File name:

Half-Life-2-Complete-Edition-by-Igruha.torrent

Full analysis: https://app.any.run/tasks/bf5b4419-9754-4b4e-8ad7-1bb14e2f535d
Verdict: Malicious activity
Analysis date: November 23, 2023, 17:01:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-bittorrent
File info: BitTorrent file
MD5:

5AFD4257A727A69743757FDFC0455BB9

SHA1:

D5D9EE71303DC6D345FD446017DDEDEC269FFB6F

SHA256:

1F5994E35DD704F203836413D4AB319FB9650FCB241DC9B5A8E41CE87869DEE1

SSDEEP:

3072:q9AwNgO4Jv+aeZtVAGg/NP/lxfH0pbxwJT1K:q9BIJvje3VcHxsBxwF1K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 7l_hl2_setup.exe (PID: 3840)
      • 7l_hl2_setup.exe (PID: 684)
      • 7l_hl2_setup.tmp (PID: 1812)
      • Run_HL2.exe (PID: 1992)
      • upt.exe (PID: 1892)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1756)

  • SUSPICIOUS

    • Reads the Internet Settings

      • rundll32.exe (PID: 3484)
      • 7l_hl2_setup.tmp (PID: 1812)
      • Run_HL2.exe (PID: 1992)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Uses RUNDLL32.EXE to load library

      • msedge.exe (PID: 3540)

    • Reads the Windows owner or organization settings

      • 7l_hl2_setup.tmp (PID: 1812)
      • upt.tmp (PID: 1696)

    • Uses TASKKILL.EXE to kill process

      • 7l_hl2_setup.tmp (PID: 1812)
      • upt.tmp (PID: 1696)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • 7l_hl2_setup.tmp (PID: 1812)

    • Process requests binary or script from the Internet

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Reads Microsoft Outlook installation path

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Reads Internet Explorer settings

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Searches for installed software

      • upt.tmp (PID: 1696)

    • Changes Internet Explorer settings (feature browser emulation)

      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Starts CMD.EXE for commands execution

      • upt.tmp (PID: 1696)

    • Executing commands from a ".bat" file

      • upt.tmp (PID: 1696)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 1808)

    • Reads security settings of Internet Explorer

      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Checks Windows Trust Settings

      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Reads settings of System Certificates

      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 752)
      • 7l_hl2_setup.exe (PID: 3840)
      • 7l_hl2_setup.tmp (PID: 3488)
      • 7l_hl2_setup.exe (PID: 684)
      • 7l_hl2_setup.tmp (PID: 1812)
      • Run_HL2.exe (PID: 1992)
      • upt.exe (PID: 1892)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Reads the computer name

      • wmpnscfg.exe (PID: 752)
      • 7l_hl2_setup.tmp (PID: 3488)
      • 7l_hl2_setup.tmp (PID: 1812)
      • Run_HL2.exe (PID: 1992)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 752)
      • Run_HL2.exe (PID: 2872)
      • Run_HL2.exe (PID: 3264)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 752)
      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • The process uses the downloaded file

      • msedge.exe (PID: 3076)
      • msedge.exe (PID: 3872)
      • msedge.exe (PID: 3540)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3652)
      • msedge.exe (PID: 3540)

    • Create files in a temporary directory

      • 7l_hl2_setup.exe (PID: 3840)
      • 7l_hl2_setup.exe (PID: 684)
      • 7l_hl2_setup.tmp (PID: 1812)
      • upt.exe (PID: 1892)
      • upt.tmp (PID: 1696)

    • Application launched itself

      • msedge.exe (PID: 3540)

    • Checks proxy server information

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Creates files in the program directory

      • 7l_hl2_setup.tmp (PID: 1812)
      • Run_HL2.exe (PID: 1992)
      • upt.tmp (PID: 1696)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Process checks are UAC notifies on

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)

    • Creates files or folders in the user directory

      • Run_HL2.exe (PID: 1992)
      • Run_HL2.exe (PID: 1756)
      • Run_HL2.exe (PID: 3264)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.torrent | Torrent (trackerless) (57.6)
.torrent | Torrent (42.3)

EXIF

Torrent

Announce: udp://tracker.opentrackr.org:1337/announce
AnnounceList1: udp://tracker.opentrackr.org:1337/announce
AnnounceList2: udp://9.rarbg.com:2810/announce
AnnounceList3: udp://tracker.torrent.eu.org:451/announce
AnnounceList4: udp://opentracker.i2p.rocks:6969/announce
AnnounceList5: udp://open.stealth.si:80/announce
AnnounceList6: https://opentracker.i2p.rocks:443/announce
AnnounceList7: udp://p4p.arenabg.com:1337/announce
AnnounceList8: udp://open.demonii.com:1337/announce
AnnounceList9: udp://movies.zsw.ca:6969/announce
AnnounceList10: udp://ipv4.tracker.harry.lu:80/announce
Creator: qBittorrent v4.5.0
CreateDate: 2023:01:05 20:33:33+01:00
File1Length: 4.4 GiB
File1Path: data.bin
File2Length: 2.1 MiB
File2Path: setup.exe
Name: Half-Life 2 Complete Edition by Igruha
PieceLength: 1048576
Pieces: (Binary data 90720 bytes, use -b option to extract)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
128
Monitored processes
67
Malicious processes
11
Suspicious processes
1

Behavior graph

Click at the process to see the details
start rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 7l_hl2_setup.exe no specs 7l_hl2_setup.tmp no specs 7l_hl2_setup.exe 7l_hl2_setup.tmp no specs taskkill.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs run_hl2.exe upt.exe no specs upt.tmp no specs taskkill.exe no specs run_hl2.exe cmd.exe no specs timeout.exe no specs run_hl2.exe no specs run_hl2.exe

Process information

PID
CMD
Path
Indicators
Parent process
368"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4756 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
684"C:\Users\admin\Downloads\7l_hl2_setup.exe" /SPAWNWND=$60170 /NOTIFYWND=$60198 C:\Users\admin\Downloads\7l_hl2_setup.exe
7l_hl2_setup.tmp
User:
admin
Company:
SE7EN Solutions
Integrity Level:
HIGH
Description:
7Launcher - Half-Life 2 Setup
Exit code:
0
Version:
1.4.2
Modules
Images
c:\users\admin\downloads\7l_hl2_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
752"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
956"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4956 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1008"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4292 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5296 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1088"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3768 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1436"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1528 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1600"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2540 --field-trial-handle=1336,i,17595957416057663997,15285266225171805642,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
37 043
Read events
36 510
Write events
517
Delete events
16

Modification events

(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
8A1A1F2B695E2F00
(PID) Process:(3540) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
1
(PID) Process:(3540) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:urlstats
Value:
1
Executable files
28
Suspicious files
472
Text files
99
Unknown types
0

Dropped files

PID
Process
Filename
Type
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF168002.TMP
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF168031.TMP
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF168041.TMP
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF16808f.TMP
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:C7352A0E98449CC8AEDC1D6954C4CCD9
SHA256:3A1591F52AD31B5B0B48F97AB5E1361D0AD0FA0F584E8FE8EFD482801DC2B9B5
2896msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:C612E96CBFAC63232FC2062E15600FB1
SHA256:DB3C05D5EC0B6719A73E7F0BE84BCE9342772DA70567E7CE08CF6573480B38FF
3540msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\511fa6fd-c4c9-456b-a2c7-284c6623b532.tmpbinary
MD5:0AE840BAF5679EB2F8C4B3E60C66E2AB
SHA256:98E674A59F50253608BB32041283DF0AC56CC7BF4A4BA4570E31F2863B3E20FA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
285
DNS requests
371
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3652
msedge.exe
GET
302
23.52.121.103:80
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=torrent%22
unknown
unknown
3652
msedge.exe
GET
301
2.21.20.141:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=torrent%22
unknown
unknown
1756
Run_HL2.exe
GET
200
188.114.97.3:80
http://updater.se7enkills.net/hl2/en/
unknown
html
1.15 Kb
unknown
1992
Run_HL2.exe
GET
188.114.97.3:80
http://updater.se7enkills.net/hl2/inf.ini
unknown
unknown
1992
Run_HL2.exe
GET
200
188.114.97.3:80
http://updater.se7enkills.net/hl2/inf.ini
unknown
text
6.99 Kb
unknown
1756
Run_HL2.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
1756
Run_HL2.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQChuVoVf7HVAxLxWCb2kXo7
unknown
binary
472 b
unknown
1756
Run_HL2.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEDBPk217SOCuEsxRjJqpuUQ%3D
unknown
binary
471 b
unknown
1756
Run_HL2.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
1756
Run_HL2.exe
GET
200
188.114.97.3:80
http://updater.se7enkills.net/tools/aria2/aria2c.exe.lzma
unknown
binary
1.84 Mb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3652
msedge.exe
23.52.121.103:80
go.microsoft.com
AKAMAI-AS
DE
unknown
3540
msedge.exe
239.255.255.250:1900
whitelisted
3652
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3652
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3652
msedge.exe
20.31.251.109:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3652
msedge.exe
2.21.20.141:80
shell.windows.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 23.52.121.103
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.31.251.109
whitelisted
shell.windows.com
  • 2.21.20.141
  • 2.21.20.150
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 104.126.37.128
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.186
  • 104.126.37.123
  • 104.126.37.184
  • 104.126.37.161
  • 104.126.37.160
  • 104.126.37.185
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
r.bing.com
  • 104.126.37.144
  • 104.126.37.145
  • 104.126.37.163
  • 104.126.37.161
  • 104.126.37.153
  • 104.126.37.146
  • 104.126.37.152
  • 104.126.37.171
  • 104.126.37.139
  • 104.126.37.123
  • 104.126.37.186
  • 104.126.37.128
  • 104.126.37.136
  • 104.126.37.130
  • 104.126.37.138
whitelisted
th.bing.com
  • 104.126.37.139
  • 104.126.37.130
  • 104.126.37.155
  • 104.126.37.136
  • 104.126.37.144
  • 104.126.37.123
  • 104.126.37.138
  • 104.126.37.128
  • 104.126.37.152
whitelisted
login.microsoftonline.com
  • 20.190.160.17
  • 40.126.32.68
  • 40.126.32.136
  • 40.126.32.138
  • 40.126.32.133
  • 40.126.32.74
  • 40.126.32.72
  • 20.190.160.14
whitelisted

Threats

PID
Process
Class
Message
1992
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
1756
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
1756
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
1756
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
3264
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
3264
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
3264
Run_HL2.exe
Potential Corporate Privacy Violation
AV POLICY User-Agent (Launcher)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Half-Life-2-Complete-Edition-by-Igruha.torrent