| File name: | updater_beta.exe |
| Full analysis: | https://app.any.run/tasks/3b10e9ac-5ffb-4b76-8301-046740e0c7ab |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | May 16, 2025, 14:11:02 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections |
| MD5: | 4AC5A9796E153B190E70E2F51E49A131 |
| SHA1: | 9C4AF8945EAC90449DD54A965EAA427924252FAE |
| SHA256: | 5530BE4592507773E6CA5EF13160973824C8DCFF7F4CB4F97B5B508A336C8727 |
| SSDEEP: | 98304:6yJBmMLx2jvfxtxwKzvNXF0NhYkPzCQ4kJ7cjxRhJ9K/B/pnQx+OnuQJFpNKnZz1:bv |
MALICIOUS
Steals credentials from Web Browsers
- updater_beta.exe (PID: 1512)
Actions looks like stealing of personal data
- updater_beta.exe (PID: 1512)
- MailRuUpdater.exe (PID: 6980)
Executing a file with an untrusted certificate
- MailRuUpdater.exe (PID: 1040)
- MailRuUpdater.exe (PID: 6980)
Changes the autorun value in the registry
- MailRuUpdater.exe (PID: 1040)
- f95c-c50e-422c-0456 (PID: 3008)
SUSPICIOUS
Starts application with an unusual extension
- updater_beta.exe (PID: 1512)
Executable content was dropped or overwritten
- updater_beta.exe (PID: 1512)
- f95c-c50e-422c-0456 (PID: 3008)
- MailRuUpdater.exe (PID: 1040)
Searches for installed software
- MailRuUpdater.exe (PID: 1040)
Creates a software uninstall entry
- MailRuUpdater.exe (PID: 1040)
Starts itself from another location
- MailRuUpdater.exe (PID: 1040)
- f95c-c50e-422c-0456 (PID: 3008)
INFO
The sample compiled with english language support
- updater_beta.exe (PID: 1512)
- f95c-c50e-422c-0456 (PID: 3008)
- MailRuUpdater.exe (PID: 1040)
Reads the computer name
- updater_beta.exe (PID: 1512)
- mrupdsrv.exe (PID: 5756)
- MailRuUpdater.exe (PID: 1040)
- MailRuUpdater.exe (PID: 6980)
- f95c-c50e-422c-0456 (PID: 3008)
Checks supported languages
- updater_beta.exe (PID: 1512)
- f95c-c50e-422c-0456 (PID: 3008)
- mrupdsrv.exe (PID: 5756)
- MailRuUpdater.exe (PID: 1040)
- MailRuUpdater.exe (PID: 6980)
Creates files in the program directory
- updater_beta.exe (PID: 1512)
Reads the machine GUID from the registry
- updater_beta.exe (PID: 1512)
- MailRuUpdater.exe (PID: 6980)
Reads the software policy settings
- updater_beta.exe (PID: 1512)
- mrupdsrv.exe (PID: 5756)
- MailRuUpdater.exe (PID: 6980)
Process checks whether UAC notifications are on
- updater_beta.exe (PID: 1512)
- mrupdsrv.exe (PID: 5756)
- MailRuUpdater.exe (PID: 1040)
- MailRuUpdater.exe (PID: 6980)
Creates files or folders in the user directory
- updater_beta.exe (PID: 1512)
- f95c-c50e-422c-0456 (PID: 3008)
- MailRuUpdater.exe (PID: 1040)
- mrupdsrv.exe (PID: 5756)
Create files in a temporary directory
- updater_beta.exe (PID: 1512)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 EXE PECompact compressed (generic) (53.4) |
|---|---|---|
| .exe | | | Win64 Executable (generic) (35.5) |
| .exe | | | Win32 Executable (generic) (5.8) |
| .exe | | | Generic Win/DOS Executable (2.5) |
| .exe | | | DOS Executable Generic (2.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:02:27 16:45:17+00:00 |
| ImageFileCharacteristics: | Executable, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 14.12 |
| CodeSize: | 2716160 |
| InitializedDataSize: | 819200 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x14369d |
| OSVersion: | 5.1 |
| ImageVersion: | - |
| SubsystemVersion: | 5.1 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 5.1.0.195 |
| ProductVersionNumber: | 5.1.0.195 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Dynamic link library |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| CompanyName: | Mail.Ru |
| FileDescription: | Mail.Ru updater |
| FileVersion: | 5.1.0.195 |
| InternalName: | MailRuUpdater |
| LegalCopyright: | Copyright 2015 |
| OriginalFileName: | MailRuUpdater.exe |
| ProductName: | MailRuUpdater |
| ProductVersion: | 5.1.0.195 |
| Comments: | - |
Total processes
131
Monitored processes
7
Malicious processes
3
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1040 | "C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004_d\MailRuUpdater.exe" --update-installation | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004_d\MailRuUpdater.exe | updater_beta.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
| 1512 | "C:\Users\admin\AppData\Local\Temp\updater_beta.exe" | C:\Users\admin\AppData\Local\Temp\updater_beta.exe | explorer.exe | ||||||||||||
User: admin Company: Mail.Ru Integrity Level: MEDIUM Description: Mail.Ru updater Exit code: 0 Version: 5.1.0.195 Modules
| |||||||||||||||
| 3008 | "C:\Users\admin\AppData\Local\Temp\f95c-c50e-422c-0456" --install | C:\Users\admin\AppData\Local\Temp\f95c-c50e-422c-0456 | updater_beta.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
| 5112 | C:\WINDOWS\system32\SppExtComObj.exe -Embedding | C:\Windows\System32\SppExtComObj.Exe | — | svchost.exe | |||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: KMS Connection Broker Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 5680 | "C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent | C:\Windows\System32\slui.exe | — | SppExtComObj.Exe | |||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows Activation Client Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 5756 | "C:\Users\admin\AppData\Local\Mail.Ru\Update Service\mrupdsrv.exe" --u | C:\Users\admin\AppData\Local\Mail.Ru\Update Service\mrupdsrv.exe | f95c-c50e-422c-0456 | ||||||||||||
User: admin Company: Mail.Ru Integrity Level: MEDIUM Description: Mail.Ru Update Service Version: 3.12.0.10 Modules
| |||||||||||||||
| 6980 | "C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe" | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe | MailRuUpdater.exe | ||||||||||||
User: admin Company: Mail.Ru Integrity Level: MEDIUM Description: Mail.Ru updater Version: 5.2.0.13 Modules
| |||||||||||||||
Total events
1 871
Read events
1 852
Write events
17
Delete events
2
Modification events
| (PID) Process: | (1512) updater_beta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Mail.Ru\IE_Bar\Settings |
| Operation: | write | Name: | GUID |
Value: {64FE5829-027E-4038-9855-8A619DA6A16D} | |||
| (PID) Process: | (1512) updater_beta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mail.Ru\Tech |
| Operation: | write | Name: | UserID |
Value: {1AD5695B-E537-44FF-B5CD-A084655611B0} | |||
| (PID) Process: | (1512) updater_beta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mail.Ru |
| Operation: | delete value | Name: | SicSettings |
Value: | |||
| (PID) Process: | (1512) updater_beta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mail.Ru\Tech\ptls\{2AB1F4AB-E3FA-4047-9033-EC223C8354F5} |
| Operation: | write | Name: | finished_time |
Value: 8147276800000000 | |||
| (PID) Process: | (1512) updater_beta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mail.Ru\Tech\ptls\{84DC8324-C256-4EF5-B0DC-383B43EE77E9}\ready_items |
| Operation: | write | Name: | waiter |
Value: 1 | |||
| (PID) Process: | (1512) updater_beta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mail.Ru\Tech\ptls\{84DC8324-C256-4EF5-B0DC-383B43EE77E9} |
| Operation: | write | Name: | finished_time |
Value: 8347276800000000 | |||
| (PID) Process: | (1512) updater_beta.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mail.Ru\Tech\ptls\{FC604959-8A01-4E8B-A3E5-87CEEBD6FEDB} |
| Operation: | write | Name: | finished_time |
Value: 8347276800000000 | |||
| (PID) Process: | (6980) MailRuUpdater.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Software\Mail.Ru\IE_Bar\Settings |
| Operation: | write | Name: | GUID |
Value: {64FE5829-027E-4038-9855-8A619DA6A16D} | |||
| (PID) Process: | (6980) MailRuUpdater.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Mail.Ru |
| Operation: | delete value | Name: | SicSettings |
Value: | |||
| (PID) Process: | (3008) f95c-c50e-422c-0456 | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| Operation: | write | Name: | mrupdsrv |
Value: "C:\Users\admin\AppData\Local\Mail.Ru\Update Service\mrupdsrv.exe" --u | |||
Executable files
5
Suspicious files
4
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1512 | updater_beta.exe | C:\ProgramData\Mail.Ru\ifrm | binary | |
MD5:29297C9D63A5BB5A058E3EC4CBA77E46 | SHA256:547CFEF5C704DF902FE4372B52B9AADE71131D8D66B3AB9082603F3D99C22F64 | |||
| 1512 | updater_beta.exe | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\prodmon | binary | |
MD5:12B06DDB5F347D8CE0E85AEC2A626259 | SHA256:431D80649569DEBCFF8942D67B8188BDB6FF3CF05D9468CCD96C9E7530CE2DD4 | |||
| 1512 | updater_beta.exe | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004_d\MailRuUpdater.exe | executable | |
MD5:FDB8415567C0748A3BD4FFB9AC783CB7 | SHA256:92025C595D1A8E503AED2725EF9E64EF4EA919307C2694FFD564993EE4B64D43 | |||
| 1512 | updater_beta.exe | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004 | binary | |
MD5:6703DBB3A0C7BA3F152BAA6F9A1AD3F2 | SHA256:C0EABD584BD675B7D0A098880D0ACD55FAC6D620443532D767F623384EAE9D35 | |||
| 3008 | f95c-c50e-422c-0456 | C:\Users\admin\AppData\Local\Mail.Ru\Update Service\mrupdsrv.exe | executable | |
MD5:602CD1F0DD54E83DE1413705AA378803 | SHA256:8EEEF659D4D3E827474B4C769436807EAFEDF58DC923054338CB5385DC8D3998 | |||
| 1512 | updater_beta.exe | C:\Users\admin\AppData\Local\Temp\f95c-c50e-422c-0456 | executable | |
MD5:602CD1F0DD54E83DE1413705AA378803 | SHA256:8EEEF659D4D3E827474B4C769436807EAFEDF58DC923054338CB5385DC8D3998 | |||
| 1040 | MailRuUpdater.exe | C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe | executable | |
MD5:FDB8415567C0748A3BD4FFB9AC783CB7 | SHA256:92025C595D1A8E503AED2725EF9E64EF4EA919307C2694FFD564993EE4B64D43 | |||
| 1512 | updater_beta.exe | C:\Users\admin\AppData\Local\Temp\3ba3-8135-ac2d-da1d | executable | |
MD5:FDB8415567C0748A3BD4FFB9AC783CB7 | SHA256:92025C595D1A8E503AED2725EF9E64EF4EA919307C2694FFD564993EE4B64D43 | |||
| 5756 | mrupdsrv.exe | C:\Users\admin\AppData\Local\Mail.Ru\Update Service\us\46c6c11738 | binary | |
MD5:8B74F32D93C6236882242C62A5209CDC | SHA256:02ED64B95368DE3AE65D1F86F2A63D7C6DFC821466CDB97F61F3E1C4E184D005 | |||
| 1512 | updater_beta.exe | C:\ProgramData\Mail.Ru\Id | text | |
MD5:E9D1617858B70226EB5C7CA690FBF48C | SHA256:F53017A5C421BA65C12E8383B3CB433CE523A61A8E59C8B33D17CB26C931CB1B | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
44
DNS requests
19
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1512 | updater_beta.exe | GET | 204 | 95.163.50.150:80 | http://mrds.mail.ru/update/2/version.txt?type=mru_online&tool=mrupdater&masterid=%7B723F393A-DBEA-42FD-AEF7-0791754AC190%7D&user_id=%7B1AD5695B-E537-44FF-B5CD-A084655611B0%7D&osver=10&osbit=64&osvernum=10.0&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=0&comp_mem=4090&tool_mem=9&elapsed_time=0&mr_service=0&os=win10.0&install_id=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&GUID=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D | unknown | — | — | whitelisted |
1512 | updater_beta.exe | GET | 204 | 95.163.50.150:80 | http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B901B414B-72A2-48C6-8DCD-29388B8B3E40%7D&done=1&masterid=%7B723F393A-DBEA-42FD-AEF7-0791754AC190%7D&user_id=%7B1AD5695B-E537-44FF-B5CD-A084655611B0%7D&osver=10&osbit=64&osvernum=10.0&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=0&comp_mem=4090&tool_mem=13&elapsed_time=1&mr_service=0&os=win10.0&install_id=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&GUID=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&tool=mrupdater | unknown | — | — | whitelisted |
— | — | GET | 200 | 2.16.164.120:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1512 | updater_beta.exe | GET | 204 | 95.163.50.150:80 | http://mrds.mail.ru/update/2/version.txt?type=mruinfo&last_ch=40164141&ie_hp=about&ie_dse=www.bing.com&ie_ver=11.00.19041.1&masterid=%7B723F393A-DBEA-42FD-AEF7-0791754AC190%7D&user_id=%7B1AD5695B-E537-44FF-B5CD-A084655611B0%7D&osver=10&osbit=64&osvernum=10.0&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=0&comp_mem=4090&tool_mem=14&elapsed_time=1&mr_service=0&os=win10.0&install_id=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&GUID=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&tool=mrupdater | unknown | — | — | whitelisted |
— | — | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
1512 | updater_beta.exe | GET | 204 | 95.163.50.150:80 | http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B2AB1F4AB-E3FA-4047-9033-EC223C8354F5%7D&done=1&masterid=%7B723F393A-DBEA-42FD-AEF7-0791754AC190%7D&user_id=%7B1AD5695B-E537-44FF-B5CD-A084655611B0%7D&osver=10&osbit=64&osvernum=10.0&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=0&comp_mem=4090&tool_mem=14&elapsed_time=1&mr_service=0&os=win10.0&install_id=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&GUID=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&tool=mrupdater | unknown | — | — | whitelisted |
1512 | updater_beta.exe | GET | 204 | 95.163.50.150:80 | http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=smon&masterid=%7B723F393A-DBEA-42FD-AEF7-0791754AC190%7D&user_id=%7B1AD5695B-E537-44FF-B5CD-A084655611B0%7D&osver=10&osbit=64&osvernum=10.0&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=0&comp_mem=4090&tool_mem=17&elapsed_time=2&mr_service=0&os=win10.0&install_id=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&GUID=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&tool=mrupdater | unknown | — | — | whitelisted |
1512 | updater_beta.exe | GET | 204 | 95.163.50.150:80 | http://mrds.mail.ru/update/2/version.txt?type=mru_iapp&id=waiter&event=done&masterid=%7B723F393A-DBEA-42FD-AEF7-0791754AC190%7D&user_id=%7B1AD5695B-E537-44FF-B5CD-A084655611B0%7D&osver=10&osbit=64&osvernum=10.0&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=4090&tool_mem=17&elapsed_time=3&mr_service=0&os=win10.0&install_id=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&GUID=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&tool=mrupdater | unknown | — | — | whitelisted |
5756 | mrupdsrv.exe | GET | 204 | 95.163.50.150:80 | http://mrds.mail.ru/update/2/version.txt?type=waiter_online&masterid=%7B723F393A-DBEA-42FD-AEF7-0791754AC190%7D&user_id=%7B1AD5695B-E537-44FF-B5CD-A084655611B0%7D&osver=8&osbit=64&osvernum=6.2&uac=1&admin=1&ver=3.12.0.10&mailru_guard=0&mailru_updater=1&comp_mem=4090&tool_mem=9&elapsed_time=0&mr_service=0&os=win10.0&GUID=&install_id=&tool=waiter | unknown | — | — | whitelisted |
1040 | MailRuUpdater.exe | GET | 204 | 95.163.50.150:80 | http://mrds.mail.ru/update/2/version.txt?type=mru_install&ovr=0&masterid=%7B723F393A-DBEA-42FD-AEF7-0791754AC190%7D&user_id=%7B1AD5695B-E537-44FF-B5CD-A084655611B0%7D&osver=10&osbit=64&osvernum=10.0&uac=1&admin=1&ver=5.2.0.13&mailru_guard=0&mailru_updater=1&comp_mem=4090&tool_mem=9&elapsed_time=0&mr_service=0&os=win10.0&install_id=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&GUID=%7B64FE5829-027E-4038-9855-8A619DA6A16D%7D&tool=mrupdater | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 2.16.164.120:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
— | — | 95.101.149.131:80 | www.microsoft.com | Akamai International B.V. | NL | whitelisted |
1512 | updater_beta.exe | 95.163.50.150:80 | binupdate.mail.ru | LLC VK | RU | whitelisted |
1512 | updater_beta.exe | 95.163.50.150:443 | binupdate.mail.ru | LLC VK | RU | whitelisted |
1512 | updater_beta.exe | 95.163.50.149:443 | xmlbinupdate.mail.ru | LLC VK | RU | whitelisted |
1512 | updater_beta.exe | 5.181.61.0:443 | mailruupdater.cdnmail.ru | LLC VK | RU | malicious |
5756 | mrupdsrv.exe | 95.163.50.150:443 | binupdate.mail.ru | LLC VK | RU | whitelisted |
5756 | mrupdsrv.exe | 95.163.50.150:80 | binupdate.mail.ru | LLC VK | RU | whitelisted |
5756 | mrupdsrv.exe | 95.163.50.149:80 | xmlbinupdate.mail.ru | LLC VK | RU | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
binupdate.mail.ru |
| whitelisted |
mrds.mail.ru |
| whitelisted |
xmlbinupdate.mail.ru |
| whitelisted |
mailruupdater.cdnmail.ru |
| malicious |
xml.binupdate.mail.ru |
| whitelisted |
client.wns.windows.com |
| whitelisted |