File name:

L4d2_Updater.exe

Full analysis: https://app.any.run/tasks/653689b6-5e56-4073-89cd-981a7e1684ab
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 29, 2024, 20:58:16
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

604B8AC3E6FB92B93051FF87A978AF7E

SHA1:

68019746ED263ADADFE021C47279C5DCCF89D214

SHA256:

C68A188F29ACB65ED880A4741E1DAD13FDCBCFC4C8CE5F770AC6AE6F44A792AB

SSDEEP:

49152:QpcGanD49hlHyBe378y5Pc5w/kpW613B9pLA20L2ufr/ltHQuGNlbMYaJF3ebNt8:0e49hlHeelPc5wC7p79m/srYF3CLP8pF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.exe (PID: 4920)

    • Starts itself from another location

      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.new.exe (PID: 1344)

    • There is functionality for taking screenshot (YARA)

      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.exe (PID: 4920)

    • Executable content was dropped or overwritten

      • L4d2_Updater.new.exe (PID: 1344)
      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.exe (PID: 4920)

    • Process requests binary or script from the Internet

      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.exe (PID: 4920)

    • Reads Microsoft Outlook installation path

      • L4d2_Updater.exe (PID: 4920)

    • Potential Corporate Privacy Violation

      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.exe (PID: 4920)

    • Reads Internet Explorer settings

      • L4d2_Updater.exe (PID: 4920)

  • INFO

    • Checks supported languages

      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.new.exe (PID: 1344)
      • L4d2_Updater.exe (PID: 4920)

    • Checks proxy server information

      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.exe (PID: 4920)

    • Reads the computer name

      • L4d2_Updater.exe (PID: 7124)
      • L4d2_Updater.exe (PID: 4920)

    • Creates files or folders in the user directory

      • L4d2_Updater.exe (PID: 4920)

    • Application launched itself

      • msedge.exe (PID: 2328)
      • msedge.exe (PID: 2092)

    • Manual execution by a user

      • msedge.exe (PID: 2092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (37.4)
.scr | Windows screen saver (34.5)
.exe | Win32 Executable (generic) (11.9)
.exe | Win16/32 Executable Delphi generic (5.4)
.exe | Generic Win/DOS Executable (5.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:09:20 01:18:12+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, No debug, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 836608
InitializedDataSize: 918528
UninitializedDataSize: -
EntryPoint: 0xcdd08
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
45
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start THREAT l4d2_updater.exe l4d2_updater.new.exe THREAT l4d2_updater.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs l4d2_updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4812 --field-trial-handle=2332,i,157476806075690546,17669028696142576293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4812 --field-trial-handle=2332,i,157476806075690546,17669028696142576293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6604 --field-trial-handle=2332,i,157476806075690546,17669028696142576293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Users\admin\Desktop\L4d2_Updater.new.exe" /update "C:\Users\admin\Desktop\L4d2_Updater.exe"C:\Users\admin\Desktop\L4d2_Updater.new.exe
L4d2_Updater.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\l4d2_updater.new.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2032"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5548 --field-trial-handle=2332,i,157476806075690546,17669028696142576293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2092"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument http://bruss.org.ru/viewforum.php?f=26C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bruss.org.ru/viewforum.php?f=26C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeL4d2_Updater.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2424"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5940 --field-trial-handle=2332,i,157476806075690546,17669028696142576293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2480"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5532 --field-trial-handle=2332,i,157476806075690546,17669028696142576293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2480"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6496 --field-trial-handle=2332,i,157476806075690546,17669028696142576293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
6 694
Read events
6 616
Write events
76
Delete events
2

Modification events

(PID) Process:(7124) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\L2j Community Network\LameUpdater\{6239AB80-423AB204-9794E351-0069B322-34218001}
Operation:writeName:HomeDir
Value:
C:\Users\admin\Desktop\
(PID) Process:(7124) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
(PID) Process:(7124) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFeedsInitialSelection
Value:
(PID) Process:(4920) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\L2j Community Network\LameUpdater\{6239AB80-423AB204-9794E351-0069B322-34218001}
Operation:writeName:HomeDir
Value:
C:\Users\admin\Desktop\
(PID) Process:(4920) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4920) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4920) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4920) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch
Operation:writeName:Version
Value:
WS not running
(PID) Process:(4920) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:DisableFirstRunCustomize
Value:
1
(PID) Process:(4920) L4d2_Updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
Executable files
20
Suspicious files
146
Text files
118
Unknown types
0

Dropped files

PID
Process
Filename
Type
7124L4d2_Updater.exeC:\Users\admin\Desktop\L4d2_Updater.new.exeexecutable
MD5:604B8AC3E6FB92B93051FF87A978AF7E
SHA256:C68A188F29ACB65ED880A4741E1DAD13FDCBCFC4C8CE5F770AC6AE6F44A792AB
1344L4d2_Updater.new.exeC:\Users\admin\Desktop\L4d2_Updater.exeexecutable
MD5:604B8AC3E6FB92B93051FF87A978AF7E
SHA256:C68A188F29ACB65ED880A4741E1DAD13FDCBCFC4C8CE5F770AC6AE6F44A792AB
4920L4d2_Updater.exeC:\Users\admin\Desktop\left4dead2\cfg\autoexec.cfg.lzma.partbinary
MD5:2863DC1428357712CEBF9E5067254566
SHA256:1C751840B6A224271295BE1C71E967A2777BE861E7FC6DEE253C3C0F3B1AAE96
4920L4d2_Updater.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\en[1].gifimage
MD5:F1597D7C48B1C58DC17676C8249C3D35
SHA256:1E837BAA74D386FBC1B2A6D6863CB0EE380B87E2471DCF3C8D56AEDA81139BAC
4920L4d2_Updater.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\box_bullet[1].pngimage
MD5:9FC71ABF0164BF99063262256768D03C
SHA256:780F042FB380F110020A72F2A24C44AA9B4AA0FE72087F71E692A3E467F01A6E
4920L4d2_Updater.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\update[1].htmhtml
MD5:AE46CC6748254D34F041F8F975BD6988
SHA256:887A1BE14A38119C369CBB71EF601A2C96CA5592001023BA4DB559A6987B4528
4920L4d2_Updater.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\background[1].htmhtml
MD5:B55F9E6C75934181D4D4DA9D1D610FD0
SHA256:E2E2377D92E1B437CD476FD3E8341E1DDE74D50403D746910DC17F25B8188322
4920L4d2_Updater.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\style[1].csstext
MD5:49F4CDDB187B0F411A817F07632A57C6
SHA256:9D92EBFEE4694624F2042CD96D54CC9EE9B03A9931933C1336D1EA995A37C28E
4920L4d2_Updater.exeC:\Users\admin\Desktop\left4dead2\cfg\autoexec.lamenewtext
MD5:87B88DBA6E092EFD191C33E6AE5D40ED
SHA256:2BFEF187812F7B3FACD8904E2E0946321F5204D553683214B8D1011B3B6B7F9D
4920L4d2_Updater.exeC:\Users\admin\Desktop\left4dead2\cfg\autoexec.cfg.lzmabinary
MD5:2863DC1428357712CEBF9E5067254566
SHA256:1C751840B6A224271295BE1C71E967A2777BE861E7FC6DEE253C3C0F3B1AAE96
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
153
TCP/UDP connections
113
DNS requests
57
Threats
41

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6588
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7124
L4d2_Updater.exe
GET
200
79.164.76.165:80
http://update.bruss.org.ru/l4d2/options.xml
unknown
malicious
7124
L4d2_Updater.exe
GET
200
79.164.76.165:80
http://update.bruss.org.ru/l4d2/L4d2%5FUpdater.exe
unknown
malicious
4920
L4d2_Updater.exe
GET
79.164.76.165:80
http://update.bruss.org.ru/l4d2/L4d2%5FUpdater.exe
unknown
malicious
4920
L4d2_Updater.exe
GET
200
79.164.76.165:80
http://update.bruss.org.ru/l4d2/options.xml
unknown
malicious
4920
L4d2_Updater.exe
GET
200
79.164.76.165:80
http://update.bruss.org.ru/l4d2/update.html
unknown
unknown
4920
L4d2_Updater.exe
GET
200
79.164.76.165:80
http://update.bruss.org.ru/l4d2/patchlist.xml
unknown
malicious
4920
L4d2_Updater.exe
GET
200
79.164.76.165:80
http://update.bruss.org.ru/l4d2/style/style.css
unknown
malicious
4920
L4d2_Updater.exe
GET
200
79.164.76.165:80
http://update.bruss.org.ru/l4d2/style/en.gif
unknown
malicious
4920
L4d2_Updater.exe
GET
200
79.164.76.165:80
http://update.bruss.org.ru/l4d2/left4dead2/cfg/autoexec.cfg.lzma
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6588
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7124
L4d2_Updater.exe
79.164.76.165:80
update.bruss.org.ru
Central Telegraph Public Joint-stock Company
RU
malicious
6588
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
6588
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4920
L4d2_Updater.exe
79.164.76.165:80
update.bruss.org.ru
Central Telegraph Public Joint-stock Company
RU
malicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.110
whitelisted
update.bruss.org.ru
  • 79.164.76.165
malicious
www.microsoft.com
  • 95.101.149.131
whitelisted
bruss.org.ru
  • 79.164.76.165
malicious
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
bzib.nelreports.net
  • 2.19.126.152
  • 2.19.126.145
whitelisted

Threats

PID
Process
Class
Message
7124
L4d2_Updater.exe
A Network Trojan was detected
ET MALWARE Trojan Related Lame Updater User-Agent
A Network Trojan was detected
ET MALWARE Trojan Related Lame Updater User-Agent
7124
L4d2_Updater.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4920
L4d2_Updater.exe
A Network Trojan was detected
ET MALWARE Trojan Related Lame Updater User-Agent
4920
L4d2_Updater.exe
A Network Trojan was detected
ET MALWARE Trojan Related Lame Updater User-Agent
4920
L4d2_Updater.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4920
L4d2_Updater.exe
A Network Trojan was detected
ET MALWARE Trojan Related Lame Updater User-Agent
4920
L4d2_Updater.exe
A Network Trojan was detected
ET MALWARE Trojan Related Lame Updater User-Agent
4920
L4d2_Updater.exe
A Network Trojan was detected
ET MALWARE Trojan Related Lame Updater User-Agent
4920
L4d2_Updater.exe
A Network Trojan was detected
ET MALWARE Trojan Related Lame Updater User-Agent
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
L4d2_Updater.exe