File name:

7l_csgo_setup.exe

Full analysis: https://app.any.run/tasks/d5a19620-42ec-4301-8ffc-f7672518a765
Verdict: Malicious activity
Analysis date: October 07, 2018, 18:21:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

BAEAB5B542F393EC21AC59FE324DE4D6

SHA1:

9A5857CDCC33BC19394AB067191AC5E115C2468D

SHA256:

AA60761EA3E570F11EFF22586CC64486317113EE1F1639995318635A59383CB6

SSDEEP:

49152:DIO5n8/fK5CbQ195KIqx2sQRvJxDszuGzZ0dd2:P5n865CskIyTZzuIIo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Run_CSGO.exe (PID: 2080)
      • Run_CSGO.exe (PID: 2524)
      • Run_CSGO.exe (PID: 2112)
      • steamcmd.exe (PID: 3972)
      • steamcmd.exe (PID: 2244)
      • steamcmd.exe (PID: 3576)
      • steamerrorreporter.exe (PID: 2372)

    • Changes settings of System certificates

      • Run_CSGO.exe (PID: 2080)

    • Loads dropped or rewritten executable

      • steamerrorreporter.exe (PID: 2372)
      • steamcmd.exe (PID: 3576)
      • steamcmd.exe (PID: 2244)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 7l_csgo_setup.exe (PID: 2456)
      • 7l_csgo_setup.exe (PID: 2528)
      • 7l_csgo_setup.tmp (PID: 1480)
      • Run_CSGO.exe (PID: 2080)
      • steamcmd.exe (PID: 2244)
      • steamcmd.exe (PID: 3972)

    • Reads Windows owner settings

      • 7l_csgo_setup.tmp (PID: 1480)

    • Reads the Windows organization settings

      • 7l_csgo_setup.tmp (PID: 1480)

    • Uses TASKKILL.EXE to kill process

      • 7l_csgo_setup.tmp (PID: 1480)

    • Modifies the open verb of a shell class

      • Run_CSGO.exe (PID: 2080)

    • Creates files in the program directory

      • steamcmd.exe (PID: 3972)
      • Run_CSGO.exe (PID: 2080)
      • steamcmd.exe (PID: 2244)
      • steamcmd.exe (PID: 3576)

    • Reads internet explorer settings

      • Run_CSGO.exe (PID: 2080)

    • Adds / modifies Windows certificates

      • Run_CSGO.exe (PID: 2080)

    • Application launched itself

      • steamcmd.exe (PID: 2244)

    • Creates files in the user directory

      • Run_CSGO.exe (PID: 2080)

  • INFO

    • Application was dropped or rewritten from another process

      • 7l_csgo_setup.tmp (PID: 1480)
      • 7l_csgo_setup.tmp (PID: 2724)

    • Creates files in the program directory

      • 7l_csgo_setup.tmp (PID: 1480)

    • Creates a software uninstall entry

      • 7l_csgo_setup.tmp (PID: 1480)

    • Reads settings of System Certificates

      • steamcmd.exe (PID: 3576)

    • Dropped object may contain Bitcoin addresses

      • steamcmd.exe (PID: 3576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:06:14 15:27:46+02:00
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 240640
UninitializedDataSize: -
EntryPoint: 0x1181c
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: SE7EN Solutions
FileDescription: 7Launcher CSGO Setup
FileVersion: 1.3.2.1
LegalCopyright: SE7EN Solutions
ProductName: 7Launcher CSGO
ProductVersion: 1.3.2.1

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 14-Jun-2018 13:27:46
Detected languages:
  • English - United States
Comments: This installation was built with Inno Setup.
CompanyName: SE7EN Solutions
FileDescription: 7Launcher CSGO Setup
FileVersion: 1.3.2.1
LegalCopyright: SE7EN Solutions
ProductName: 7Launcher CSGO
ProductVersion: 1.3.2.1

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0050
Pages in file: 0x0002
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x000F
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x001A
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000100

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 8
Time date stamp: 14-Jun-2018 13:27:46
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_BYTES_REVERSED_HI
  • IMAGE_FILE_BYTES_REVERSED_LO
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x0000F25C
0x0000F400
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.37588
.itext
0x00011000
0x00000FA4
0x00001000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
5.77877
.data
0x00012000
0x00000C8C
0x00000E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.30283
.bss
0x00013000
0x000056BC
0x00000000
IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.idata
0x00019000
0x00000E04
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.59781
.tls
0x0001A000
0x00000008
0x00000000
IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.rdata
0x0001B000
0x00000018
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
0.204488
.rsrc
0x0001C000
0x00038BA0
0x00038C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.63241

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.13965
1580
Latin 1 / Western European
English - United States
RT_MANIFEST
2
3.12523
296
Latin 1 / Western European
English - United States
RT_ICON
3
4.62274
3752
Latin 1 / Western European
English - United States
RT_ICON
4
5.20856
2216
Latin 1 / Western European
English - United States
RT_ICON
5
5.15926
1384
Latin 1 / Western European
English - United States
RT_ICON
6
7.96266
34169
Latin 1 / Western European
English - United States
RT_ICON
7
2.84385
67624
Latin 1 / Western European
English - United States
RT_ICON
8
2.99808
38056
Latin 1 / Western European
English - United States
RT_ICON
9
3.32309
16936
Latin 1 / Western European
English - United States
RT_ICON
10
3.55573
9640
Latin 1 / Western European
English - United States
RT_ICON

Imports

advapi32.dll
comctl32.dll
kernel32.dll
oleaut32.dll
user32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
55
Monitored processes
13
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start 7l_csgo_setup.exe 7l_csgo_setup.tmp no specs 7l_csgo_setup.exe 7l_csgo_setup.tmp taskkill.exe no specs taskkill.exe no specs run_csgo.exe run_csgo.exe no specs run_csgo.exe steamcmd.exe steamcmd.exe steamerrorreporter.exe steamcmd.exe

Process information

PID
CMD
Path
Indicators
Parent process
1480"C:\Users\admin\AppData\Local\Temp\is-HNGS3.tmp\7l_csgo_setup.tmp" /SL5="$2401FC,1589876,308224,C:\Users\admin\AppData\Local\Temp\7l_csgo_setup.exe" /SPAWNWND=$2F0210 /NOTIFYWND=$2D0202 C:\Users\admin\AppData\Local\Temp\is-HNGS3.tmp\7l_csgo_setup.tmp
7l_csgo_setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-hngs3.tmp\7l_csgo_setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1508"taskkill.exe" /f /im "Run_CSGO.exe"C:\Windows\system32\taskkill.exe7l_csgo_setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
2080"C:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exe" - forceupdate forcesteamcmdC:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exe
7l_csgo_setup.tmp
User:
admin
Company:
SE7EN Solutions
Integrity Level:
HIGH
Description:
Run_CSGO
Exit code:
0
Version:
1.3.2.1
Modules
Images
c:\program files\counter-strike global offensive\run_csgo.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2112"C:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exe" C:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exe
explorer.exe
User:
admin
Company:
SE7EN Solutions
Integrity Level:
HIGH
Description:
Run_CSGO
Exit code:
0
Version:
1.3.2.1
Modules
Images
c:\program files\counter-strike global offensive\run_csgo.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2116"taskkill.exe" /f /im "Run_CSGO.exe"C:\Windows\system32\taskkill.exe7l_csgo_setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
2244"C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\steamcmd\steamcmd.exe" "+login" "anonymous" "+force_install_dir" "C:\Program Files\Counter-Strike Global Offensive" "+app_update" "740" "validate" "+quit" C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\steamcmd\steamcmd.exe
steamcmd.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
HIGH
Description:
Steam Client Bootstrapper
Exit code:
0
Version:
04.62.99.22
Modules
Images
c:\program files\counter-strike global offensive\7launcher\tools\steamcmd\steamcmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2372C:\Program Files\Counter-Strike Global Offensive\7launcheC:\Program Files\Counter-Strike Global Offensive\7launcher\tools\steamcmd\steamerrorreporter.exe
steamcmd.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
HIGH
Description:
steamerrorreporter.exe
Exit code:
0
Version:
04.62.99.22
Modules
Images
c:\program files\counter-strike global offensive\7launcher\tools\steamcmd\steamerrorreporter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\counter-strike global offensive\7launcher\tools\steamcmd\tier0_s.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2456"C:\Users\admin\AppData\Local\Temp\7l_csgo_setup.exe" C:\Users\admin\AppData\Local\Temp\7l_csgo_setup.exe
explorer.exe
User:
admin
Company:
SE7EN Solutions
Integrity Level:
MEDIUM
Description:
7Launcher CSGO Setup
Exit code:
0
Version:
1.3.2.1
Modules
Images
c:\users\admin\appdata\local\temp\7l_csgo_setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2524"C:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exe" C:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exeexplorer.exe
User:
admin
Company:
SE7EN Solutions
Integrity Level:
MEDIUM
Description:
Run_CSGO
Exit code:
3221226540
Version:
1.3.2.1
Modules
Images
c:\program files\counter-strike global offensive\run_csgo.exe
c:\systemroot\system32\ntdll.dll
2528"C:\Users\admin\AppData\Local\Temp\7l_csgo_setup.exe" /SPAWNWND=$2F0210 /NOTIFYWND=$2D0202 C:\Users\admin\AppData\Local\Temp\7l_csgo_setup.exe
7l_csgo_setup.tmp
User:
admin
Company:
SE7EN Solutions
Integrity Level:
HIGH
Description:
7Launcher CSGO Setup
Exit code:
0
Version:
1.3.2.1
Modules
Images
c:\users\admin\appdata\local\temp\7l_csgo_setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
812
Read events
715
Write events
91
Delete events
6

Modification events

(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
C80500008A7560B06A5ED401
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
BB0AF5C5C1017492CCCE6C6641DCE9928D48EE771A48EAEA471C0BDC5930D0A8
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exe
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
8FE69520A8C01A8819E62AD6C7567A94C1F3F7DF765AEB4BCB163B3D56C37BC6
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\SE7EN\7Launcher CSGO
Operation:writeName:InstallDir
Value:
C:\Program Files\Counter-Strike Global Offensive
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\SE7EN\7Launcher CSGO
Operation:writeName:GameEXE
Value:
C:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exe
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7l_csgo_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.6.1 (u)
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7l_csgo_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Counter-Strike Global Offensive
(PID) Process:(1480) 7l_csgo_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7l_csgo_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Counter-Strike Global Offensive\
Executable files
57
Suspicious files
52
Text files
693
Unknown types
247

Dropped files

PID
Process
Filename
Type
14807l_csgo_setup.tmpC:\Program Files\Counter-Strike Global Offensive\is-5OEHB.tmp
MD5:
SHA256:
14807l_csgo_setup.tmpC:\Program Files\Counter-Strike Global Offensive\platform\is-SR9PC.tmp
MD5:
SHA256:
14807l_csgo_setup.tmpC:\Program Files\Counter-Strike Global Offensive\is-18IKR.tmp
MD5:
SHA256:
14807l_csgo_setup.tmpC:\Program Files\Counter-Strike Global Offensive\platform\is-K19UD.tmp
MD5:
SHA256:
2080Run_CSGO.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@se7enkills[1].txt
MD5:
SHA256:
2080Run_CSGO.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@yandex[1].txt
MD5:
SHA256:
14807l_csgo_setup.tmpC:\Program Files\Counter-Strike Global Offensive\platform\csgo_icon.icoimage
MD5:
SHA256:
14807l_csgo_setup.tmpC:\Program Files\Counter-Strike Global Offensive\Run_CSGO.exeexecutable
MD5:
SHA256:
24567l_csgo_setup.exeC:\Users\admin\AppData\Local\Temp\is-5BMIJ.tmp\7l_csgo_setup.tmpexecutable
MD5:
SHA256:
14807l_csgo_setup.tmpC:\Program Files\Counter-Strike Global Offensive\unins000.exeexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
774
TCP/UDP connections
173
DNS requests
17
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3972
steamcmd.exe
GET
302
162.254.197.91:80
http://client-download.steampowered.com/client/steam_cmd_win32
DE
whitelisted
3972
steamcmd.exe
GET
200
205.185.216.10:80
http://media2.steampowered.com/client/steamcmd_bins_win32.zip.16eecf4312b74c5f1df3820a8f4501ad91dfea67
US
binary
6.71 Mb
whitelisted
2080
Run_CSGO.exe
GET
200
51.255.119.149:80
http://updater.se7enkills.net/csgo/inf.ini
FR
text
529 b
whitelisted
2080
Run_CSGO.exe
GET
200
104.109.65.17:80
http://api.steampowered.com/ISteamApps/UpToDateCheck/v1?appid=730&version=1.36.5.5&format=json
NL
text
74 b
suspicious
2080
Run_CSGO.exe
GET
200
51.255.119.149:80
http://updater.se7enkills.net/csgo/inf.ini
FR
text
529 b
whitelisted
3972
steamcmd.exe
GET
200
205.185.216.10:80
http://media2.steampowered.com/client/steamcmd_win32.zip.155fa64ee20d61958f49ac0b813d9a6d00f8f82d
US
binary
1.26 Mb
whitelisted
3972
steamcmd.exe
GET
200
205.185.216.10:80
http://media2.steampowered.com/client/steamcmd_public_all.zip.1c99cc45a51dcb09c8a862ee8d7ed71d216f0c38
US
binary
64.6 Kb
whitelisted
3972
steamcmd.exe
GET
200
205.185.216.10:80
http://media2.steampowered.com/client/steamcmd_steamservice_win32.zip.087deda0c773b01df25ea91b1241575240c34a1f
US
binary
1.69 Mb
whitelisted
3972
steamcmd.exe
GET
200
205.185.216.10:80
http://media2.steampowered.com/client/steam_cmd_win32?1532464134
US
text
2.18 Kb
whitelisted
2080
Run_CSGO.exe
GET
200
51.255.119.149:80
http://updater.se7enkills.net/images/telegram-cannel.png
FR
image
22.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3576
steamcmd.exe
162.254.192.109:27019
Valve Corporation
US
unknown
2080
Run_CSGO.exe
51.255.119.149:80
updater.se7enkills.net
OVH SAS
FR
suspicious
2080
Run_CSGO.exe
104.109.65.17:80
api.steampowered.com
Akamai International B.V.
NL
whitelisted
2080
Run_CSGO.exe
77.88.21.119:443
mc.yandex.ru
YANDEX LLC
RU
whitelisted
3972
steamcmd.exe
162.254.197.91:80
client-download.steampowered.com
Valve Corporation
DE
unknown
3972
steamcmd.exe
205.185.216.10:80
media2.steampowered.com
Highwinds Network Group, Inc.
US
whitelisted
2244
steamcmd.exe
2.16.186.59:80
media4.steampowered.com
Akamai International B.V.
whitelisted
2244
steamcmd.exe
162.254.197.91:80
client-download.steampowered.com
Valve Corporation
DE
unknown
3576
steamcmd.exe
162.254.197.91:80
client-download.steampowered.com
Valve Corporation
DE
unknown
162.254.192.109:27018
Valve Corporation
US
unknown

DNS requests

Domain
IP
Reputation
updater.se7enkills.net
  • 51.255.119.149
whitelisted
api.steampowered.com
  • 104.109.65.17
suspicious
mc.yandex.ru
  • 77.88.21.119
  • 87.250.251.119
  • 87.250.250.119
  • 93.158.134.119
whitelisted
client-download.steampowered.com
  • 162.254.197.91
  • 162.254.197.82
  • 162.254.197.31
  • 162.254.197.108
  • 162.254.197.17
  • 162.254.197.97
  • 162.254.197.93
  • 162.254.197.107
whitelisted
media2.steampowered.com
  • 205.185.216.10
  • 205.185.216.42
whitelisted
media4.steampowered.com
  • 2.16.186.59
  • 2.16.186.64
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
clientconfig.akamai.steamstatic.com
  • 2.16.186.82
  • 2.16.186.83
whitelisted
valve300.steamcontent.com
  • 162.254.192.2
unknown
valve307.steamcontent.com
  • 162.254.192.37
unknown

Threats

PID
Process
Class
Message
A Network Trojan was detected
ET POLICY User-Agent (Launcher)
A Network Trojan was detected
ET POLICY User-Agent (Launcher)
A Network Trojan was detected
ET POLICY User-Agent (Launcher)
A Network Trojan was detected
ET POLICY User-Agent (Launcher)
A Network Trojan was detected
ET POLICY User-Agent (Launcher)
A Network Trojan was detected
ET POLICY User-Agent (Launcher)
A Network Trojan was detected
ET POLICY User-Agent (Launcher)
Process
Message
steamcmd.exe
C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\steamcmd\crashhandler.dll
steamcmd.exe
steamcmd.exe
C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\steamcmd\steamerrorreporter.exe
steamcmd.exe
steamcmd.exe
C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\steamcmd\steamerrorreporter.exe
steamcmd.exe
steamcmd.exe
Starting minidump reporter process
steamerrorreporter.exe
SteamErrorReporter process started
steamcmd.exe
C:\Program Files\Counter-Strike Global Offensive\7launcher\tools\steamcmd\crashhandler.dll
steamcmd.exe
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
7l_csgo_setup.exe