File name:

utorrent_installer.exe

Full analysis: https://app.any.run/tasks/b0c91aa0-9042-42fd-8169-9cc97ab47627
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 28, 2024, 17:35:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
upx
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

241CE365F228EE5F74D81B3FEA14E09A

SHA1:

700B05506DD3EEBB4B87FF545F6D2BB6AF6A3AE3

SHA256:

BF4EE47D0DF1870104F4FADA8A68C2FB29E94FEA9284C7BB6A6B385A718D8A18

SSDEEP:

49152:9BuZrEUT97LZxMPrlDZFBmS06nIJOZobMPx:LkLp/ZSr97Bmb6naO6bsx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • utorrent_installer.exe (PID: 3532)
      • utorrent_installer.exe (PID: 2944)
      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • avg_antivirus_free_setup.exe (PID: 268)
      • avg_antivirus_free_online_setup.exe (PID: 656)
      • icarus.exe (PID: 1912)
      • uTorrent.exe (PID: 1680)
      • icarus.exe (PID: 3344)

    • Changes the autorun value in the registry

      • utorrent.exe (PID: 3588)
      • uTorrent.exe (PID: 1680)

    • Creates a writable file in the system directory

      • icarus.exe (PID: 3344)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • utorrent_installer.exe (PID: 3532)
      • utorrent_installer.exe (PID: 2944)
      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • avg_antivirus_free_setup.exe (PID: 268)
      • avg_antivirus_free_online_setup.exe (PID: 656)
      • uTorrent.exe (PID: 1680)
      • icarus.exe (PID: 1912)
      • icarus.exe (PID: 3344)

    • Mutex name with non-standard characters

      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 1680)

    • Reads settings of System Certificates

      • utorrent_installer.tmp (PID: 2100)
      • avg_antivirus_free_setup.exe (PID: 268)
      • avg_antivirus_free_online_setup.exe (PID: 656)
      • uTorrent.exe (PID: 1680)
      • helper.exe (PID: 4052)

    • Reads the Windows owner or organization settings

      • utorrent_installer.tmp (PID: 2100)

    • Reads the Internet Settings

      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • uTorrent.exe (PID: 1680)

    • The process creates files with name similar to system file names

      • uTorrent.exe (PID: 2580)
      • icarus.exe (PID: 3344)

    • Reads security settings of Internet Explorer

      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 1680)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • uTorrent.exe (PID: 2580)

    • Checks Windows Trust Settings

      • utorrent.exe (PID: 3588)
      • uTorrent.exe (PID: 1680)

    • Searches for installed software

      • utorrent.exe (PID: 3588)
      • uTorrent.exe (PID: 1680)

    • Creates a software uninstall entry

      • utorrent.exe (PID: 3588)

    • Potential Corporate Privacy Violation

      • utorrent.exe (PID: 3588)
      • uTorrent.exe (PID: 1680)

    • Changes Internet Explorer settings (feature browser emulation)

      • uTorrent.exe (PID: 1680)

    • Process requests binary or script from the Internet

      • uTorrent.exe (PID: 1680)

    • Starts itself from another location

      • icarus.exe (PID: 1912)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 3344)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 3344)

    • The process verifies whether the antivirus software is installed

      • icarus.exe (PID: 3344)

  • INFO

    • Reads the computer name

      • utorrent_installer.tmp (PID: 3432)
      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • avg_antivirus_free_setup.exe (PID: 268)
      • avg_antivirus_free_online_setup.exe (PID: 656)
      • uTorrent.exe (PID: 1680)
      • icarus.exe (PID: 1912)
      • icarus.exe (PID: 3344)
      • icarus.exe (PID: 1652)
      • helper.exe (PID: 4052)

    • Create files in a temporary directory

      • utorrent_installer.exe (PID: 3532)
      • utorrent_installer.exe (PID: 2944)
      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • avg_antivirus_free_online_setup.exe (PID: 656)
      • uTorrent.exe (PID: 1680)
      • icarus.exe (PID: 1912)
      • icarus.exe (PID: 3344)
      • icarus.exe (PID: 1652)

    • Checks supported languages

      • utorrent_installer.exe (PID: 2944)
      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • avg_antivirus_free_setup.exe (PID: 268)
      • avg_antivirus_free_online_setup.exe (PID: 656)
      • uTorrent.exe (PID: 1680)
      • utorrent_installer.exe (PID: 3532)
      • icarus.exe (PID: 1912)
      • utorrent_installer.tmp (PID: 3432)
      • icarus.exe (PID: 3344)
      • icarus.exe (PID: 1652)
      • helper.exe (PID: 4052)

    • Reads the machine GUID from the registry

      • utorrent_installer.tmp (PID: 2100)
      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • avg_antivirus_free_setup.exe (PID: 268)
      • avg_antivirus_free_online_setup.exe (PID: 656)
      • uTorrent.exe (PID: 1680)
      • icarus.exe (PID: 1912)
      • icarus.exe (PID: 3344)
      • icarus.exe (PID: 1652)

    • Reads the software policy settings

      • utorrent_installer.tmp (PID: 2100)
      • avg_antivirus_free_setup.exe (PID: 268)
      • avg_antivirus_free_online_setup.exe (PID: 656)
      • uTorrent.exe (PID: 1680)

    • Creates files or folders in the user directory

      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • uTorrent.exe (PID: 1680)
      • helper.exe (PID: 4052)

    • Checks proxy server information

      • uTorrent.exe (PID: 2580)
      • utorrent.exe (PID: 3588)
      • uTorrent.exe (PID: 1680)

    • Creates files in the program directory

      • avg_antivirus_free_online_setup.exe (PID: 656)
      • icarus.exe (PID: 1912)
      • icarus.exe (PID: 3344)

    • Dropped object may contain TOR URL's

      • icarus.exe (PID: 1912)
      • icarus.exe (PID: 3344)

    • UPX packer has been detected

      • uTorrent.exe (PID: 1680)

    • Reads CPU info

      • icarus.exe (PID: 1912)
      • icarus.exe (PID: 1652)
      • icarus.exe (PID: 3344)

    • Application launched itself

      • msedge.exe (PID: 2740)
      • msedge.exe (PID: 2412)

    • Reads Environment values

      • icarus.exe (PID: 3344)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 72704
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 3.6.0.0
ProductVersionNumber: 3.6.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: uTorrent® Classic
FileVersion: 3.6
LegalCopyright: ©2022 RainBerry Inc. All Rights Reserved
OriginalFileName:
ProductName: uTorrent® Classic
ProductVersion: 3.6
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
83
Monitored processes
42
Malicious processes
11
Suspicious processes
1

Behavior graph

Click at the process to see the details
start utorrent_installer.exe utorrent_installer.tmp no specs utorrent_installer.exe utorrent_installer.tmp utorrent.exe utorrent.exe avg_antivirus_free_setup.exe avg_antivirus_free_online_setup.exe THREAT utorrent.exe utorrentie.exe no specs utorrentie.exe no specs utorrentie.exe no specs utorrentie.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs icarus.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs icarus.exe icarus.exe no specs utorrentie.exe no specs msedge.exe no specs msedge.exe no specs helper.exe utorrentie.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
268"C:\Users\admin\AppData\Local\Temp\is-NJODG.tmp\component0_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5fbey3nOgXAnoeupKQ9zFp5emkFjiLXcKnh1hCbjHNDR19zSI5KWKL6BqDjYf54cljthZCaJoC:\Users\admin\AppData\Local\Temp\is-NJODG.tmp\component0_extract\avg_antivirus_free_setup.exe
utorrent_installer.tmp
User:
admin
Company:
AVG Technologies CZ, s.r.o.
Integrity Level:
HIGH
Description:
AVG Installer
Version:
2.1.99.0
Modules
Images
c:\users\admin\appdata\local\temp\is-njodg.tmp\component0_extract\avg_antivirus_free_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
656"C:\Windows\Temp\asw.f7f6d2b730011673\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5fbey3nOgXAnoeupKQ9zFp5emkFjiLXcKnh1hCbjHNDR19zSI5KWKL6BqDjYf54cljthZCaJo /cookie:mmm_irs_ppi_902_451_o /ga_clientid:05a81505-9a33-4075-846d-eb6eac233748 /edat_dir:C:\Windows\Temp\asw.f7f6d2b730011673C:\Windows\Temp\asw.f7f6d2b730011673\avg_antivirus_free_online_setup.exe
avg_antivirus_free_setup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Self-Extract Package
Version:
24.6.7511.0
Modules
Images
c:\windows\temp\asw.f7f6d2b730011673\avg_antivirus_free_online_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
748"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0x100,0x6b33f598,0x6b33f5a8,0x6b33f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1072"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.6.0_47124\utorrentie.exe" uTorrent_1680_03A62A50_306219903 µTorrent4823DF041B09 uTorrent ie unpC:\Users\admin\AppData\Roaming\utorrent\updates\3.6.0_47124\utorrentie.exeuTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
3221225785
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.6.0_47124\utorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1164"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 --field-trial-handle=1192,i,2217044887494212845,13574572477086047410,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1196"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1644 --field-trial-handle=1192,i,2217044887494212845,13574572477086047410,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3128 --field-trial-handle=1192,i,2217044887494212845,13574572477086047410,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1404"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3484 --field-trial-handle=1192,i,2217044887494212845,13574572477086047410,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1596"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.6.0_47124\utorrentie.exe" uTorrent_1680_03ABA118_227139038 µTorrent4823DF041B09 uTorrent ie unpC:\Users\admin\AppData\Roaming\utorrent\updates\3.6.0_47124\utorrentie.exeuTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
3221225785
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.6.0_47124\utorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1608"C:\Users\admin\AppData\Roaming\uTorrent\updates\3.6.0_47124\utorrentie.exe" uTorrent_1680_02B6DF10_1758657153 µTorrent4823DF041B09 uTorrent ie unpC:\Users\admin\AppData\Roaming\utorrent\updates\3.6.0_47124\utorrentie.exeuTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
3221225785
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\utorrent\updates\3.6.0_47124\utorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
43 797
Read events
43 473
Write events
294
Delete events
30

Modification events

(PID) Process:(2100) utorrent_installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
340800009AD7F1A181C9DA01
(PID) Process:(2100) utorrent_installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
8E571C8C1B97754E1DBE34E2A1E711ABF8D24E4392103F0384EE75FC742AD256
(PID) Process:(2100) utorrent_installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(2100) utorrent_installer.tmpKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2580) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2580) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2580) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2580) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2580) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2580) uTorrent.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
Executable files
234
Suspicious files
321
Text files
134
Unknown types
10

Dropped files

PID
Process
Filename
Type
3588utorrent.exeC:\Users\admin\AppData\Local\Temp\utt938D.tmp
MD5:
SHA256:
2944utorrent_installer.exeC:\Users\admin\AppData\Local\Temp\is-1VB1J.tmp\utorrent_installer.tmpexecutable
MD5:27174A5611D8827D1736D9AC8382D19F
SHA256:36A40FB99C1B026E59C6BA286A02548C64EC7A7E280B19D3169AF9AA3C59B994
2100utorrent_installer.tmpC:\Users\admin\AppData\Local\Temp\is-NJODG.tmp\is-62KSN.tmpimage
MD5:B582D76D71DA0734A777FC8376FD0150
SHA256:1CE2B90C05299026D66AF72B8D1FBF4C2ABDBCBBD03959B8F05986A48F9034C6
2580uTorrent.exeC:\Users\admin\AppData\Local\Temp\nst897C.tmp\utwin_install.logbinary
MD5:BA38B9F417707A68B53F2D393099CDD8
SHA256:31F0DB7B07CB2DA344004F2943662A3026F9FF71B5B320221C3D370562EBA746
2580uTorrent.exeC:\Users\admin\AppData\Local\Temp\nst897C.tmp\nsisFirewall.dllexecutable
MD5:F5BF81A102DE52A4ADD21B8A367E54E0
SHA256:53BE5716AD80945CB99681D5DBDA60492F5DFB206FBFDB776B769B3EEB18D2C2
3532utorrent_installer.exeC:\Users\admin\AppData\Local\Temp\is-R8JDR.tmp\utorrent_installer.tmpexecutable
MD5:27174A5611D8827D1736D9AC8382D19F
SHA256:36A40FB99C1B026E59C6BA286A02548C64EC7A7E280B19D3169AF9AA3C59B994
2580uTorrent.exeC:\Users\admin\AppData\Local\Temp\nst897C.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
3588utorrent.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2fbinary
MD5:B4BAA7E720580638BEA46724F4494117
SHA256:20D28F42C4B80D8F3F3DD9A2CE8B502FB65B82D27CA02E8557717A04119222C1
2100utorrent_installer.tmpC:\Users\admin\AppData\Local\Temp\is-NJODG.tmp\license.rtftext
MD5:D88780E16B98ABD0E73EE15D2AC5FE46
SHA256:89FE20D3C918FB515E63E632E325ED93618DAB8C00D39074594D466C978B9868
2100utorrent_installer.tmpC:\Users\admin\AppData\Local\Temp\is-NJODG.tmp\uTorrent.exeexecutable
MD5:FF6391DE440D623328A7CB11157B5152
SHA256:057C3375D3EF0269430CD12EF946C2906FA769BAFBEBE72D777EF0089D6F0975
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
282
DNS requests
147
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
3588
utorrent.exe
GET
200
67.215.246.203:80
http://update.utorrent.com/installstats.php?cl=uTorrent&v=113358868&h=Nj0zNfnQBNrPdCUx&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&showinstall&pid=3588&cau=0&lunv=0&au=0&view=win32
unknown
unknown
1372
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
3588
utorrent.exe
GET
200
67.215.246.203:80
http://update.utorrent.com/installstats.php?cl=uTorrent&v=113358868&h=Nj0zNfnQBNrPdCUx&w=1DB10106&bu=0&pr=0&cmp=0&ocmp=0&installresult&pid=3588&cau=0&lunv=0&installresult=0&exit=1&au=0&ic=1&view=win32
unknown
unknown
268
avg_antivirus_free_setup.exe
POST
200
172.217.16.142:80
http://www.google-analytics.com/collect
unknown
unknown
1060
svchost.exe
GET
304
23.50.131.213:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b9cbb86641624f54
unknown
unknown
2580
uTorrent.exe
POST
200
52.0.225.141:80
http://i-6000.b-47124.ut.bench.utorrent.com/e?i=6000
unknown
unknown
2580
uTorrent.exe
POST
200
52.0.225.141:80
http://i-6000.b-47124.ut.bench.utorrent.com/e?i=6000
unknown
unknown
1680
uTorrent.exe
POST
200
52.44.177.232:80
http://i-21.b-47124.ut.bench.utorrent.com/e?i=21
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2100
utorrent_installer.tmp
108.138.34.64:443
d42q8e9nhm7ym.cloudfront.net
AMAZON-02
US
unknown
2100
utorrent_installer.tmp
18.173.184.178:443
d2p3z23xtslrsm.cloudfront.net
US
unknown
2100
utorrent_installer.tmp
52.85.65.41:443
api.playanext.com
AMAZON-02
US
unknown
2100
utorrent_installer.tmp
52.85.65.2:443
api.playanext.com
AMAZON-02
US
unknown
2100
utorrent_installer.tmp
54.192.196.195:443
d27iw11mm1vkcl.cloudfront.net
AMAZON-02
US
unknown
1372
svchost.exe
23.50.131.216:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
d42q8e9nhm7ym.cloudfront.net
  • 108.138.34.64
  • 108.138.34.138
  • 108.138.34.212
  • 108.138.34.61
unknown
d2p3z23xtslrsm.cloudfront.net
  • 18.173.184.178
  • 18.173.184.57
  • 18.173.184.6
  • 18.173.184.60
unknown
api.playanext.com
  • 52.85.65.41
  • 52.85.65.56
  • 52.85.65.127
  • 52.85.65.2
whitelisted
d27iw11mm1vkcl.cloudfront.net
  • 54.192.196.195
  • 54.192.196.96
  • 54.192.196.156
  • 54.192.196.205
unknown
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.216
  • 23.50.131.221
  • 23.50.131.213
  • 23.50.131.200
  • 23.50.131.208
  • 23.50.131.202
  • 23.50.131.205
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.41.90
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
download-new.utorrent.com
  • 67.215.238.66
whitelisted
i-6000.b-47124.ut.bench.utorrent.com
  • 52.0.225.141
  • 44.214.32.147
  • 44.198.93.60
  • 44.193.225.187
  • 44.216.160.54
  • 52.0.193.123
  • 52.0.40.222
  • 52.44.177.232
unknown

Threats

PID
Process
Class
Message
2580
uTorrent.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
3588
utorrent.exe
Potential Corporate Privacy Violation
ET P2P Bittorrent P2P Client User-Agent (uTorrent)
2580
uTorrent.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1680
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
1680
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BitTorrent DHT ping request
1680
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
1680
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
1680
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
1680
uTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
Process
Message
msedge.exe
[0628/183731.164:ERROR:exception_handler_server.cc(527)] ConnectNamedPipe: The pipe is being closed. (0xE8)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
utorrent_installer.exe