File name:

utorrent_installer.exe

Full analysis: https://app.any.run/tasks/73fe6ac6-2b1b-4fcb-a201-1e60262e76c9
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 06, 2024, 19:32:39
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

3839CF1C5D36C519D906EFB02F1CE926

SHA1:

B5473D888083DD561D3C42E5894C3BBB5304042D

SHA256:

A874053DF1DD29288B9F3518B8E14FE6BE99728FD86AF9FB070A02C997C87731

SSDEEP:

98304:9GNVJ/xS/n45nef0Bw4paDYBsEL9yCBP9DGC+V0GBujawXkXCOBYVfWR8agAwBcX:CV6SRu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • utorrent.exe (PID: 6040)
      • MicrosoftEdgeUpdate.exe (PID: 7972)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • utorrent_installer.exe (PID: 3672)

    • Reads security settings of Internet Explorer

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 4920)
      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)
      • utorrentie.exe (PID: 6848)
      • utorrentie.exe (PID: 3272)
      • utorrentie.exe (PID: 4060)
      • utorrentie.exe (PID: 4292)
      • MicrosoftEdgeUpdate.exe (PID: 7972)
      • MicrosoftEdgeUpdate.exe (PID: 7552)

    • Executable content was dropped or overwritten

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 4920)
      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)
      • MicrosoftEdgeWebView2Setup.exe (PID: 7808)
      • MicrosoftEdgeUpdate.exe (PID: 7972)
      • MicrosoftEdge_X64_128.0.2739.67.exe (PID: 2092)

    • The process creates files with name similar to system file names

      • utorrent_installer.exe (PID: 3672)

    • Checks Windows Trust Settings

      • utorrent.exe (PID: 4920)
      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)
      • utorrentie.exe (PID: 4292)
      • utorrentie.exe (PID: 3272)
      • utorrentie.exe (PID: 4060)
      • MicrosoftEdgeUpdate.exe (PID: 7552)

    • Mutex name with non-standard characters

      • utorrent.exe (PID: 4920)
      • uTorrent.exe (PID: 6308)

    • Application launched itself

      • utorrent.exe (PID: 4920)
      • setup.exe (PID: 8028)

    • Potential Corporate Privacy Violation

      • utorrent.exe (PID: 6040)
      • utorrent.exe (PID: 4920)
      • uTorrent.exe (PID: 6308)
      • svchost.exe (PID: 6752)

    • Starts itself from another location

      • utorrent.exe (PID: 4920)
      • MicrosoftEdgeUpdate.exe (PID: 7972)

    • Searches for installed software

      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)

    • Creates a software uninstall entry

      • utorrent.exe (PID: 6040)

    • Reads Microsoft Outlook installation path

      • utorrentie.exe (PID: 6848)
      • utorrentie.exe (PID: 4292)
      • utorrentie.exe (PID: 4060)
      • utorrentie.exe (PID: 3272)

    • Reads Internet Explorer settings

      • utorrentie.exe (PID: 6848)
      • utorrentie.exe (PID: 4292)
      • utorrentie.exe (PID: 4060)
      • utorrentie.exe (PID: 3272)

    • Process requests binary or script from the Internet

      • utorrentie.exe (PID: 4292)
      • utorrentie.exe (PID: 4060)
      • uTorrent.exe (PID: 6308)

    • Process drops legitimate windows executable

      • uTorrent.exe (PID: 6308)
      • MicrosoftEdgeWebView2Setup.exe (PID: 7808)
      • MicrosoftEdgeUpdate.exe (PID: 7972)
      • svchost.exe (PID: 6752)
      • MicrosoftEdge_X64_128.0.2739.67.exe (PID: 2092)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 7972)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 8040)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8096)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6868)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7020)

  • INFO

    • Creates files or folders in the user directory

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 4920)
      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)
      • utorrentie.exe (PID: 6848)
      • utorrentie.exe (PID: 4060)
      • utorrentie.exe (PID: 4292)
      • utorrentie.exe (PID: 3272)
      • MicrosoftEdgeUpdate.exe (PID: 7972)
      • helper.exe (PID: 2796)
      • MicrosoftEdge_X64_128.0.2739.67.exe (PID: 2092)
      • MicrosoftEdgeUpdate.exe (PID: 7552)
      • setup.exe (PID: 8028)
      • setup.exe (PID: 8016)

    • Reads the computer name

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 4920)
      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)
      • utorrentie.exe (PID: 6848)
      • utorrentie.exe (PID: 3272)
      • utorrentie.exe (PID: 4060)
      • utorrentie.exe (PID: 4292)
      • identity_helper.exe (PID: 7384)
      • MicrosoftEdgeUpdate.exe (PID: 7972)
      • MicrosoftEdgeUpdate.exe (PID: 8040)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8096)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6868)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7020)
      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdgeUpdate.exe (PID: 7516)
      • MicrosoftEdgeUpdate.exe (PID: 7552)
      • MicrosoftEdge_X64_128.0.2739.67.exe (PID: 2092)
      • helper.exe (PID: 2796)
      • setup.exe (PID: 8028)

    • The process uses the downloaded file

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 4920)

    • Checks supported languages

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 4920)
      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)
      • utorrentie.exe (PID: 6848)
      • utorrentie.exe (PID: 3272)
      • utorrentie.exe (PID: 4060)
      • utorrentie.exe (PID: 4292)
      • identity_helper.exe (PID: 7384)
      • MicrosoftEdgeWebView2Setup.exe (PID: 7808)
      • MicrosoftEdgeUpdate.exe (PID: 7972)
      • MicrosoftEdgeUpdate.exe (PID: 8040)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8096)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6868)
      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdgeUpdate.exe (PID: 7516)
      • MicrosoftEdgeUpdate.exe (PID: 7552)
      • MicrosoftEdge_X64_128.0.2739.67.exe (PID: 2092)
      • helper.exe (PID: 2796)
      • setup.exe (PID: 8016)
      • setup.exe (PID: 8028)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7020)

    • Checks proxy server information

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 6040)
      • utorrent.exe (PID: 4920)
      • uTorrent.exe (PID: 6308)
      • utorrentie.exe (PID: 6848)
      • utorrentie.exe (PID: 4292)
      • utorrentie.exe (PID: 4060)
      • utorrentie.exe (PID: 3272)
      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdgeUpdate.exe (PID: 7552)

    • Process checks computer location settings

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 4920)
      • MicrosoftEdgeUpdate.exe (PID: 7972)

    • Reads the machine GUID from the registry

      • utorrent.exe (PID: 4920)
      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)
      • utorrentie.exe (PID: 4292)
      • utorrentie.exe (PID: 4060)
      • utorrentie.exe (PID: 3272)
      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdgeUpdate.exe (PID: 7552)

    • Create files in a temporary directory

      • utorrent_installer.exe (PID: 3672)
      • utorrent.exe (PID: 4920)
      • utorrent.exe (PID: 6040)
      • uTorrent.exe (PID: 6308)
      • MicrosoftEdgeWebView2Setup.exe (PID: 7808)
      • MicrosoftEdgeUpdate.exe (PID: 7972)
      • svchost.exe (PID: 6752)

    • UPX packer has been detected

      • utorrent.exe (PID: 4920)
      • uTorrent.exe (PID: 6308)

    • Reads the software policy settings

      • utorrentie.exe (PID: 4292)
      • utorrentie.exe (PID: 3272)
      • utorrentie.exe (PID: 4060)
      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdgeUpdate.exe (PID: 7552)
      • uTorrent.exe (PID: 6308)

    • Reads Environment values

      • identity_helper.exe (PID: 7384)
      • MicrosoftEdgeUpdate.exe (PID: 7244)

    • Application launched itself

      • msedge.exe (PID: 5492)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:55:49+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x34f7
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.6.0.46922
ProductVersionNumber: 3.6.0.46922
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Rainberry, Inc.
FileDescription: utorrent
FileVersion: 3.6.0.46922
InternalName: utorrent
LegalCopyright: (c) 2022 Rainberry, Inc. All Rights Reserved.
ProductName: utorrent
ProductVersion: 3.6.0.46922
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
190
Monitored processes
65
Malicious processes
7
Suspicious processes
4

Behavior graph

Click at the process to see the details
start utorrent_installer.exe THREAT utorrent.exe utorrent.exe HNetCfg.FwPolicy2 no specs THREAT utorrent.exe utorrentie.exe no specs utorrentie.exe utorrentie.exe utorrentie.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2setup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs helper.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedge_x64_128.0.2739.67.exe setup.exe no specs setup.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4224 --field-trial-handle=2404,i,10406128738780382260,17043560359817212219,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2604 --field-trial-handle=2404,i,10406128738780382260,17043560359817212219,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3676 --field-trial-handle=2404,i,10406128738780382260,17043560359817212219,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2092"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EBB44B5C-A804-4E04-AE07-4365E933C072}\MicrosoftEdge_X64_128.0.2739.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EBB44B5C-A804-4E04-AE07-4365E933C072}\MicrosoftEdge_X64_128.0.2739.67.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Version:
128.0.2739.67
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{ebb44b5c-a804-4e04-ae07-4365e933c072}\microsoftedge_x64_128.0.2739.67.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2796"C:\Users\admin\AppData\Roaming\uTorrent\helper\helper.exe" 20189 --hval IBSqidZetP0XnvKe -- -pid 6308 -version 46922C:\Users\admin\AppData\Roaming\utorrent\helper\helper.exe
uTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
MEDIUM
Description:
µTorrent Helper
Version:
2.1.8.2789
Modules
Images
c:\users\admin\appdata\roaming\utorrent\helper\helper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
3272"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.6.0_46922\utorrentie.exe" uTorrent_6308_03AFE2C8_540095037 µTorrent4823DF041B09 uTorrent ie unpC:\Users\admin\AppData\Roaming\utorrent\updates\3.6.0_46922\utorrentie.exe
uTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.6.0_46922\utorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3672"C:\Users\admin\Desktop\utorrent_installer.exe" C:\Users\admin\Desktop\utorrent_installer.exe
explorer.exe
User:
admin
Company:
Rainberry, Inc.
Integrity Level:
MEDIUM
Description:
utorrent
Exit code:
0
Version:
3.6.0.46922
Modules
Images
c:\users\admin\desktop\utorrent_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4060"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.6.0_46922\utorrentie.exe" uTorrent_6308_03A62BA8_1659674900 µTorrent4823DF041B09 uTorrent ie unpC:\Users\admin\AppData\Roaming\utorrent\updates\3.6.0_46922\utorrentie.exe
uTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.6.0_46922\utorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4292"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.6.0_46922\utorrentie.exe" uTorrent_6308_03A63610_347658151 µTorrent4823DF041B09 uTorrent ie unpC:\Users\admin\AppData\Roaming\utorrent\updates\3.6.0_46922\utorrentie.exe
uTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.6.0_46922\utorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4392C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}C:\Windows\SysWOW64\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ucrtbase.dll
c:\windows\syswow64\combase.dll
Total events
38 949
Read events
35 480
Write events
3 421
Delete events
48

Modification events

(PID) Process:(3672) utorrent_installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3672) utorrent_installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3672) utorrent_installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4920) utorrent.exeKey:HKEY_CLASSES_ROOT\FalconBetaAccount
Operation:writeName:remote_access_client_id
Value:
5096972511
(PID) Process:(6752) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
Operation:writeName:PerfMMFileName
Value:
Global\MMF_BITS72db367c-9b8e-412e-a67f-b5ecb76d1b71
(PID) Process:(6040) utorrent.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent
Operation:writeName:computerID
Value:
046B69BC2014AA89D65EB4FD179EF29EA874878A745A2763
(PID) Process:(6040) utorrent.exeKey:HKEY_CLASSES_ROOT\.torrent
Operation:writeName:Content Type
Value:
application/x-bittorrent
(PID) Process:(6040) utorrent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent
Operation:writeName:Extension
Value:
.torrent
(PID) Process:(6040) utorrent.exeKey:HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-bittorrent
Operation:writeName:Extension
Value:
.torrent
(PID) Process:(6040) utorrent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgIDs
Operation:delete keyName:(default)
Value:
Executable files
218
Suspicious files
487
Text files
152
Unknown types
12

Dropped files

PID
Process
Filename
Type
4920utorrent.exeC:\Users\admin\AppData\Local\Temp\uttB33B.tmp
MD5:
SHA256:
6040utorrent.exeC:\Users\admin\AppData\Local\Temp\uttB619.tmp
MD5:
SHA256:
3672utorrent_installer.exeC:\Users\admin\AppData\Local\Temp\nswA8FB.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
3672utorrent_installer.exeC:\Users\admin\AppData\Local\Temp\nswA8FB.tmp\utorrent.exeexecutable
MD5:C020799E4AB5E3266AD6A6E20127E948
SHA256:A3EB4CCB3265575ECAD27583BA614C5D4C4C7436948EB1CFB0B6D326444F445D
3672utorrent_installer.exeC:\Users\admin\AppData\Local\Temp\nswA8FB.tmp\nsisFirewall.dllexecutable
MD5:F5BF81A102DE52A4ADD21B8A367E54E0
SHA256:53BE5716AD80945CB99681D5DBDA60492F5DFB206FBFDB776B769B3EEB18D2C2
3672utorrent_installer.exeC:\Users\admin\AppData\Local\Temp\nswA8FB.tmp\bt_datachannel.dllexecutable
MD5:DFCA05BEB0D6A31913C04B1314CA8B4A
SHA256:D4C4E05FADE7E76F4A2D0C9C58A6B9B82B761D9951FFDDD838C381549368E153
4920utorrent.exeC:\Users\admin\AppData\Roaming\utorrent\updates\3.6.0_46922.exeexecutable
MD5:C020799E4AB5E3266AD6A6E20127E948
SHA256:A3EB4CCB3265575ECAD27583BA614C5D4C4C7436948EB1CFB0B6D326444F445D
3672utorrent_installer.exeC:\Users\admin\AppData\Local\Temp\nswA8FB.tmp\INetC.dllexecutable
MD5:640BFF73A5F8E37B202D911E4749B2E9
SHA256:C1E568E25EC111184DEB1B87CFDA4BFEC529B1ABEAB39B66539D998012F33502
4920utorrent.exeC:\Users\admin\AppData\Local\Temp\uttF67F.tmp
MD5:
SHA256:
4920utorrent.exeC:\Users\admin\AppData\Local\Temp\uttF68F.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
208
TCP/UDP connections
236
DNS requests
121
Threats
33

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6040
utorrent.exe
GET
200
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=uTorrent&v=113358666&h=IBSqidZetP0XnvKe&w=4A65000A&bu=0&pr=0&cmp=0&ocmp=0&showwarning&pid=6040&cau=0&lunv=0&view=win32
unknown
whitelisted
6040
utorrent.exe
GET
200
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=uTorrent&v=113358666&h=IBSqidZetP0XnvKe&w=4A65000A&bu=0&pr=0&cmp=0&ocmp=0&wizardcomplete&pid=6040&cau=0&lunv=0&view=win32
unknown
whitelisted
6040
utorrent.exe
GET
200
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=uTorrent&v=113358666&h=IBSqidZetP0XnvKe&w=4A65000A&bu=0&pr=0&cmp=0&ocmp=0&showtorrentoffer&pid=6040&cau=0&lunv=0&toroffer=0&torofferid=<NULL>&view=win32
unknown
whitelisted
GET
301
184.30.21.171:443
https://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
6040
utorrent.exe
GET
200
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=uTorrent&v=113358666&h=IBSqidZetP0XnvKe&w=4A65000A&bu=0&pr=0&cmp=0&ocmp=0&installresult&pid=6040&cau=0&lunv=0&installresult=0&exit=1&au=0&ic=1&view=win32
unknown
whitelisted
4920
utorrent.exe
GET
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=uTorrent&v=113358666&h=IBSqidZetP0XnvKe&w=4A65000A&bu=0&pr=0&cmp=0&ocmp=0&installresult&pid=4920&cau=0&lunv=0&installresult=0&exit=1&au=0&ic=2&view=win32
unknown
whitelisted
3672
utorrent_installer.exe
POST
200
52.1.204.234:80
http://i-6000.b-46922.ut.bench.utorrent.com/e?i=6000
unknown
unknown
6308
uTorrent.exe
GET
301
98.143.146.7:80
http://utorrent.com/download/langpacks/dl.php?build=46922&ref=client&client=utorrent&sys_l=en&sel_l=-1&tk=stable34
unknown
whitelisted
6308
uTorrent.exe
GET
41.63.96.2:80
http://apps.bittorrent.com/utorrent-onboarding/player.btapp
unknown
whitelisted
6308
uTorrent.exe
GET
200
98.143.146.7:80
http://legacy.utorrent.com/scripts/dl.php?build=46922&ref=client&client=utorrent&sys_l=en&sel_l=-1&tk=stable34
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6612
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2400
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2400
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6612
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3672
utorrent_installer.exe
52.1.204.234:80
i-6000.b-46922.ut.bench.utorrent.com
AMAZON-AES
US
whitelisted
2400
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.18.14
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
i-6000.b-46922.ut.bench.utorrent.com
  • 52.1.204.234
  • 44.213.195.206
  • 44.214.185.145
  • 44.223.188.155
  • 52.6.74.63
  • 52.2.191.134
  • 52.1.158.222
  • 52.55.222.249
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
router.bittorrent.com
  • 67.215.246.10
whitelisted
router.utorrent.com
  • 82.221.103.244
whitelisted
i-21.b-46922.ut.bench.utorrent.com
  • 52.73.84.192
  • 52.5.31.148
  • 52.1.204.234
  • 52.1.158.222
  • 44.213.195.206
  • 52.44.136.232
  • 44.218.146.52
  • 44.214.185.145
whitelisted
update.utorrent.com
  • 67.215.246.203
whitelisted
i-50.b-46922.ut.bench.utorrent.com
  • 50.16.219.170
  • 52.1.158.222
  • 52.2.191.134
  • 44.214.185.145
  • 52.3.106.130
  • 44.223.188.155
  • 44.218.146.52
  • 52.73.84.192
whitelisted
update.utorrent.li
  • 82.221.103.246
  • 82.221.103.245
whitelisted

Threats

PID
Process
Class
Message
3672
utorrent_installer.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
6040
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
6040
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
6040
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
6040
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
6040
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
4920
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
6040
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
3672
utorrent_installer.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
6040
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
utorrent_installer.exe