File name:

bittorrent_installer.exe

Full analysis: https://app.any.run/tasks/302431e6-8d86-4b42-972d-2208bfded8c2
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 27, 2024, 14:02:48
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
bittorrent
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

9F794D4CB4F8981E0508024AFD2E6242

SHA1:

3A41885BF1DA05A1B1EECCE059288F39688EE60C

SHA256:

F63FBDAF43D3ABE303D460E3A9153B999EBD3809B038FD6781365EAAD81EA814

SSDEEP:

98304:j3BlX/g4WDdB8WQLI5yNkx5z1fEuIt6CP1ce/Unba+O+CB3jD9/i:pc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • bittorrent.exe (PID: 6528)

    • BITTORRENT has been detected (SURICATA)

      • BitTorrent.exe (PID: 3144)

  • SUSPICIOUS

    • Starts application with an unusual extension

      • bittorrent_installer.exe (PID: 6576)

    • Executable content was dropped or overwritten

      • bittorrent_installer.exe (PID: 6576)
      • beta (PID: 6276)
      • bittorrent.exe (PID: 6528)
      • BitTorrent.exe (PID: 3144)
      • MicrosoftEdgeWebView2Setup.exe (PID: 5740)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • beta (PID: 6276)

    • Reads security settings of Internet Explorer

      • beta (PID: 6276)
      • bittorrent.exe (PID: 6528)
      • bittorrent_installer.exe (PID: 6576)
      • BitTorrent.exe (PID: 3144)
      • bittorrentie.exe (PID: 2512)
      • bittorrentie.exe (PID: 372)
      • bittorrentie.exe (PID: 6884)
      • bittorrentie.exe (PID: 6804)
      • bittorrentie.exe (PID: 644)

    • Checks Windows Trust Settings

      • bittorrent.exe (PID: 6528)
      • BitTorrent.exe (PID: 3144)
      • bittorrentie.exe (PID: 6884)

    • Searches for installed software

      • bittorrent.exe (PID: 6528)
      • BitTorrent.exe (PID: 3144)

    • Creates a software uninstall entry

      • bittorrent.exe (PID: 6528)

    • Process drops legitimate windows executable

      • BitTorrent.exe (PID: 3144)
      • MicrosoftEdgeWebView2Setup.exe (PID: 5740)
      • MicrosoftEdgeUpdate.exe (PID: 6880)

    • Potential Corporate Privacy Violation

      • BitTorrent.exe (PID: 3144)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 6880)

    • Reads Internet Explorer settings

      • bittorrentie.exe (PID: 372)
      • bittorrentie.exe (PID: 644)

  • INFO

    • The sample compiled with english language support

      • bittorrent_installer.exe (PID: 6576)
      • beta (PID: 6276)
      • bittorrent.exe (PID: 6528)
      • BitTorrent.exe (PID: 3144)
      • MicrosoftEdgeWebView2Setup.exe (PID: 5740)
      • MicrosoftEdgeUpdate.exe (PID: 6880)

    • Checks supported languages

      • bittorrent_installer.exe (PID: 6576)
      • beta (PID: 6276)
      • bittorrent.exe (PID: 6528)
      • BitTorrent.exe (PID: 3144)
      • bittorrentie.exe (PID: 2512)
      • bittorrentie.exe (PID: 6804)
      • bittorrentie.exe (PID: 372)
      • MicrosoftEdgeUpdate.exe (PID: 6880)

    • Checks proxy server information

      • bittorrent_installer.exe (PID: 6576)
      • beta (PID: 6276)
      • BitTorrent.exe (PID: 3144)
      • bittorrentie.exe (PID: 6884)
      • bittorrentie.exe (PID: 372)
      • bittorrentie.exe (PID: 6804)
      • wermgr.exe (PID: 4056)

    • Reads the machine GUID from the registry

      • bittorrent_installer.exe (PID: 6576)
      • bittorrent.exe (PID: 6528)
      • BitTorrent.exe (PID: 3144)
      • bittorrentie.exe (PID: 6884)

    • Reads the computer name

      • bittorrent_installer.exe (PID: 6576)
      • beta (PID: 6276)
      • BitTorrent.exe (PID: 3144)
      • bittorrentie.exe (PID: 2512)
      • bittorrentie.exe (PID: 6804)
      • bittorrentie.exe (PID: 372)

    • Sends debugging messages

      • bittorrent_installer.exe (PID: 6576)

    • Create files in a temporary directory

      • bittorrent_installer.exe (PID: 6576)
      • beta (PID: 6276)
      • BitTorrent.exe (PID: 3144)

    • The process uses the downloaded file

      • beta (PID: 6276)

    • Process checks computer location settings

      • beta (PID: 6276)
      • MicrosoftEdgeUpdate.exe (PID: 6880)

    • Creates files or folders in the user directory

      • BitTorrent.exe (PID: 3144)
      • bittorrent.exe (PID: 6528)
      • bittorrentie.exe (PID: 6884)
      • helper.exe (PID: 1468)

    • Creates files in the program directory

      • MicrosoftEdgeWebView2Setup.exe (PID: 5740)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 6880)

    • Manual execution by a user

      • msedge.exe (PID: 5712)

    • Application launched itself

      • msedge.exe (PID: 5992)
      • msedge.exe (PID: 5712)
      • msedge.exe (PID: 7780)

    • Reads the software policy settings

      • bittorrentie.exe (PID: 6884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (18)
.exe | Win32 Executable (generic) (2.9)
.exe | Generic Win/DOS Executable (1.3)
.exe | DOS Executable Generic (1.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:12:12 16:08:02+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 2194432
InitializedDataSize: 2423296
UninitializedDataSize: -
EntryPoint: 0x1cc736
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.2.1.12129
ProductVersionNumber: 3.2.1.12129
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Bit Torrent Classic
FileDescription: Bit Torrent Classic
FileVersion: 3.2.1.12129
LegalCopyright: (c) Bit Torrent Classic
ProductName: Bit Torrent Classic
ProductVersion: 3.2.1.12129
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
196
Monitored processes
63
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start bittorrent_installer.exe beta bittorrent.exe HNetCfg.FwPolicy2 no specs #BITTORRENT bittorrent.exe bittorrentie.exe no specs microsoftedgewebview2setup.exe bittorrentie.exe bittorrentie.exe microsoftedgeupdate.exe bittorrentie.exe wermgr.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs bittorrentie.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs helper.exe bittorrent_installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
372"C:\Users\admin\AppData\Roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exe" BitTorrent_3144_041E1F20_452514330 BT4823DF041B09 BitTorrent ie unpC:\Users\admin\AppData\Roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exe
BitTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
520"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3744 --field-trial-handle=2444,i,12122740259586361540,6235677902574095820,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
644"C:\Users\admin\AppData\Roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exe" BitTorrent_3144_041F57F0_1848026402 BT4823DF041B09 BitTorrent ie unpC:\Users\admin\AppData\Roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exe
BitTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1468"C:\Users\admin\AppData\Roaming\bittorrent\helper\helper.exe" 28815 --hval n9_k52cuH5_ceTXP -- -pid 3144 -version 47177C:\Users\admin\AppData\Roaming\bittorrent\helper\helper.exe
BitTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
HIGH
Description:
µTorrent Helper
Version:
2.1.8.2789
Modules
Images
c:\users\admin\appdata\roaming\bittorrent\helper\helper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
2084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6412 --field-trial-handle=2444,i,12122740259586361540,6235677902574095820,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2512"C:\Users\admin\AppData\Roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exe" BitTorrent_3144_00E8C918_1250546020 BT4823DF041B09 BitTorrent ie unpC:\Users\admin\AppData\Roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exeBitTorrent.exe
User:
admin
Company:
BitTorrent Inc.
Integrity Level:
LOW
Description:
WebHelper
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\roaming\bittorrent\updates\7.11.0_47177\bittorrentie.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3144"C:\Users\admin\AppData\Roaming\bittorrent\BitTorrent.exe" C:\Users\admin\AppData\Roaming\bittorrent\BitTorrent.exe
bittorrent_installer.exe
User:
admin
Company:
BitTorrent Limited
Integrity Level:
HIGH
Description:
BitTorrent
Version:
7.11.0.47177
Modules
Images
c:\users\admin\appdata\roaming\bittorrent\bittorrent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4056"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "6880" "2052" "1988" "2056" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3484 --field-trial-handle=2444,i,12122740259586361540,6235677902574095820,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5556"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6852 --field-trial-handle=2444,i,12122740259586361540,6235677902574095820,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
25 596
Read events
25 030
Write events
561
Delete events
5

Modification events

(PID) Process:(6276) betaKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6276) betaKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6276) betaKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6528) bittorrent.exeKey:HKEY_CLASSES_ROOT\FalconBetaAccount
Operation:writeName:remote_access_client_id
Value:
1132512646
(PID) Process:(6528) bittorrent.exeKey:HKEY_CURRENT_USER\SOFTWARE\BitTorrent
Operation:writeName:computerID
Value:
4B718AF59FDFE4E7672E1F9FDC7935CF256D9D0AC51346B9
(PID) Process:(6528) bittorrent.exeKey:HKEY_CLASSES_ROOT\.torrent
Operation:writeName:Content Type
Value:
application/x-bittorrent
(PID) Process:(6528) bittorrent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent
Operation:writeName:Extension
Value:
.torrent
(PID) Process:(6528) bittorrent.exeKey:HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-bittorrent
Operation:writeName:Extension
Value:
.torrent
(PID) Process:(6528) bittorrent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgIDs
Operation:delete keyName:(default)
Value:
(PID) Process:(6528) bittorrent.exeKey:HKEY_CLASSES_ROOT\.torrent\OpenWithProgids
Operation:writeName:BitTorrent
Value:
Executable files
218
Suspicious files
358
Text files
96
Unknown types
12

Dropped files

PID
Process
Filename
Type
6528bittorrent.exeC:\Users\admin\AppData\Local\Temp\uttA914.tmp
MD5:
SHA256:
3144BitTorrent.exeC:\Users\admin\AppData\Local\Temp\uttBB64.tmp
MD5:
SHA256:
3144BitTorrent.exeC:\Users\admin\AppData\Local\Temp\uttBBC3.tmp
MD5:
SHA256:
6576bittorrent_installer.exeC:\Users\admin\AppData\Local\Temp\ISV5680.tmp\betaexecutable
MD5:AA393C08F697DC3B3EAF7CF92A5DDC77
SHA256:8EDCB41CE1E841296097D2EAFA1D089485B0B02EB5DB05D9BE3C28EBC7A7BB1A
6276betaC:\Users\admin\AppData\Local\Temp\nsaA491.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
6276betaC:\Users\admin\AppData\Local\Temp\nsaA491.tmp\bittorrent.exeexecutable
MD5:E53921D9CD577AE5F8A71E756B58D1FC
SHA256:F8E48C29A47B114C4B979FBE10394090EB90FF6600A5B48F4A94BD13184BD4C0
6276betaC:\Users\admin\AppData\Local\Temp\nsaA491.tmp\utwin_install.logbinary
MD5:BA38B9F417707A68B53F2D393099CDD8
SHA256:31F0DB7B07CB2DA344004F2943662A3026F9FF71B5B320221C3D370562EBA746
3144BitTorrent.exeC:\Users\admin\AppData\Roaming\bittorrent\apps\player.btappxml
MD5:37162B300AED483C74C1AF91ACB7D0AE
SHA256:5183B3CB47DA4C27891231EDEE07938D5C3B5988835410C7AC18E48487455C87
6276betaC:\Users\admin\AppData\Local\Temp\nsaA491.tmp\nsisFirewall.dllexecutable
MD5:F5BF81A102DE52A4ADD21B8A367E54E0
SHA256:53BE5716AD80945CB99681D5DBDA60492F5DFB206FBFDB776B769B3EEB18D2C2
6276betaC:\Users\admin\AppData\Local\Temp\nsaA491.tmp\INetC.dllexecutable
MD5:640BFF73A5F8E37B202D911E4749B2E9
SHA256:C1E568E25EC111184DEB1B87CFDA4BFEC529B1ABEAB39B66539D998012F33502
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
75
TCP/UDP connections
287
DNS requests
118
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.161:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.48.23.161:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6528
bittorrent.exe
GET
200
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=BitTorrent&v=258062409&h=n9_k52cuH5_ceTXP&w=4A65000A&bu=0&pr=0&cmp=0&ocmp=0&showinstall&pid=6528&cau=0&lunv=0&au=0&view=win32
unknown
whitelisted
6528
bittorrent.exe
GET
200
82.221.103.246:80
http://update.utorrent.li/installstats.php?cl=BitTorrent&v=258062409&h=n9_k52cuH5_ceTXP&w=4A65000A&bu=0&pr=0&cmp=0&ocmp=0&installresult&pid=6528&cau=0&lunv=0&installresult=0&exit=1&au=0&ic=1&view=win32
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6276
beta
POST
200
18.211.23.0:80
http://i-6000.b-47177.ut.bench.utorrent.com/e?i=6000
unknown
whitelisted
3144
BitTorrent.exe
GET
41.63.96.2:80
http://apps.bittorrent.com/utorrent-onboarding/player.btapp
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.48.23.161:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
92.123.104.32:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1224
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.32.138:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6576
bittorrent_installer.exe
13.33.216.8:443
d2fs7jrq4rzfyi.cloudfront.net
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.48.23.161
  • 23.48.23.176
  • 23.48.23.167
  • 23.48.23.174
  • 23.48.23.178
  • 23.48.23.159
  • 23.48.23.185
  • 23.48.23.168
  • 23.48.23.183
  • 23.48.23.149
  • 23.48.23.151
  • 23.48.23.157
  • 23.48.23.152
  • 23.48.23.150
  • 23.48.23.164
  • 23.48.23.162
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
google.com
  • 142.250.184.206
whitelisted
www.bing.com
  • 92.123.104.32
  • 92.123.104.61
  • 92.123.104.38
  • 92.123.104.43
  • 92.123.104.31
  • 92.123.104.59
  • 92.123.104.34
  • 92.123.104.40
  • 92.123.104.60
  • 92.123.104.67
  • 92.123.104.64
  • 92.123.104.19
  • 92.123.104.33
  • 92.123.104.21
  • 92.123.104.28
whitelisted
ocsp.digicert.com
  • 192.229.221.95
unknown
d2fs7jrq4rzfyi.cloudfront.net
  • 13.33.216.8
  • 13.33.216.223
  • 13.33.216.178
  • 13.33.216.63
whitelisted
login.live.com
  • 40.126.32.138
  • 20.190.160.17
  • 40.126.32.140
  • 40.126.32.68
  • 40.126.32.136
  • 20.190.160.14
  • 40.126.32.133
  • 40.126.32.134
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
download-new.utorrent.com
  • 67.215.238.66
whitelisted
i-6000.b-47177.ut.bench.utorrent.com
  • 18.211.23.0
  • 34.227.174.173
  • 44.213.43.72
  • 34.226.117.94
  • 44.194.12.79
  • 54.85.80.58
whitelisted

Threats

PID
Process
Class
Message
6276
beta
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
6276
beta
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
3144
BitTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3144
BitTorrent.exe
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
2192
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
3144
BitTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3144
BitTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3144
BitTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3144
BitTorrent.exe
Potential Corporate Privacy Violation
ET P2P BTWebClient UA uTorrent in use
3144
BitTorrent.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
Process
Message
bittorrent_installer.exe
LoadingPage
bittorrent_installer.exe
WarningPageBTClassic
bittorrent_installer.exe
LicensePage
bittorrent_installer.exe
ProductPage
bittorrent_installer.exe
OptionsPageBTClassic
bittorrent_installer.exe
ConfigurationsPageBTClassic
bittorrent_installer.exe
DownloadPageISV
bittorrent_installer.exe
FinishPageISV
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
bittorrent_installer.exe