File name:

xxx.m3u

Full analysis: https://app.any.run/tasks/1014fcee-daa2-428d-8522-96aa9ee57f7d
Verdict: Malicious activity
Analysis date: December 04, 2023, 01:59:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: M3U playlist, ASCII text
MD5:

AE4BBD9D2AD88F54E142F996B9E6F395

SHA1:

4420178B18EBEBB4C6B9AB213D73AA9F09E0E187

SHA256:

77B997B07DE233EDFDFF136C6A5C3971256B0B086EC5E027C1D1C266A399962D

SSDEEP:

192:NwAj/TY5A0k9NdxLFNoMnE0uJFZXHGDp+gTldjN6jC6ruh7uu5e8JY+C18PFRNym:NwAj/TY5AB9NdxLFNoMnE0uJFdHGDp+k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • vlc.exe (PID: 2412)

  • INFO

    • Checks supported languages

      • vlc.exe (PID: 2412)
      • wmpnscfg.exe (PID: 3592)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3592)
      • vlc.exe (PID: 2412)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.m3u | Extended M3U playlist (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vlc.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2412"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Temp\xxx.m3u"C:\Program Files\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Exit code:
3221225547
Version:
3.0.11
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3592"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
29 888
Read events
29 884
Write events
4
Delete events
0

Modification events

(PID) Process:(2412) vlc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(2412) vlc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
vlc.exe
Executable files
35
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.initext
MD5:664DA43659C7CDFCE41791047717D760
SHA256:5E8F427FA2949AEDECEECA83C0E89FDEEB8F0E7516363E88774B678090A774DA
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Ya2412text
MD5:90CDDD1ABF61E7E28B7F84DF4D46ACD4
SHA256:42095F8E5DCEAB5BEF3574D4656D5D8BB557BDD8765455DF5ED03D7C1AD0E6C4
2412vlc.exe
MD5:
SHA256:
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Nl2412text
MD5:C25D90CA3B484719A301846C7EEFB0C2
SHA256:9EAF4B444F65046CCFC64C106E7F2592832B8EC84DC94CB66B0B6CF050C3792A
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.em2412text
MD5:A9BA7099CA60A542255619B8AD10896D
SHA256:91684251DF08430E7B535DD12F7A35D0870398A2723EF68E289BF27F09C42C9B
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Uh2412ini
MD5:9604B95AA54C9081684A30308A26C37F
SHA256:6C358D95306D90A22EA28CF597EBEFCB6AAAE90225EF71A4AD6B2348A10F0F76
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Hp2412text
MD5:664DA43659C7CDFCE41791047717D760
SHA256:5E8F427FA2949AEDECEECA83C0E89FDEEB8F0E7516363E88774B678090A774DA
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.locktext
MD5:327C93211904FE9EB21B611111DA45ED
SHA256:E5A817536480B0AF2B99B563F6109D7A5DB80584D0CDA545FF295A0DF1F31464
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.gq2412text
MD5:07C072E421303426054E56A0BDABF342
SHA256:C669BCE2D6DB2959B8EE09D6C134C8AE663F31DD50D0AFB67B51231C91F73222
2412vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.cr2412text
MD5:8FA5A11B658363B55053A2A36C57FEEC
SHA256:D112AF54C75B5A0DC0B69AF892984C6789DBD0B9BD3353B77DC634FDC87798D1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
40
DNS requests
4
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown
2588
svchost.exe
239.255.255.250:1900
whitelisted
2412
vlc.exe
108.181.123.199:443
cdn.adultiptv.net
TELUS Communications
CA
unknown
2412
vlc.exe
108.181.123.11:443
cdn.adultiptv.net
TELUS Communications
CA
unknown
2412
vlc.exe
68.233.238.167:443
59ec5453559f0.streamlock.net
HVC-AS
US
unknown
2412
vlc.exe
64.18.131.133:443
cdn-main.lolokoko.tv
AS-DZ-14037
US
unknown

DNS requests

Domain
IP
Reputation
cdn.adultiptv.net
  • 108.181.123.199
  • 108.181.123.11
unknown
59ec5453559f0.streamlock.net
  • 68.233.238.167
unknown
cdn-main.lolokoko.tv
  • 64.18.131.133
unknown

Threats

No threats detected
Process
Message
vlc.exe
main libvlc debug: revision 3.0.11-0-gdc0c5ced72
vlc.exe
main libvlc debug: VLC media player - 3.0.11 Vetinari
vlc.exe
main libvlc debug: Copyright © 1996-2020 the VideoLAN team
vlc.exe
main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
vlc.exe
main libvlc debug: using multimedia timers as clock source
vlc.exe
main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc.exe
main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
vlc.exe
main libvlc debug: searching plug-in modules
vlc.exe
main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
vlc.exe
main libvlc debug: plug-ins loaded: 494 modules
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
xxx.m3u