorria.exe
ProductName: uTorria
ProductVersion: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start utorria-a3815673.exe utorria-a3815673.exe

Process information

PID
CMD
Path
Indicators
Parent process
4712"C:\Users\admin\AppData\Local\Temp\uTorria-a3815673.exe" C:\Users\admin\AppData\Local\Temp\uTorria-a3815673.exe
explorer.exe
User:
admin
Company:
uTorria
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.0.3.14
Modules
Images
c:\users\admin\appdata\local\temp\utorria-a3815673.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
8836"C:\Users\admin\AppData\Local\Temp\uTorria-a3815673.exe" -install posX=1358 posY=297 C:\Users\admin\AppData\Local\Temp\uTorria-a3815673.exeC:\Users\admin\AppData\Local\Temp\uTorria-a3815673.exe
uTorria-a3815673.exe
User:
admin
Company:
uTorria
Integrity Level:
HIGH
Version:
1.0.3.14
Modules
Images
c:\users\admin\appdata\local\temp\utorria-a3815673.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
2 739
Read events
2 718
Write events
19
Delete events
2

Modification events

(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\uTorria\main
Operation:writeName:associateWithUtorria
Value:
true
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CLASSES_ROOT\Applications
Operation:delete valueName:uTorria.exe
Value:
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
139
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\uTorria\main
Operation:writeName:visibility
Value:
2
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\uTorria\main
Operation:writeName:windowRect
Value:
@Rect(-3 0 1366 748)
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\uTorria\main
Operation:writeName:AllowNotify
Value:
1
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\uTorria\main
Operation:writeName:closeToTray
Value:
true
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\uTorria\main
Operation:writeName:installAppDir
Value:
C:\Program Files\uTorria\
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:uTorria
Value:
"C:\Program Files\uTorria\uTorria.exe" /autostart
(PID) Process:(4712) uTorria-a3815673.exeKey:HKEY_CURRENT_USER\SOFTWARE\uTorria\main
Operation:writeName:saveDir
Value:
C:/uTorria/Downloads/
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4712uTorria-a3815673.exeC:\ProgramData\uTorria\log\13032026_12_41_27\4712.logtext
MD5:344A6D532BB42DEA655115A546E92D8A
SHA256:1CD098914F4809E8695A4E03B346178E4DC08A732BCDE2935D209C3C8482715E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
26
DNS requests
16
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6332
svchost.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
5536
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
5536
SIHClient.exe
GET
200
74.178.240.51:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
5536
SIHClient.exe
GET
200
74.178.76.128:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
5536
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
6332
svchost.exe
GET
200
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=1&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
text
5.74 Kb
whitelisted
356
svchost.exe
POST
400
20.190.159.2:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
6332
svchost.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6332
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6332
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
876
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
8836
uTorria-a3815673.exe
188.42.196.52:443
api.utorria.ru
SERVERS-COM
US
whitelisted
6332
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6332
svchost.exe
23.216.77.30:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6332
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
3412
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
  • 51.124.78.146
whitelisted
self.events.data.microsoft.com
  • 52.182.143.208
whitelisted
google.com
  • 142.251.36.110
whitelisted
api.utorria.ru
  • 188.42.196.52
  • 188.42.196.5
whitelisted
crl.microsoft.com
  • 23.216.77.30
  • 23.216.77.15
  • 23.216.77.41
  • 23.216.77.37
  • 23.216.77.19
  • 23.216.77.38
  • 23.216.77.28
  • 23.216.77.18
  • 23.216.77.36
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.4
  • 40.126.31.3
  • 40.126.31.71
  • 20.190.159.128
  • 40.126.31.130
  • 20.190.159.23
  • 40.126.31.2
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 74.178.76.128
whitelisted

Threats

PID
Process
Class
Message
6332
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
uTorria-a3815673.exe
m_settings QList()
uTorria-a3815673.exe
SettingsStorage::setAssociateWithUtorria
uTorria-a3815673.exe
m_settings QSettings::NoError
uTorria-a3815673.exe
m_settings "\\HKEY_CURRENT_USER\\Software\\uTorria\\"
uTorria-a3815673.exe
SettingsStorage::SettingsStorage()
uTorria-a3815673.exe
SettingsStorage::setValue ""
uTorria-a3815673.exe
SettingsStorage::setVisibility= QFlags<Qt::WindowState>(WindowMaximized)
uTorria-a3815673.exe
[SettingsStorage::setSaveDir] tmp "C:/uTorria/Downloads/"
uTorria-a3815673.exe
[SettingsStorage] available= QStorageInfo("C:/", type=NTFS, device="\\?\Volume{2f5c5e72-85a9-11eb-90a8-9a9b76358421}\" [ready], bytesTotal=272924909568, bytesFree=231038349312, bytesAvailable=231038349312)
uTorria-a3815673.exe
SettingsStorage::setValue ""
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
uTorria-a3815673.exe