File name:

Half-Life-2-Complete-Edition-by-Igruha.torrent

Full analysis: https://app.any.run/tasks/bf5b4419-9754-4b4e-8ad7-1bb14e2f535d
Verdict: Malicious activity
Analysis date: November 23, 2023, 17:01:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-bittorrent
File info: BitTorrent file
MD5:

5AFD4257A727A69743757FDFC0455BB9

SHA1:

D5D9EE71303DC6D345FD446017DDEDEC269FFB6F

SHA256:

1F5994E35DD704F203836413D4AB319FB9650FCB241DC9B5A8E41CE87869DEE1

SSDEEP:

3072:q9AwNgO4Jv+aeZtVAGg/NP/lxfH0pbxwJT1K:q9BIJvje3VcHxsBxwF1K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 7l_hl2_setup.exe (PID: 3840)
      • 7l_hl2_setup.exe (PID: 684)
      • Run_HL2.exe (PID: 1992)
      • upt.exe (PID: 1892)
      • 7l_hl2_setup.tmp (PID: 1812)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1756)

  • SUSPICIOUS

    • Reads the Internet Settings

      • rundll32.exe (PID: 3484)
      • Run_HL2.exe (PID: 1992)
      • 7l_hl2_setup.tmp (PID: 1812)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Uses RUNDLL32.EXE to load library

      • msedge.exe (PID: 3540)

    • Reads the Windows owner or organization settings

      • 7l_hl2_setup.tmp (PID: 1812)
      • upt.tmp (PID: 1696)

    • Uses TASKKILL.EXE to kill process

      • 7l_hl2_setup.tmp (PID: 1812)
      • upt.tmp (PID: 1696)

    • Process requests binary or script from the Internet

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Reads Microsoft Outlook installation path

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 3264)
      • Run_HL2.exe (PID: 1756)

    • Reads Internet Explorer settings

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • 7l_hl2_setup.tmp (PID: 1812)

    • Executing commands from a ".bat" file

      • upt.tmp (PID: 1696)

    • Starts CMD.EXE for commands execution

      • upt.tmp (PID: 1696)

    • Changes Internet Explorer settings (feature browser emulation)

      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 1808)

    • Searches for installed software

      • upt.tmp (PID: 1696)

    • Checks Windows Trust Settings

      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Reads settings of System Certificates

      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Reads security settings of Internet Explorer

      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 752)
      • 7l_hl2_setup.tmp (PID: 1812)
      • 7l_hl2_setup.tmp (PID: 3488)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Checks supported languages

      • wmpnscfg.exe (PID: 752)
      • 7l_hl2_setup.exe (PID: 3840)
      • 7l_hl2_setup.tmp (PID: 1812)
      • 7l_hl2_setup.tmp (PID: 3488)
      • 7l_hl2_setup.exe (PID: 684)
      • upt.exe (PID: 1892)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 752)
      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • The process uses the downloaded file

      • msedge.exe (PID: 3076)
      • msedge.exe (PID: 3872)
      • msedge.exe (PID: 3540)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 752)
      • Run_HL2.exe (PID: 2872)
      • Run_HL2.exe (PID: 3264)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3652)
      • msedge.exe (PID: 3540)

    • Create files in a temporary directory

      • 7l_hl2_setup.tmp (PID: 1812)
      • 7l_hl2_setup.exe (PID: 3840)
      • 7l_hl2_setup.exe (PID: 684)
      • upt.exe (PID: 1892)
      • upt.tmp (PID: 1696)

    • Creates files in the program directory

      • 7l_hl2_setup.tmp (PID: 1812)
      • Run_HL2.exe (PID: 1992)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Application launched itself

      • msedge.exe (PID: 3540)

    • Checks proxy server information

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Creates files or folders in the user directory

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Process checks are UAC notifies on

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.torrent | Torrent (trackerless) (57.6)
.torrent | Torrent (42.3)

EXIF

Torrent

Announce: udp://tracker.opentrackr.org:1337/announce
AnnounceList1: udp://tracker.opentrackr.org:1337/announce
AnnounceList2: udp://9.rarbg.com:2810/announce
AnnounceList3: udp://tracker.torrent.eu.org:451/announce
AnnounceList4: udp://opentracker.i2p.rocks:6969/announce
AnnounceList5: udp://open.stealth.si:80/announce
AnnounceList6: https://opentracker.i2p.rocks:443/announce
AnnounceList7: udp://p4p.arenabg.com:1337/announce
AnnounceList8: udp://open.demonii.com:1337/announce
AnnounceList9: udp://movies.zsw.ca:6969/announce
AnnounceList10: udp://ipv4.tracker.harry.lu:80/announce
Creator: qBittorrent v4.5.0
CreateDate: 2023:01:05 20:33:33+01:00
File1Length: 4.4 GiB
File1Path: data.bin
File2Length: 2.1 MiB
File2Path: setup.exe
Name: Half-Life 2 Complete Edition by Igruha
PieceLength: 1048576
Pieces: (Binary data 90720 bytes, use -b option to extract)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
128
Monitored processes
67
Malicious processes
11
Suspicious processes
1

Behavior graph

Click at the process to see the details
start rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 7l_hl2_setup.exe no specs 7l_hl2_setup.tmp no specs 7l_hl2_setup.exe 7l_hl2_setup.tmp no specs taskkill.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs run_hl2.exe upt.exe no specs upt.tmp no specs taskkill.exe no specs run_hl2.exe cmd.exe no specs timeout.exe no specs run_hl2.exe no specs run_hl2.exe

Process information

PID
CMD
Path
Indicators
Parent process
368"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4756 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
684"C:\Users\admin\Downloads\7l_hl2_setup.exe" /SPAWNWND=$60170 /NOTIFYWND=$60198 C:\Users\admin\Downloads\7l_hl2_setup.exe
7l_hl2_setup.tmp
User:
admin
Company:
SE7EN Solutions
Integrity Level:
HIGH
Description:
7Launcher - Half-Life 2 Setup
Exit code:
0
Version:
1.4.2
Modules
Images
c:\users\admin\downloads\7l_hl2_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
752"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
956"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4956 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1008"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4292 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5296 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1088"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3768 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1436"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1528 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1600"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2540 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
37 043
Read events
36 510
Write events
517
Delete events
16

Modification events

(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
8A1A1F2B695E2F00
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:urlstats
Value:
1
Executable files
28
Suspicious files
472
Text files
99
Unknown types
0

Dropped files

PID
Process
Filename
Type
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF168002.TMP
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF168031.TMP
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF168041.TMP
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF16808f.TMP
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:C7352A0E98449CC8AEDC1D6954C4CCD9
SHA256:3A1591F52AD31B5B0B48F97AB5E1361D0AD0FA0F584E8FE8EFD482801DC2B9B5
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\511fa6fd-c4c9-456b-a2c7-284c6623b532.tmpbinary
MD5:0AE840BAF5679EB2F8C4B3E60C66E2AB
SHA256:98E674A59F50253608BB32041283DF0AC56CC7BF4A4BA4570E31F2863B3E20FA
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF168031.TMPtext
MD5:7F169CD2570538CEC8F1F23C0814272F
SHA256:3E92388691F2F940500E93E73FAF1BB90ADB857E508C2C04A94D166F6983342D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
285
DNS requests
371
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3652
msedge.exe
GET
302
23.52.121.103:80
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=torrent%22
unknown
unknown
1992
Run_HL2.exe
GET
188.114.97.3:80
http://updater.se7enkills.net/hl2/inf.ini
unknown
unknown
3652
msedge.exe
GET
301
2.21.20.141:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=torrent%22
unknown
unknown
1992
Run_HL2.exe
GET
188.114.97.3:80
http://updater.se7enkills.net/hl2/en/
unknown
unknown
1992
Run_HL2.exe
GET
200
188.114.97.3:80
http://updater.se7enkills.net/hl2/inf.ini
unknown
text
6.99 Kb
unknown
1756
Run_HL2.exe
GET
200
188.114.97.3:80
http://updater.se7enkills.net/hl2/inf.ini
unknown
text
6.99 Kb
unknown
1992
Run_HL2.exe
GET
200
188.114.97.3:80
http://updater.se7enkills.net/hl2/upt.exe.lzma
unknown
binary
2.85 Mb
unknown
1756
Run_HL2.exe
GET
200
188.114.97.3:80
http://updater.se7enkills.net/images/7l-hl2-header.png
unknown
image
24.5 Kb
unknown
1756
Run_HL2.exe
GET
200
188.114.97.3:80
http://updater.se7enkills.net/hl2/en/
unknown
html
1.15 Kb
unknown
GET
200
188.114.97.3:80
http://updater.se7enkills.net/images/eng/tg_channel_banner-pls-cat.png
unknown
image
8.97 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3652
msedge.exe
23.52.121.103:80
go.microsoft.com
AKAMAI-AS
DE
unknown
3540
msedge.exe
239.255.255.250:1900
whitelisted
3652
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3652
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3652
msedge.exe
20.31.251.109:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3652
msedge.exe
2.21.20.141:80
shell.windows.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 23.52.121.103
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.31.251.109
whitelisted
shell.windows.com
  • 2.21.20.141
  • 2.21.20.150
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 104.126.37.128
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.186
  • 104.126.37.123
  • 104.126.37.184
  • 104.126.37.161
  • 104.126.37.160
  • 104.126.37.185
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
r.bing.com
  • 104.126.37.144
  • 104.126.37.145
  • 104.126.37.163
  • 104.126.37.161
  • 104.126.37.153
  • 104.126.37.146
  • 104.126.37.152
  • 104.126.37.171
  • 104.126.37.139
  • 104.126.37.123
  • 104.126.37.186
  • 104.126.37.128
  • 104.126.37.136
  • 104.126.37.130
  • 104.126.37.138
whitelisted
th.bing.com
  • 104.126.37.139
  • 104.126.37.130
  • 104.126.37.155
  • 104.126.37.136
  • 104.126.37.144
  • 104.126.37.123
  • 104.126.37.138
  • 104.126.37.128
  • 104.126.37.152
whitelisted
login.microsoftonline.com
  • 20.190.160.17
  • 40.126.32.68
  • 40.126.32.136
  • 40.126.32.138
  • 40.126.32.133
  • 40.126.32.74
  • 40.126.32.72
  • 20.190.160.14
whitelisted

Threats

PID
Process
Class
Message
1992
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
1756
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
1756
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
1756
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
3264
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
3264
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
3264
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Half-Life-2-Complete-Edition-by-Igruha.torrent