File name:

vlc-media-player-3.0.21-installer_OD9oB-1.exe

Full analysis: https://app.any.run/tasks/b0e16e2f-7f0a-4c10-a926-ba9bdb8247f7
Verdict: Malicious activity
Analysis date: June 20, 2025, 19:32:54
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
arch-exec
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

DBC6840E173CFEA5198332A6380E8280

SHA1:

D6DFC15B29E9F7EC48DA7A7D975A14E9C0F84F00

SHA256:

6A8B4EA5E9DBBFE8675539021ABF69A4676BC1B1E6133B42EF45FF57A2DC43A7

SSDEEP:

98304:XLVIF8P3n1BLHxtD59KEKjSvDuj4jATdGwVNhcSrhushie4kY14bknn+smNCO:ha

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 6004)
      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 188)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • saBSI.exe (PID: 3672)
      • saBSI.exe (PID: 6348)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)
      • installer.exe (PID: 1644)
      • installer.exe (PID: 2212)

    • Reads security settings of Internet Explorer

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 6892)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • saBSI.exe (PID: 3672)
      • saBSI.exe (PID: 6348)
      • installer.exe (PID: 2212)
      • uihost.exe (PID: 1488)

    • Reads the Windows owner or organization settings

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)

    • Adds/modifies Windows certificates

      • saBSI.exe (PID: 3672)
      • servicehost.exe (PID: 5172)

    • The process verifies whether the antivirus software is installed

      • saBSI.exe (PID: 6348)
      • installer.exe (PID: 1644)
      • installer.exe (PID: 2212)
      • servicehost.exe (PID: 5172)
      • uihost.exe (PID: 1488)
      • updater.exe (PID: 1480)
      • cmd.exe (PID: 3112)

    • Executes application which crashes

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)

    • The process creates files with name similar to system file names

      • vlc-media-player-3.0.21-installer.exe (PID: 4808)
      • installer.exe (PID: 2212)

    • Creates/Modifies COM task schedule object

      • installer.exe (PID: 2212)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)

    • Creates a software uninstall entry

      • installer.exe (PID: 2212)
      • servicehost.exe (PID: 5172)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)

    • Process drops legitimate windows executable

      • installer.exe (PID: 2212)

    • Executes as Windows Service

      • servicehost.exe (PID: 5172)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • vlc-media-player-3.0.21-installer.exe (PID: 4808)

    • Reads Mozilla Firefox installation path

      • servicehost.exe (PID: 5172)
      • uihost.exe (PID: 1488)

    • There is functionality for taking screenshot (YARA)

      • vlc-media-player-3.0.21-installer.exe (PID: 4808)

    • Searches for installed software

      • updater.exe (PID: 1480)

    • Starts CMD.EXE for commands execution

      • updater.exe (PID: 1480)

    • Explorer used for Indirect Command Execution

      • explorer.exe (PID: 4460)

  • INFO

    • Checks supported languages

      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 6004)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 6892)
      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 188)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • saBSI.exe (PID: 3672)
      • saBSI.exe (PID: 6348)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)
      • installer.exe (PID: 1644)
      • installer.exe (PID: 2212)
      • servicehost.exe (PID: 5172)
      • updater.exe (PID: 1480)
      • vlc-cache-gen.exe (PID: 2492)
      • uihost.exe (PID: 1488)
      • vlc.exe (PID: 2192)

    • Reads the computer name

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 6892)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 188)
      • saBSI.exe (PID: 6348)
      • saBSI.exe (PID: 3672)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)
      • installer.exe (PID: 2212)
      • servicehost.exe (PID: 5172)
      • uihost.exe (PID: 1488)
      • updater.exe (PID: 1480)
      • vlc.exe (PID: 2192)

    • Create files in a temporary directory

      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 6004)
      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 188)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • saBSI.exe (PID: 6348)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)
      • installer.exe (PID: 2212)

    • Process checks computer location settings

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 6892)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • uihost.exe (PID: 1488)
      • servicehost.exe (PID: 5172)

    • Detects InnoSetup installer (YARA)

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 6004)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 6892)
      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 188)

    • Reads the machine GUID from the registry

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • saBSI.exe (PID: 3672)
      • saBSI.exe (PID: 6348)
      • installer.exe (PID: 2212)
      • uihost.exe (PID: 1488)
      • servicehost.exe (PID: 5172)
      • updater.exe (PID: 1480)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)
      • vlc-cache-gen.exe (PID: 2492)
      • vlc.exe (PID: 2192)

    • Checks proxy server information

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • saBSI.exe (PID: 3672)
      • saBSI.exe (PID: 6348)
      • WerFault.exe (PID: 6936)
      • WerFault.exe (PID: 2808)
      • slui.exe (PID: 5708)

    • Reads the software policy settings

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • saBSI.exe (PID: 3672)
      • saBSI.exe (PID: 6348)
      • installer.exe (PID: 2212)
      • WerFault.exe (PID: 2808)
      • WerFault.exe (PID: 6936)
      • servicehost.exe (PID: 5172)
      • uihost.exe (PID: 1488)
      • updater.exe (PID: 1480)
      • slui.exe (PID: 5708)

    • The sample compiled with english language support

      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)
      • saBSI.exe (PID: 3672)
      • saBSI.exe (PID: 6348)
      • installer.exe (PID: 1644)
      • installer.exe (PID: 2212)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)

    • Compiled with Borland Delphi (YARA)

      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 6004)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 6892)
      • vlc-media-player-3.0.21-installer_OD9oB-1.exe (PID: 188)
      • vlc-media-player-3.0.21-installer_OD9oB-1.tmp (PID: 868)

    • Creates files in the program directory

      • saBSI.exe (PID: 3672)
      • saBSI.exe (PID: 6348)
      • installer.exe (PID: 1644)
      • installer.exe (PID: 2212)
      • vlc-media-player-3.0.21-installer.exe (PID: 4808)
      • uihost.exe (PID: 1488)
      • servicehost.exe (PID: 5172)
      • vlc-cache-gen.exe (PID: 2492)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 6936)
      • WerFault.exe (PID: 2808)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 3584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:03 14:45:36+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 704512
InitializedDataSize: 162304
UninitializedDataSize: -
EntryPoint: 0xacfe0
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.41.2.9280
ProductVersionNumber: 2.41.2.9280
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Softonic International SA
FileVersion: 2.41.2.9280
LegalCopyright: ©2023 Softonic International SA
OriginalFileName:
ProductName: Softonic International SA
ProductVersion: 3.1.5.8
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
168
Monitored processes
23
Malicious processes
11
Suspicious processes
1

Behavior graph

Click at the process to see the details
start vlc-media-player-3.0.21-installer_od9ob-1.exe vlc-media-player-3.0.21-installer_od9ob-1.tmp no specs vlc-media-player-3.0.21-installer_od9ob-1.exe vlc-media-player-3.0.21-installer_od9ob-1.tmp sabsi.exe sabsi.exe slui.exe vlc-media-player-3.0.21-installer.exe installer.exe werfault.exe installer.exe werfault.exe servicehost.exe uihost.exe no specs vlc-cache-gen.exe conhost.exe no specs updater.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs explorer.exe no specs explorer.exe no specs vlc.exe

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Users\admin\AppData\Local\Temp\vlc-media-player-3.0.21-installer_OD9oB-1.exe" /SPAWNWND=$5025A /NOTIFYWND=$602BE C:\Users\admin\AppData\Local\Temp\vlc-media-player-3.0.21-installer_OD9oB-1.exe
vlc-media-player-3.0.21-installer_OD9oB-1.tmp
User:
admin
Company:
Integrity Level:
HIGH
Description:
Softonic International SA
Exit code:
3221226525
Version:
2.41.2.9280
Modules
Images
c:\users\admin\appdata\local\temp\vlc-media-player-3.0.21-installer_od9ob-1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
868"C:\Users\admin\AppData\Local\Temp\is-44A1D.tmp\vlc-media-player-3.0.21-installer_OD9oB-1.tmp" /SL5="$802C8,872750,867840,C:\Users\admin\AppData\Local\Temp\vlc-media-player-3.0.21-installer_OD9oB-1.exe" /SPAWNWND=$5025A /NOTIFYWND=$602BE C:\Users\admin\AppData\Local\Temp\is-44A1D.tmp\vlc-media-player-3.0.21-installer_OD9oB-1.tmp
vlc-media-player-3.0.21-installer_OD9oB-1.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
3221226525
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-44a1d.tmp\vlc-media-player-3.0.21-installer_od9ob-1.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1480"C:\Program Files\McAfee\WebAdvisor\updater.exe" C:\Program Files\McAfee\WebAdvisor\updater.exe
servicehost.exe
User:
SYSTEM
Company:
McAfee, LLC
Integrity Level:
SYSTEM
Description:
McAfee WebAdvisor(updater)
Exit code:
0
Version:
4,1,1,1054
Modules
Images
c:\program files\mcafee\webadvisor\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1488"C:\Program Files\McAfee\WebAdvisor\UIHost.exe" C:\Program Files\McAfee\WebAdvisor\uihost.exeservicehost.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
MEDIUM
Description:
McAfee WebAdvisor(user level process)
Version:
4,1,1,1054
Modules
Images
c:\program files\mcafee\webadvisor\uihost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1644"C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
saBSI.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\programdata\mcafee\webadvisor\sabsi\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2192"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Version:
3.0.21
Modules
Images
c:\program files (x86)\videolan\vlc\vlc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2212"C:\Program Files\McAfee\Temp637617935\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade C:\Program Files\McAfee\Temp637617935\installer.exe
installer.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
HIGH
Description:
McAfee WebAdvisor(installer)
Exit code:
0
Version:
4,1,1,1054
Modules
Images
c:\program files\mcafee\temp637617935\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\gdi32.dll
2492"C:\Program Files (x86)\VideoLAN\VLC\vlc-cache-gen.exe" C:\Program Files (x86)\VideoLAN\VLC\pluginsC:\Program Files (x86)\VideoLAN\VLC\vlc-cache-gen.exe
vlc-media-player-3.0.21-installer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
HIGH
Description:
VLC media player
Exit code:
0
Version:
3.0.21
Modules
Images
c:\program files (x86)\videolan\vlc\vlc-cache-gen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2804\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exevlc-cache-gen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2808C:\WINDOWS\SysWOW64\WerFault.exe -u -p 868 -s 1516C:\Windows\SysWOW64\WerFault.exe
vlc-media-player-3.0.21-installer_OD9oB-1.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
50 914
Read events
49 691
Write events
1 203
Delete events
20

Modification events

(PID) Process:(868) vlc-media-player-3.0.21-installer_OD9oB-1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E907060005001400130021003200AE01010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(3672) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:UUID
Value:
{610678C2-AE3C-4CA6-A943-6A3FF9D3B78A}
(PID) Process:(3672) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:InstallerFlags
Value:
1
(PID) Process:(3672) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Value:
(PID) Process:(3672) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
040000000100000010000000E94FB54871208C00DF70F708AC47085B0F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B809000000010000000C000000300A06082B060105050703031D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD91400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B53000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF860B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B4200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(3672) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
5C0000000100000004000000001000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B40B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000006200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF8653000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C01400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B1D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD909000000010000000C000000300A06082B060105050703030300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B80F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C040000000100000010000000E94FB54871208C00DF70F708AC47085B200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(6348) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:InstallationStatus
Value:
PENDING
(PID) Process:(6348) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:InstallationID
Value:
UNDEFINED
(PID) Process:(6348) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:CountryCode
Value:
DE
(PID) Process:(6348) saBSI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
Operation:writeName:NEW_USER_STATE
Value:
EXPIRED
Executable files
403
Suspicious files
388
Text files
738
Unknown types
0

Dropped files

PID
Process
Filename
Type
868vlc-media-player-3.0.21-installer_OD9oB-1.tmpC:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\is-E7CKM.tmp
MD5:
SHA256:
868vlc-media-player-3.0.21-installer_OD9oB-1.tmpC:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\is-M3983.tmp
MD5:
SHA256:
868vlc-media-player-3.0.21-installer_OD9oB-1.tmpC:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\vlc-media-player-3.0.21-installer.exe
MD5:
SHA256:
868vlc-media-player-3.0.21-installer_OD9oB-1.tmpC:\Users\admin\Downloads\vlc-media-player-3.0.21-installer.exe
MD5:
SHA256:
868vlc-media-player-3.0.21-installer_OD9oB-1.tmpC:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\100.pngimage
MD5:5FD73821F3F097D177009D88DFD33605
SHA256:A6ECCE54116936CA27D4BE9797E32BF2F3CFC7E41519A23032992970FBD9D3BA
188vlc-media-player-3.0.21-installer_OD9oB-1.exeC:\Users\admin\AppData\Local\Temp\is-44A1D.tmp\vlc-media-player-3.0.21-installer_OD9oB-1.tmpexecutable
MD5:ACB6062A00D69328422E478F697E5AF3
SHA256:600AF3214EA8BD00F414A674EBC7E67ED9333E442C347E01C2E435D453828B0D
1644installer.exeC:\Program Files\McAfee\Temp637617935\browserplugin.cab
MD5:
SHA256:
6348saBSI.exeC:\Users\admin\AppData\Local\Temp\mwa2A95.tmpexecutable
MD5:32528F494643E0E05625D5A5B8E61263
SHA256:926061FC6A92079AA227CC2E426BD5B2130501422A95E6A8984F15F05DEE2E70
868vlc-media-player-3.0.21-installer_OD9oB-1.tmpC:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\N.pngimage
MD5:1A01027365500D86730A737EB32CBF2A
SHA256:D79A97538B93179012A5EBEBDE873EDC18E30A0287953800F7AA7EA4F25724E1
868vlc-media-player-3.0.21-installer_OD9oB-1.tmpC:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\Y.pngimage
MD5:C199687E52F7393C941A143B45D78207
SHA256:0EB767424750B6F8C22AE5EBB105C5C37B3A047EED986FFA6DEBA53EFDC2142E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
42
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5504
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5504
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2292
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6936
WerFault.exe
GET
200
184.24.77.13:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6936
WerFault.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2940
svchost.exe
GET
200
69.192.161.44:80
http://x1.c.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3800
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5504
SIHClient.exe
20.12.23.50:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5504
SIHClient.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
  • 184.24.77.13
  • 184.24.77.10
  • 184.24.77.11
  • 184.24.77.33
  • 184.24.77.31
  • 184.24.77.12
  • 184.24.77.34
  • 184.24.77.35
  • 184.24.77.9
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
login.live.com
  • 20.190.159.2
  • 20.190.159.73
  • 20.190.159.130
  • 20.190.159.23
  • 40.126.31.0
  • 40.126.31.3
  • 20.190.159.75
  • 40.126.31.69
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
d20rp3wwf0n82p.cloudfront.net
  • 18.66.121.16
  • 18.66.121.8
  • 18.66.121.137
  • 18.66.121.20
whitelisted

Threats

No threats detected
Process
Message
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-DF59M.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
vlc-media-player-3.0.21-installer_OD9oB-1.exe