analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

uTorrent.exe

Full analysis: https://app.any.run/tasks/19701839-4280-45b8-80d4-87b8a7b84a03
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Analysis date: January 22, 2019, 20:53:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
installer
adware
pua
lavasoft
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F8E2ECDC32A1A6279592FA45C9B3910C

SHA1:

BA128D925AA08571047C6504D247CB4CFAB12289

SHA256:

9D5DF67FA2DC8B340AF7431F1219DB86F6D0E79F7D4FBE2358D23826DA655DFF

SSDEEP:

98304:pAI++tomHjLlsTyJFrd9BxT2RvUtsJQ8jBSEbRWbePwve:it+Cw6yJd/3TaUtKTjsePwve

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • beta_crl.exe (PID: 2452)
      • uTorrent.exe (PID: 2664)
      • beta.exe (PID: 2276)
      • curl.exe (PID: 3668)
      • installer.exe (PID: 2728)
      • GenericSetup.exe (PID: 4076)
      • Carrier.EXE (PID: 3228)
      • 0doy1ww2.4mc.exe (PID: 2628)
      • 0doy1ww2.4mc.exe (PID: 3952)
      • 0doy1ww2.4mc.exe (PID: 2184)
      • 0doy1ww2.4mc.exe (PID: 2980)
      • 0doy1ww2.4mc.exe (PID: 3964)
      • hh0zmgnh.mnu.exe (PID: 2748)
      • WebCompanionInstaller.exe (PID: 3116)
    • Changes the login/logoff helper path in the registry

      • regedit.exe (PID: 2644)
    • Loads dropped or rewritten executable

      • GenericSetup.exe (PID: 4076)
      • 0doy1ww2.4mc.exe (PID: 3964)
      • 0doy1ww2.4mc.exe (PID: 2184)
      • 0doy1ww2.4mc.exe (PID: 3952)
      • 0doy1ww2.4mc.exe (PID: 2628)
      • 0doy1ww2.4mc.exe (PID: 2980)
      • WebCompanionInstaller.exe (PID: 3116)
    • LAVASOFT was detected

      • installer.exe (PID: 2728)
    • Changes the autorun value in the registry

      • Carrier.EXE (PID: 3228)
    • Downloads executable files from the Internet

      • GenericSetup.exe (PID: 4076)
    • Loads the Task Scheduler COM API

      • GenericSetup.exe (PID: 4076)
  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • uTorrent.exe (PID: 3612)
      • cmd.exe (PID: 2948)
      • beta.exe (PID: 2276)
      • beta_crl.exe (PID: 2452)
      • cmd.exe (PID: 3700)
      • GenericSetup.exe (PID: 4076)
    • Removes files from Windows directory

      • cmd.exe (PID: 2948)
      • cmd.exe (PID: 3920)
      • cmd.exe (PID: 3700)
    • Uses REG.EXE to modify Windows registry

      • cmd.exe (PID: 3920)
    • Executable content was dropped or overwritten

      • uTorrent.exe (PID: 2664)
      • uTorrent.exe (PID: 3612)
      • 0doy1ww2.4mc.exe (PID: 2184)
      • 0doy1ww2.4mc.exe (PID: 2980)
      • Carrier.EXE (PID: 3228)
      • GenericSetup.exe (PID: 4076)
      • 0doy1ww2.4mc.exe (PID: 3952)
      • 0doy1ww2.4mc.exe (PID: 2628)
      • hh0zmgnh.mnu.exe (PID: 2748)
      • WebCompanionInstaller.exe (PID: 3116)
    • Creates a software uninstall entry

      • uTorrent.exe (PID: 3612)
      • Carrier.EXE (PID: 3228)
      • WebCompanionInstaller.exe (PID: 3116)
    • Creates files in the Windows directory

      • uTorrent.exe (PID: 3612)
    • Application launched itself

      • cmd.exe (PID: 3700)
      • 0doy1ww2.4mc.exe (PID: 2184)
      • 0doy1ww2.4mc.exe (PID: 2628)
    • Reads Environment values

      • GenericSetup.exe (PID: 4076)
    • Reads Windows owner or organization settings

      • GenericSetup.exe (PID: 4076)
    • Reads the Windows organization settings

      • GenericSetup.exe (PID: 4076)
    • Starts itself from another location

      • 0doy1ww2.4mc.exe (PID: 2628)
    • Creates files in the user directory

      • 0doy1ww2.4mc.exe (PID: 3952)
      • Carrier.EXE (PID: 3228)
    • Modifies the open verb of a shell class

      • Carrier.EXE (PID: 3228)
    • Starts SC.EXE for service management

      • WebCompanionInstaller.exe (PID: 3116)
    • Creates files in the program directory

      • WebCompanionInstaller.exe (PID: 3116)
    • Searches for installed software

      • GenericSetup.exe (PID: 4076)
  • INFO

    • Reads settings of System Certificates

      • GenericSetup.exe (PID: 4076)
    • Dropped object may contain Bitcoin addresses

      • WebCompanionInstaller.exe (PID: 3116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (37.5)
.exe | UPX compressed Win32 Executable (23.6)
.exe | Win32 Executable Delphi generic (12.3)
.scr | Windows screen saver (11.4)
.dll | Win32 Dynamic Link Library (generic) (5.7)

EXIF

EXE

LegalCopyright: BitTorrent Inc.
FileVersion: 3.5.4 Build 44994
FileDescription: uTorrent Pro 3.5.4 Build 44994 Installation
CompanyName: BitTorrent Inc.
Comments: -
CharacterSet: Windows, Latin1
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 0.0.0.0
FileVersionNumber: 0.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 4
ImageVersion: -
OSVersion: 4
EntryPoint: 0x25468
UninitializedDataSize: -
InitializedDataSize: 31744
CodeSize: 148992
LinkerVersion: 2.25
PEType: PE32
TimeStamp: 1992:06:20 00:22:17+02:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 19-Jun-1992 22:22:17
Detected languages:
  • English - United States
  • Russian - Russia
Comments: -
CompanyName: BitTorrent Inc.
FileDescription: uTorrent Pro 3.5.4 Build 44994 Installation
FileVersion: 3.5.4 Build 44994
LegalCopyright: BitTorrent Inc.

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0050
Pages in file: 0x0002
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x000F
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x001A
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000100

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 8
Time date stamp: 19-Jun-1992 22:22:17
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_BYTES_REVERSED_HI
  • IMAGE_FILE_BYTES_REVERSED_LO
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
CODE
0x00001000
0x000244CC
0x00024600
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.59443
DATA
0x00026000
0x00002894
0x00002A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
3.79376
BSS
0x00029000
0x000010F5
0x00000000
IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.idata
0x0002B000
0x00001798
0x00001800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.88555
.tls
0x0002D000
0x00000008
0x00000000
IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.rdata
0x0002E000
0x00000018
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
0.204488
.reloc
0x0002F000
0x00001884
0x00001A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
6.58665
.rsrc
0x00031000
0x00001CDC
0x00001E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED
4.77057

Resources

Title
Entropy
Size
Codepage
Language
Type
1
4.93923
886
UNKNOWN
Russian - Russia
RT_MANIFEST
50
3.25755
296
UNKNOWN
UNKNOWN
RT_ICON
51
4.01345
1384
UNKNOWN
UNKNOWN
RT_ICON
52
3.92897
744
UNKNOWN
UNKNOWN
RT_ICON
53
4.27475
2216
UNKNOWN
UNKNOWN
RT_ICON
DVCLAL
4
16
UNKNOWN
UNKNOWN
RT_RCDATA
PACKAGEINFO
5.28362
272
UNKNOWN
UNKNOWN
RT_RCDATA
MAINICON
2.57938
62
UNKNOWN
UNKNOWN
RT_GROUP_ICON

Imports

advapi32.dll
cabinet.dll
comctl32.dll
gdi32.dll
kernel32.dll
ole32.dll
oleaut32.dll
shell32.dll
user32.dll
winmm.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
93
Monitored processes
48
Malicious processes
15
Suspicious processes
5

Behavior graph

Click at the process to see the details
start drop and start drop and start utorrent.exe no specs utorrent.exe cmd.exe no specs cmd.exe no specs findstr.exe no specs beta.exe no specs timeout.exe no specs cmd.exe no specs utorrent.exe reg.exe no specs regedit.exe beta_crl.exe no specs #LAVASOFT installer.exe bcdedit.exe no specs timeout.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs genericsetup.exe cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs curl.exe cmd.exe no specs carrier.exe cmd.exe no specs 0doy1ww2.4mc.exe 0doy1ww2.4mc.exe 0doy1ww2.4mc.exe no specs 0doy1ww2.4mc.exe 0doy1ww2.4mc.exe cmd.exe no specs hh0zmgnh.mnu.exe webcompanioninstaller.exe sc.exe no specs sc.exe no specs sc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3092"C:\Users\admin\AppData\Local\Temp\uTorrent.exe" C:\Users\admin\AppData\Local\Temp\uTorrent.exeexplorer.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
uTorrent Pro 3.5.4 Build 44994 Installation
Exit code:
3221226540
Version:
3.5.4 Build 44994
3612"C:\Users\admin\AppData\Local\Temp\uTorrent.exe" C:\Users\admin\AppData\Local\Temp\uTorrent.exe
explorer.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
HIGH
Description:
uTorrent Pro 3.5.4 Build 44994 Installation
Exit code:
0
Version:
3.5.4 Build 44994
2948cmd /c ""C:\Windows\alpha.bat" "C:\Windows\system32\cmd.exeuTorrent.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3748C:\Windows\system32\cmd.exe /S /D /c" ver "C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3824findstr /IL "5.1." C:\Windows\system32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2276C:\Windows\beta.exe C:\Windows\beta.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
betaaa
Exit code:
0
Version:
1.0.0.0
2448timeout /t 2C:\Windows\system32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
timeout - pauses command processing
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3920cmd /c ""C:\Windows\beta.bat" "C:\Windows\system32\cmd.exebeta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2664C:\Windows\uTorrent.exe C:\Windows\uTorrent.exe
cmd.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
HIGH
Description:
µTorrent
Version:
3.5.5.44994
2804reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent Pro 3.5.4 Build 44994" /f /reg:32C:\Windows\system32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
3 857
Read events
3 631
Write events
0
Delete events
0

Modification events

No data
Executable files
106
Suspicious files
14
Text files
169
Unknown types
5

Dropped files

PID
Process
Filename
Type
3612uTorrent.exeC:\Users\admin\AppData\Local\Temp\$inst\temp_0.tmp
MD5:
SHA256:
3612uTorrent.exeC:\Windows\beta.battext
MD5:4DCC8BCD7253A98386D6F05CF21FB68E
SHA256:C3EFC40D88D2B25F2DAFE3546A1B9F512B11567596FA82AE01FAF33131901AEC
3612uTorrent.exeC:\Windows\sos.regtext
MD5:28BC576314F2C60AA4612114ECB4C00B
SHA256:6B75B1F656F230FD83503BEB5C697D530CA7617F369F3486FEB8F39E9FF4C2D0
3612uTorrent.exeC:\Windows\mgr_f.regtext
MD5:2658887BF314C16AAEFF19583046980A
SHA256:FD0D34736F1386858B80EB3B2160801E8DCAA26175251D7D9E7A3843DF35E628
3612uTorrent.exeC:\Windows\ct.regtext
MD5:ED7A769E2860A1F0FCC86C3DCF6E0CC6
SHA256:C5E506258BC8971C0D0F7B47F830F6D0F14FE12E2A56A3EBB0D2393929B0A24B
3612uTorrent.exeC:\Windows\delta.exeexecutable
MD5:91D6DFB330A63201321D36DE606AF434
SHA256:8043A183583BAFACCF0F864ECA98F320FF7A47CA55706280D779A574818C26E8
3612uTorrent.exeC:\Windows\delta.battext
MD5:E0119B3C90A81B2FD2BC6646ADC8F8C3
SHA256:55A18A5D05BD665AE087EFE2038846A8BDFCCD564EFDB6E978FDF5BE19298849
3612uTorrent.exeC:\Windows\et.regtext
MD5:5A2DB7AA64B81B0453338395155FC6AF
SHA256:A37508C8C36ED66CF9EA816345BF221540748F15787FFF1CB5DF9ED50A89ECC3
3612uTorrent.exeC:\Windows\beta.exeexecutable
MD5:2BC79F74C7CE72BA60371A5DA2D9AF6A
SHA256:3CB806E8262F2FB43974F9572936DB843E78761908F93652467BFDEAFF6A85E9
3612uTorrent.exeC:\Windows\fct.exeexecutable
MD5:BE5569E1D6218D06035ED7BDB8D62FBC
SHA256:C0E96B5F33A7EE6D108CD744CFDB5051B7720C33D217BD1A7B22CC8018E22D24
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
21
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3228
Carrier.EXE
GET
200
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=uTorrent&v=111914946&h=veRItdVhkO3qM8Hp&w=1DB10106&bu=0&pr=0&cmp=290&ocmp=290&installresult&pid=3228&cau=0&installresult=0&exit=1&au=0&view=win32
IS
whitelisted
3228
Carrier.EXE
GET
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=uTorrent&v=111914946&h=veRItdVhkO3qM8Hp&w=1DB10106&bu=0&pr=0&cmp=290&ocmp=290&showinstall&pid=3228&cau=0&au=0&view=win32
IS
whitelisted
2728
installer.exe
POST
200
104.17.60.19:80
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart
US
text
29 b
whitelisted
4076
GenericSetup.exe
GET
200
185.26.182.111:80
http://net.geo.opera.com/opera/stable/windows?utm_source=lavasoft&utm_medium=pb&utm_campaign=lavasoft
unknown
executable
1.89 Mb
whitelisted
4076
GenericSetup.exe
GET
200
104.17.115.51:80
http://webcompanion.com/nano_download.php?partner=BT170602
US
executable
347 Kb
malicious
3116
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
3116
WebCompanionInstaller.exe
GET
200
104.17.61.19:80
http://wcdownloadercdn.lavasoft.com/4.4.1950.3825/WebCompanion-4.4.1950.3825-prod.zip
US
compressed
8.98 Mb
whitelisted
3116
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
2728
installer.exe
POST
200
104.17.60.19:80
http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
US
text
29 b
whitelisted
3116
WebCompanionInstaller.exe
POST
200
72.55.154.82:80
http://wc-tracking.lavasoft.com/Install.asmx
CA
xml
294 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2628
0doy1ww2.4mc.exe
185.26.182.112:443
net.geo.opera.com
Opera Software AS
malicious
2728
installer.exe
104.17.60.19:80
flow.lavasoft.com
Cloudflare Inc
US
shared
4076
GenericSetup.exe
104.16.234.150:443
sos.adaware.com
Cloudflare Inc
US
shared
4076
GenericSetup.exe
185.26.182.111:80
net.geo.opera.com
Opera Software AS
whitelisted
4076
GenericSetup.exe
104.17.115.51:80
webcompanion.com
Cloudflare Inc
US
shared
3668
curl.exe
81.177.135.191:80
db.softfire.info
JSC RTComm.RU
RU
malicious
4076
GenericSetup.exe
104.17.61.19:443
flow.lavasoft.com
Cloudflare Inc
US
shared
2628
0doy1ww2.4mc.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
suspicious
3116
WebCompanionInstaller.exe
72.55.154.82:80
wc-tracking.lavasoft.com
iWeb Technologies Inc.
CA
unknown
2628
0doy1ww2.4mc.exe
185.26.182.95:443
autoupdate.geo.opera.com
Opera Software AS
unknown

DNS requests

Domain
IP
Reputation
db.softfire.info
  • 81.177.135.191
malicious
www.google.com
  • 172.217.18.100
whitelisted
sos.adaware.com
  • 104.16.234.150
  • 104.16.237.150
  • 104.16.236.150
  • 104.16.235.150
  • 104.16.238.150
whitelisted
flow.lavasoft.com
  • 104.17.60.19
  • 104.17.61.19
whitelisted
webcompanion.com
  • 104.17.115.51
  • 104.17.114.51
  • 104.17.112.51
  • 104.17.116.51
  • 104.17.113.51
malicious
net.geo.opera.com
  • 185.26.182.111
  • 185.26.182.112
whitelisted
www.download.windowsupdate.com
  • 93.184.221.240
whitelisted
router.utorrent.com
  • 82.221.103.244
whitelisted
router.bittorrent.com
  • 67.215.246.10
shared
autoupdate.geo.opera.com
  • 185.26.182.95
  • 185.26.182.105
whitelisted

Threats

PID
Process
Class
Message
3668
curl.exe
Attempted Information Leak
ET POLICY curl User-Agent Outbound
2728
installer.exe
A Network Trojan was detected
ET MALWARE Lavasoft PUA/Adware Client Install
4076
GenericSetup.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4076
GenericSetup.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
4076
GenericSetup.exe
Misc activity
ET INFO EXE - Served Attached HTTP
4076
GenericSetup.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4076
GenericSetup.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
4076
GenericSetup.exe
Misc activity
ET INFO EXE - Served Attached HTTP
3228
Carrier.EXE
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
3228
Carrier.EXE
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
Process
Message
WebCompanionInstaller.exe
Detecting windows culture
WebCompanionInstaller.exe
1/22/2019 8:54:31 PM :-> Starting installer 4.4.1950.3825 with: .\WebCompanionInstaller.exe --partner=BT170602 --version=4.4.1950.3825 --prod --silent --homepage=1 --search=1 --partner=BT170602, Run as admin: True
WebCompanionInstaller.exe
Preparing for installing Web Companion
WebCompanionInstaller.exe
1/22/2019 8:54:31 PM :-> Generating Machine and Install Id ...
WebCompanionInstaller.exe
1/22/2019 8:54:31 PM :-> Machine Id and Install Id has been generated
WebCompanionInstaller.exe
1/22/2019 8:54:32 PM :-> Checking prerequisites ...
WebCompanionInstaller.exe
1/22/2019 8:54:32 PM :-> Antivirus not detected
WebCompanionInstaller.exe
1/22/2019 8:54:32 PM :-> vm_check False
WebCompanionInstaller.exe
1/22/2019 8:54:32 PM :-> reg_check :False
WebCompanionInstaller.exe
1/22/2019 8:54:32 PM :-> Installed .Net framework is V40