Malware analysis vlc-media-player-3.0.21-installer_klj-s71.exe Malicious activity

Add for printing

File name:	vlc-media-player-3.0.21-installer_klj-s71.exe
Full analysis:	https://app.any.run/tasks/4e00e7a9-f7bc-45ba-a630-39750d20ceb1
Verdict:	Malicious activity
Analysis date:	November 27, 2024, 06:53:43
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	arch-exec
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:	7FBD13A0C98811A83686A2D8927B88E7
SHA1:	01E10566E643F42FE69CE0684610250CAF968979
SHA256:	237ABB1845C4F25E93E5BDE393DDB0A248C065EAD4664981D919B24F3CB29312
SSDEEP:	98304:/pyZEg8pfJo1OE5FsI1DxqbsSLhlxIDce/Unba+O+CB3jD9hlw:Td

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 120 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 60 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Executable content was dropped or overwritten
  - vlc-media-player-3.0.21-installer_klj-s71.exe (PID: 6828)
  - OperaSetup.exe (PID: 3640)
  - setup.exe (PID: 6632)
  - setup.exe (PID: 5268)
  - setup.exe (PID: 2940)
  - setup.exe (PID: 6648)
  - setup.exe (PID: 4704)
  - vlc-media-player-3.0.21-installer.exe (PID: 6004)
  - Assistant_114.0.5282.21_Setup.exe_sfx.exe (PID: 4876)
  - installer.exe (PID: 6928)
  - assistant_installer.exe (PID: 7112)
  - installer.exe (PID: 6924)
- Application launched itself
  - setup.exe (PID: 6648)
  - setup.exe (PID: 2940)
  - assistant_installer.exe (PID: 4076)
  - installer.exe (PID: 6924)
  - assistant_installer.exe (PID: 7112)
  - opera.exe (PID: 6032)
  - assistant_installer.exe (PID: 2572)
  - browser_assistant.exe (PID: 3172)
  - opera.exe (PID: 7112)
- Starts itself from another location
  - setup.exe (PID: 6648)
- Malware-specific behavior (creating "System.dll" in Temp)
  - vlc-media-player-3.0.21-installer.exe (PID: 6004)
- Process drops legitimate windows executable
  - Assistant_114.0.5282.21_Setup.exe_sfx.exe (PID: 4876)
  - assistant_installer.exe (PID: 7112)
INFO
- Checks supported languages
  - vlc-media-player-3.0.21-installer_klj-s71.exe (PID: 6828)
- Sends debugging messages
  - vlc-media-player-3.0.21-installer_klj-s71.exe (PID: 6828)
  - assistant_installer.exe (PID: 4076)
  - vlc-cache-gen.exe (PID: 4516)
- Reads the computer name
  - vlc-media-player-3.0.21-installer_klj-s71.exe (PID: 6828)
- Reads the machine GUID from the registry
  - vlc-media-player-3.0.21-installer_klj-s71.exe (PID: 6828)
- Checks proxy server information
  - vlc-media-player-3.0.21-installer_klj-s71.exe (PID: 6828)
- Manual execution by a user
  - assistant_installer.exe (PID: 2572)
  - opera.exe (PID: 7112)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (18)
.exe	\|	Win32 Executable (generic) (2.9)
.exe	\|	Generic Win/DOS Executable (1.3)
.exe	\|	DOS Executable Generic (1.3)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:11:10 18:21:36+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.39
CodeSize:	2192384
InitializedDataSize:	2328576
UninitializedDataSize:	-
EntryPoint:	0x1cbfbc
OSVersion:	6
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	3.1.0.11107
ProductVersionNumber:	3.1.0.11107
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Softonic
FileDescription:	Softonic
FileVersion:	3.1.0.11107
LegalCopyright:	(c) Softonic
ProductName:	Softonic
ProductVersion:	3.1.0.11107

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

188

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
628	C:\Users\admin\AppData\Local\Programs\Opera\114.0.5282.222\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ff816f8f700,0x7ff816f8f710,0x7ff816f8f720	C:\Users\admin\AppData\Local\Programs\Opera\114.0.5282.222\opera_crashreporter.exe	—	opera.exe
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera crash-reporter Exit code: 0 Version: 114.0.5282.222
880	"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:aria-command-line-in-extension=on --with-feature:aria-command-line-react=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=on --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-content-phase-1=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=2448,i,5324287399657388102,1240636769150254363,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:8	C:\Users\admin\AppData\Local\Programs\Opera\opera.exe	—	opera.exe
User: admin Company: Opera Software Integrity Level: LOW Description: Opera Internet Browser Version: 114.0.5282.222
1192	"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:aria-command-line-in-extension=on --with-feature:aria-command-line-react=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=on --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-content-phase-1=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=1928,i,17705649403692052357,17467224320448203377,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:3	C:\Users\admin\AppData\Local\Programs\Opera\opera.exe	—	opera.exe
User: admin Company: Opera Software Integrity Level: HIGH Description: Opera Internet Browser Exit code: 0 Version: 114.0.5282.222
1292	"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:aria-command-line-in-extension=on --with-feature:aria-command-line-react=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=on --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-content-phase-1=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=3136,i,5324287399657388102,1240636769150254363,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:8	C:\Users\admin\AppData\Local\Programs\Opera\opera.exe	—	opera.exe
User: admin Company: Opera Software Integrity Level: LOW Description: Opera Internet Browser Version: 114.0.5282.222
1344	"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411270654211\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x6317a0,0x6317ac,0x6317b8	C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411270654211\assistant\assistant_installer.exe	—	assistant_installer.exe
User: admin Company: Opera Software Integrity Level: HIGH Description: Opera Browser Assistant Installer Exit code: 0 Version: 114.0.5282.21
1476	"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --stream	C:\Users\admin\AppData\Local\Programs\Opera\opera.exe	—	browser_assistant.exe
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Exit code: 0 Version: 114.0.5282.222
2136	"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:aria-command-line-in-extension=on --with-feature:aria-command-line-react=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=on --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-content-phase-1=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=2076,i,5324287399657388102,1240636769150254363,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3	C:\Users\admin\AppData\Local\Programs\Opera\opera.exe	—	opera.exe
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 114.0.5282.222
2324	C:\Users\admin\AppData\Local\Programs\Opera\114.0.5282.222\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x7ff816f8f700,0x7ff816f8f710,0x7ff816f8f720	C:\Users\admin\AppData\Local\Programs\Opera\114.0.5282.222\opera_crashreporter.exe	—	opera.exe
User: admin Company: Opera Software Integrity Level: HIGH Description: Opera crash-reporter Exit code: 0 Version: 114.0.5282.222
2324	"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:aria-command-line-in-extension=on --with-feature:aria-command-line-react=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=on --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-content-phase-1=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4348,i,5324287399657388102,1240636769150254363,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:1	C:\Users\admin\AppData\Local\Programs\Opera\opera.exe	—	opera.exe
User: admin Company: Opera Software Integrity Level: LOW Description: Opera Internet Browser Version: 114.0.5282.222
2380	C:\Users\admin\AppData\Local\Programs\Opera\114.0.5282.222\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.222 --initial-client-data=0x2b8,0x2bc,0x2c0,0x2b4,0x2c4,0x7ff816f8f700,0x7ff816f8f710,0x7ff816f8f720	C:\Users\admin\AppData\Local\Programs\Opera\114.0.5282.222\opera_crashreporter.exe	—	opera.exe
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera crash-reporter Version: 114.0.5282.222

Add for printing

Total events

29 008

Read events

28 010

Write events

981

Delete events

Modification events


(PID) Process:	(6828) vlc-media-player-3.0.21-installer_klj-s71.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:	write	Name:	Implementing
Value: 1C00000001000000E8070B0003001B00060036001200A901010000001E768127E028094199FEB9D127C57AFE
(PID) Process:	(6828) vlc-media-player-3.0.21-installer_klj-s71.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:	write	Name:	{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value: 0100000000000000F9B60B2E9940DB01
(PID) Process:	(6648) setup.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:	write	Name:	CachePrefix
Value:
(PID) Process:	(6648) setup.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(6648) setup.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(2940) setup.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:	write	Name:	Last Stable Install Path
Value: C:\Users\admin\AppData\Local\Programs\Opera\
(PID) Process:	(6924) installer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\FileAssociations
Operation:	write	Name:	.xhtml
Value: OperaStable
(PID) Process:	(6924) installer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\Startmenu
Operation:	write	Name:	StartMenuInternet
Value: OperaStable
(PID) Process:	(6924) installer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\UrlAssociations
Operation:	write	Name:	http
Value: OperaStable
(PID) Process:	(6924) installer.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\OperaStable\Capabilities\UrlAssociations
Operation:	write	Name:	https
Value: OperaStable

Add for printing

Executable files

407

Suspicious files

300

Text files

118

Unknown types

Dropped files

PID	Process	Filename		Type
6828	vlc-media-player-3.0.21-installer_klj-s71.exe	C:\Users\admin\Downloads\vlc-media-player-3.0.21-installer.exe		—
		MD5:—	SHA256:—
6828	vlc-media-player-3.0.21-installer_klj-s71.exe	C:\Users\admin\AppData\Local\Temp\ISV7572.tmp\OperaSetup.zip		compressed
		MD5:99609735DC804EBD40E585DEE171E12F	SHA256:5EF85AA6B3E6A701944B603104ED8B315C445ACA287BAEE9E77A471A2CA5CBFF
2940	setup.exe	C:\Users\admin\AppData\Local\Temp\Opera_installer_2411270654217172940.dll		executable
		MD5:90F1C76397815E9755E2C266F79C5A4B	SHA256:6BAE4A4046069B92479A475DA99B408A2FD767E921E43EEBE2CEEA0FA8B330C5
3640	OperaSetup.exe	C:\Users\admin\AppData\Local\Temp\7zS83E7DDA3\setup.exe		executable
		MD5:7E293EA90477B4293D42B35B9A7EEFBC	SHA256:61325BF8DB458C0F321B7D3E0A0B968313556E84CD74EF062B1AB8F4D37F1AF3
6648	setup.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419		binary
		MD5:E3893D7CC06D8874D182E658C124C54A	SHA256:BA4E92733384FEE4C812500AC4F005766C36F25640F813CC2C776559F3996290
6648	setup.exe	C:\Users\admin\AppData\Local\Temp\Opera_installer_2411270654200676648.dll		executable
		MD5:90F1C76397815E9755E2C266F79C5A4B	SHA256:6BAE4A4046069B92479A475DA99B408A2FD767E921E43EEBE2CEEA0FA8B330C5
6648	setup.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_17DD39A60A87A85D0DDEF9FD164BB3E9		der
		MD5:8FEC7912A2D8BC32AC2E2855330DE16B	SHA256:E17BF35682D1AB043881A2BA8381ED383B7766A8884368E79126735338E47FFE
6648	setup.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_17DD39A60A87A85D0DDEF9FD164BB3E9		binary
		MD5:9BE14A0C5D770EB1CC4BC073A4351CE7	SHA256:E13A9E923FC6B276A25AB7DE7414A4FCD56525BD390D64FDD213581B01E43401
6648	setup.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04		der
		MD5:4FA32206CBA80761AEE26409C2CF88FD	SHA256:C1153698091A8BF20BC0EF353CC36ADD48DBAC4D29AA0D1C462B7BDE42FB4A25
4704	setup.exe	C:\Users\admin\AppData\Local\Temp\Opera_installer_2411270654224594704.dll		executable
		MD5:90F1C76397815E9755E2C266F79C5A4B	SHA256:6BAE4A4046069B92479A475DA99B408A2FD767E921E43EEBE2CEEA0FA8B330C5

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
4712	MoUsoCoreWorker.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
4712	MoUsoCoreWorker.exe	GET	200	2.20.245.138:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
5340	svchost.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
3732	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
6376	backgroundTaskHost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	whitelisted
6648	setup.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D	unknown	—	—	whitelisted
6648	setup.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D	unknown	—	—	whitelisted
6648	setup.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAkd76%2BHl%2BdEje5x5DkdF8w%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
4712	MoUsoCoreWorker.exe	2.20.245.138:80	crl.microsoft.com	Akamai International B.V.	SE	whitelisted
4712	MoUsoCoreWorker.exe	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
5340	svchost.exe	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
5064	SearchApp.exe	2.23.209.176:443	www.bing.com	Akamai International B.V.	GB	whitelisted
—	—	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
1176	svchost.exe	20.190.159.68:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1076	svchost.exe	184.28.89.167:443	go.microsoft.com	AKAMAI-AS	US	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	4.231.128.59 51.124.78.146	whitelisted
google.com	142.250.185.206	whitelisted
crl.microsoft.com	2.20.245.138 2.20.245.137	whitelisted
www.microsoft.com	95.101.149.131	whitelisted
www.bing.com	2.23.209.176 2.23.209.179 2.23.209.161 2.23.209.158 2.23.209.149 2.23.209.150 2.23.209.160 2.23.209.156 2.23.209.177	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
login.live.com	20.190.159.68 40.126.31.71 20.190.159.64 40.126.31.73 40.126.31.69 20.190.159.71 20.190.159.73 20.190.159.2	whitelisted
go.microsoft.com	184.28.89.167	whitelisted
di7e1j5f1plfo.cloudfront.net	18.245.78.212 18.245.78.185 18.245.78.188 18.245.78.145	whitelisted
images.sftcdn.net	151.101.193.91 151.101.65.91 151.101.1.91 151.101.129.91	whitelisted

Threats

No threats detected

Add for printing

Process	Message
vlc-media-player-3.0.21-installer_klj-s71.exe	LoadingPage
vlc-media-player-3.0.21-installer_klj-s71.exe	WelcomePage
vlc-media-player-3.0.21-installer_klj-s71.exe	ProductPage
vlc-media-player-3.0.21-installer_klj-s71.exe	DownloadPageDLM
vlc-media-player-3.0.21-installer_klj-s71.exe	FinishPageDLM
assistant_installer.exe	[1127/065452.489:INFO:assistant_installer_main.cc(177)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411270654211\assistant\assistant_installer.exe" --version
vlc-cache-gen.exe	main libvlc debug: revision 3.0.21-1-0-g9c4768291e
vlc-cache-gen.exe	main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc-cache-gen.exe	main libvlc debug: configured with /builds/videolan/vlc/extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-shout' '--enable-goom' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-contrib=../contrib/i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' '--enable-qt' '--enable-skins2' '--enable-dvdread' '--enable-caca' 'host_alias=i686-w64-mingw32' 'CFLAGS= -D_WIN32_WINNT=0x0502 -DWINVER=0x502 -D__MSVCRT_VERSION__=0x700 ' 'CXXFLAGS= -D_WIN32_WINNT=0x0502 -DWINVER=0x502 -D__MSVCRT_VERSION__=0x700 ' 'PKG_CONFIG=pkg-config' 'PKG_CONFIG_LIBDIR=/usr/i686-w64-mingw32/lib/pkgconfig:/usr/lib/i686-w64-mingw32/pkgconfig'
vlc-cache-gen.exe	main libvlc debug: VLC media player - 3.0.21 Vetinari

General Info

vlc-media-player-3.0.21-installer_klj-s71.exe

7FBD13A0C98811A83686A2D8927B88E7

01E10566E643F42FE69CE0684610250CAF968979

237ABB1845C4F25E93E5BDE393DDB0A248C065EAD4664981D919B24F3CB29312

98304:/pyZEg8pfJo1OE5FsI1DxqbsSLhlxIDce/Unba+O+CB3jD9hlw:Td

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Executable content was dropped or overwritten

Application launched itself

Starts itself from another location

Malware-specific behavior (creating "System.dll" in Temp)

Process drops legitimate windows executable

INFO

Checks supported languages

Sends debugging messages

Reads the computer name

Reads the machine GUID from the registry

Checks proxy server information

Manual execution by a user

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings