URL:

https://www.mediaplayercodecpack.com/files/media.player.codec.pack.v4.5.9.setup.exe

Full analysis: https://app.any.run/tasks/9997e2d7-78b7-4196-8109-7768e61fe944
Verdict: Malicious activity
Analysis date: January 06, 2024, 21:40:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1300B9474528F0542E1ECBFF0FDE451C

SHA1:

3A028920A0EA4879B37915D598B3CE985B258FC7

SHA256:

897AA07CE91D6064FE1E02923F12357E57839E050A12A9C1D721732A17521134

SSDEEP:

3:N8DSLwvpW2LK96ELV43hvkUcjRQaA:2OLwk2w6h31BctQaA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Create files in the Startup directory

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

  • SUSPICIOUS

    • Reads the Internet Settings

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)
      • RegAsm.exe (PID: 3368)
      • mpc-hc.exe (PID: 3072)

    • Reads settings of System Certificates

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • The process creates files with name similar to system file names

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)
      • CodecSettings.exe (PID: 2532)

    • Starts application with an unusual extension

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Changes default file association

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Creates a software uninstall entry

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Searches for installed software

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2044)
      • msedge.exe (PID: 2672)

    • Checks supported languages

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)
      • nsC0D7.tmp (PID: 2804)
      • nsC145.tmp (PID: 568)
      • nsC222.tmp (PID: 3188)
      • nsC1B4.tmp (PID: 1556)
      • SetACL.exe (PID: 3232)
      • nsC2A0.tmp (PID: 3292)
      • nsC30F.tmp (PID: 2076)
      • SetACL.exe (PID: 3328)
      • nsBFDB.tmp (PID: 876)
      • nsC059.tmp (PID: 2052)
      • SetACL.exe (PID: 2452)
      • SetACL.exe (PID: 2112)
      • nsC3EB.tmp (PID: 3440)
      • nsC4D8.tmp (PID: 3644)
      • SetACL.exe (PID: 3500)
      • nsC45A.tmp (PID: 3672)
      • SetACL.exe (PID: 3380)
      • nsC5B4.tmp (PID: 840)
      • nsC546.tmp (PID: 2108)
      • SetACL.exe (PID: 3860)
      • nsC632.tmp (PID: 3816)
      • nsC6B0.tmp (PID: 3844)
      • nsC37D.tmp (PID: 3452)
      • RegAsm.exe (PID: 3368)
      • SetACL.exe (PID: 2620)
      • TrayMenu.exe (PID: 2528)
      • nsDF3B.tmp (PID: 1932)
      • SetACL.exe (PID: 3136)
      • SetACL.exe (PID: 4036)
      • nsE027.tmp (PID: 1824)
      • SetACL.exe (PID: 1820)
      • nsE0A5.tmp (PID: 3872)
      • nsE113.tmp (PID: 2868)
      • SetACL.exe (PID: 3568)
      • SetACL.exe (PID: 3920)
      • nsE182.tmp (PID: 3968)
      • SetACL.exe (PID: 3944)
      • nsE1F0.tmp (PID: 3572)
      • SetACL.exe (PID: 3824)
      • nsDFB9.tmp (PID: 2664)
      • nsE26E.tmp (PID: 956)
      • SetACL.exe (PID: 2952)
      • nsE2DD.tmp (PID: 1608)
      • SetACL.exe (PID: 560)
      • nsE35B.tmp (PID: 1588)
      • SetACL.exe (PID: 844)
      • nsE437.tmp (PID: 2448)
      • SetACL.exe (PID: 2480)
      • nsE3C9.tmp (PID: 1848)
      • SetACL.exe (PID: 1936)
      • SetACL.exe (PID: 3148)
      • nsE4B5.tmp (PID: 2152)
      • nsE533.tmp (PID: 1408)
      • SetACL.exe (PID: 3084)
      • nsE5B1.tmp (PID: 3312)
      • SetACL.exe (PID: 3076)
      • nsE620.tmp (PID: 900)
      • SetACL.exe (PID: 2972)
      • nsE68E.tmp (PID: 3052)
      • nsE76B.tmp (PID: 452)
      • SetACL.exe (PID: 1384)
      • nsE6FC.tmp (PID: 3252)
      • SetACL.exe (PID: 3284)
      • nsE7E9.tmp (PID: 2912)
      • SetACL.exe (PID: 996)
      • nsE8C6.tmp (PID: 2520)
      • SetACL.exe (PID: 2368)
      • nsE857.tmp (PID: 2852)
      • SetACL.exe (PID: 2572)
      • SetACL.exe (PID: 1812)
      • nsE934.tmp (PID: 2644)
      • SetACL.exe (PID: 2888)
      • nsE9A2.tmp (PID: 2592)
      • SetACL.exe (PID: 2404)
      • SetACL.exe (PID: 2428)
      • nsEA11.tmp (PID: 1860)
      • SetACL.exe (PID: 2788)
      • nsEA8F.tmp (PID: 2688)
      • nsEAFD.tmp (PID: 680)
      • SetACL.exe (PID: 3808)
      • nsEB6B.tmp (PID: 1556)
      • nsECB7.tmp (PID: 3648)
      • nsEC48.tmp (PID: 3540)
      • SetACL.exe (PID: 2032)
      • SetACL.exe (PID: 2204)
      • SetACL.exe (PID: 3828)
      • SetACL.exe (PID: 3696)
      • nsEDA3.tmp (PID: 1168)
      • nsED35.tmp (PID: 3708)
      • SetACL.exe (PID: 3700)
      • nsEE11.tmp (PID: 3896)
      • SetACL.exe (PID: 332)
      • SetACL.exe (PID: 1628)
      • nsEBDA.tmp (PID: 3232)
      • SetACL.exe (PID: 4044)
      • nsEEFE.tmp (PID: 1976)
      • SetACL.exe (PID: 3036)
      • nsEF6C.tmp (PID: 3980)
      • nsEFDA.tmp (PID: 3368)
      • SetACL.exe (PID: 2692)
      • nsF058.tmp (PID: 2544)
      • nsF0C7.tmp (PID: 2944)
      • SetACL.exe (PID: 4060)
      • SetACL.exe (PID: 1792)
      • nsF135.tmp (PID: 1784)
      • nsEE80.tmp (PID: 3864)
      • SetACL.exe (PID: 840)
      • nsF1B3.tmp (PID: 948)
      • SetACL.exe (PID: 3352)
      • nsF222.tmp (PID: 3932)
      • SetACL.exe (PID: 3008)
      • SetACL.exe (PID: 4000)
      • nsF2A0.tmp (PID: 1548)
      • nsF31E.tmp (PID: 3624)
      • nsF38C.tmp (PID: 696)
      • SetACL.exe (PID: 3004)
      • nsF3FA.tmp (PID: 1504)
      • SetACL.exe (PID: 3344)
      • SetACL.exe (PID: 3936)
      • SetACL.exe (PID: 3032)
      • nsF469.tmp (PID: 1596)
      • nsF555.tmp (PID: 4012)
      • SetACL.exe (PID: 3108)
      • nsF5C3.tmp (PID: 2164)
      • mpc-hc.exe (PID: 3072)
      • SetACL.exe (PID: 1732)
      • nsF4E7.tmp (PID: 2128)
      • SetACL.exe (PID: 2296)
      • SetACL.exe (PID: 2764)
      • CodecSettings.exe (PID: 2532)

    • Reads the computer name

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)
      • SetACL.exe (PID: 2452)
      • SetACL.exe (PID: 2112)
      • SetACL.exe (PID: 3232)
      • SetACL.exe (PID: 3328)
      • SetACL.exe (PID: 3500)
      • SetACL.exe (PID: 3380)
      • SetACL.exe (PID: 3860)
      • RegAsm.exe (PID: 3368)
      • SetACL.exe (PID: 3136)
      • SetACL.exe (PID: 4036)
      • SetACL.exe (PID: 3944)
      • SetACL.exe (PID: 1820)
      • SetACL.exe (PID: 3568)
      • SetACL.exe (PID: 3920)
      • SetACL.exe (PID: 3824)
      • SetACL.exe (PID: 2620)
      • SetACL.exe (PID: 2952)
      • SetACL.exe (PID: 560)
      • SetACL.exe (PID: 844)
      • SetACL.exe (PID: 2480)
      • SetACL.exe (PID: 1936)
      • SetACL.exe (PID: 3148)
      • SetACL.exe (PID: 3084)
      • SetACL.exe (PID: 3076)
      • SetACL.exe (PID: 1384)
      • SetACL.exe (PID: 2972)
      • SetACL.exe (PID: 996)
      • SetACL.exe (PID: 3284)
      • SetACL.exe (PID: 2572)
      • SetACL.exe (PID: 2368)
      • SetACL.exe (PID: 2428)
      • SetACL.exe (PID: 2404)
      • SetACL.exe (PID: 3808)
      • SetACL.exe (PID: 2788)
      • SetACL.exe (PID: 1628)
      • SetACL.exe (PID: 1812)
      • SetACL.exe (PID: 2888)
      • SetACL.exe (PID: 2032)
      • SetACL.exe (PID: 2204)
      • SetACL.exe (PID: 3696)
      • SetACL.exe (PID: 3700)
      • SetACL.exe (PID: 3828)
      • SetACL.exe (PID: 332)
      • SetACL.exe (PID: 840)
      • SetACL.exe (PID: 3036)
      • SetACL.exe (PID: 4044)
      • SetACL.exe (PID: 4060)
      • SetACL.exe (PID: 2692)
      • SetACL.exe (PID: 1792)
      • SetACL.exe (PID: 3004)
      • SetACL.exe (PID: 3936)
      • SetACL.exe (PID: 4000)
      • SetACL.exe (PID: 3008)
      • SetACL.exe (PID: 3352)
      • SetACL.exe (PID: 1732)
      • SetACL.exe (PID: 3344)
      • SetACL.exe (PID: 3032)
      • SetACL.exe (PID: 2296)
      • SetACL.exe (PID: 2764)
      • mpc-hc.exe (PID: 3072)
      • SetACL.exe (PID: 3108)
      • CodecSettings.exe (PID: 2532)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)
      • CodecSettings.exe (PID: 2532)

    • Reads the machine GUID from the registry

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)
      • RegAsm.exe (PID: 3368)
      • mpc-hc.exe (PID: 3072)

    • Create files in a temporary directory

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)
      • CodecSettings.exe (PID: 2532)

    • The process uses the downloaded file

      • iexplore.exe (PID: 2044)
      • msedge.exe (PID: 2348)
      • msedge.exe (PID: 2672)

    • Reads Environment values

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 296)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 1536)
      • msedge.exe (PID: 2672)
      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)
      • CodecSettings.exe (PID: 2532)

    • Manual execution by a user

      • msedge.exe (PID: 2672)
      • explorer.exe (PID: 2592)
      • mpc-hc.exe (PID: 3072)
      • CodecSettings.exe (PID: 2532)

    • The process drops C-runtime libraries

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Reads CPU info

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Process drops legitimate windows executable

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Creates files in the program directory

      • media.player.codec.pack.v4.5.9.setup.exe (PID: 3748)

    • Checks proxy server information

      • mpc-hc.exe (PID: 3072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
273
Monitored processes
159
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe media.player.codec.pack.v4.5.9.setup.exe no specs media.player.codec.pack.v4.5.9.setup.exe explorer.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs media.player.codec.pack.v4.5.9.setup.exe no specs media.player.codec.pack.v4.5.9.setup.exe nsbfdb.tmp no specs nsc059.tmp no specs setacl.exe no specs nsc0d7.tmp no specs nsc145.tmp no specs setacl.exe no specs nsc1b4.tmp no specs nsc222.tmp no specs setacl.exe no specs nsc2a0.tmp no specs nsc30f.tmp no specs setacl.exe no specs nsc37d.tmp no specs nsc3eb.tmp no specs setacl.exe no specs nsc45a.tmp no specs nsc4d8.tmp no specs setacl.exe no specs nsc546.tmp no specs nsc5b4.tmp no specs setacl.exe no specs nsc632.tmp no specs nsc6b0.tmp no specs setacl.exe no specs regasm.exe no specs traymenu.exe no specs nsdf3b.tmp no specs setacl.exe no specs nsdfb9.tmp no specs setacl.exe no specs nse027.tmp no specs setacl.exe no specs nse0a5.tmp no specs setacl.exe no specs nse113.tmp no specs setacl.exe no specs nse182.tmp no specs setacl.exe no specs nse1f0.tmp no specs setacl.exe no specs nse26e.tmp no specs setacl.exe no specs nse2dd.tmp no specs setacl.exe no specs nse35b.tmp no specs setacl.exe no specs nse3c9.tmp no specs setacl.exe no specs nse437.tmp no specs setacl.exe no specs nse4b5.tmp no specs setacl.exe no specs nse533.tmp no specs setacl.exe no specs nse5b1.tmp no specs setacl.exe no specs nse620.tmp no specs setacl.exe no specs nse68e.tmp no specs setacl.exe no specs nse6fc.tmp no specs setacl.exe no specs nse76b.tmp no specs setacl.exe no specs nse7e9.tmp no specs setacl.exe no specs nse857.tmp no specs setacl.exe no specs nse8c6.tmp no specs setacl.exe no specs nse934.tmp no specs setacl.exe no specs nse9a2.tmp no specs setacl.exe no specs nsea11.tmp no specs setacl.exe no specs nsea8f.tmp no specs setacl.exe no specs nseafd.tmp no specs setacl.exe no specs nseb6b.tmp no specs setacl.exe no specs nsebda.tmp no specs setacl.exe no specs nsec48.tmp no specs setacl.exe no specs nsecb7.tmp no specs setacl.exe no specs nsed35.tmp no specs setacl.exe no specs nseda3.tmp no specs setacl.exe no specs nsee11.tmp no specs setacl.exe no specs nsee80.tmp no specs setacl.exe no specs nseefe.tmp no specs setacl.exe no specs nsef6c.tmp no specs setacl.exe no specs nsefda.tmp no specs setacl.exe no specs nsf058.tmp no specs setacl.exe no specs nsf0c7.tmp no specs setacl.exe no specs nsf135.tmp no specs setacl.exe no specs nsf1b3.tmp no specs setacl.exe no specs nsf222.tmp no specs setacl.exe no specs nsf2a0.tmp no specs setacl.exe no specs nsf31e.tmp no specs setacl.exe no specs nsf38c.tmp no specs setacl.exe no specs nsf3fa.tmp no specs setacl.exe no specs nsf469.tmp no specs setacl.exe no specs nsf4e7.tmp no specs setacl.exe no specs nsf555.tmp no specs setacl.exe no specs nsf5c3.tmp no specs setacl.exe no specs mpc-hc.exe no specs codecsettings.exe

Process information

PID
CMD
Path
Indicators
Parent process
296"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2044 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
332C:\Windows\system32\Codecs\SetACL.exe -on HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation\MediaSources\DoNotUse -ot reg -actn setowner -ownr n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;s:y -silentC:\Windows\System32\Codecs\SetACL.exensEE11.tmp
User:
admin
Company:
Helge Klein
Integrity Level:
HIGH
Description:
SetACL 3
Exit code:
0
Version:
3.0.6.0
Modules
Images
c:\windows\system32\codecs\setacl.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\activeds.dll
452"C:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsE76B.tmp" C:\Windows\system32\Codecs\SetACL.exe -on HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation\MediaSources\DoNotUse -ot reg -actn ace -ace n:S-1-5-32-544;s:y;p:full -silentC:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsE76B.tmpmedia.player.codec.pack.v4.5.9.setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsa76da.tmp\nse76b.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
560C:\Windows\system32\Codecs\SetACL.exe -on HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectShow\Preferred -ot reg -actn ace -ace n:S-1-5-32-544;s:y;p:read -silentC:\Windows\System32\Codecs\SetACL.exensE2DD.tmp
User:
admin
Company:
Helge Klein
Integrity Level:
HIGH
Description:
SetACL 3
Exit code:
0
Version:
3.0.6.0
Modules
Images
c:\windows\system32\codecs\setacl.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\activeds.dll
568"C:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsC145.tmp" "C:\Windows\system32\Codecs\SetACL.exe" MACHINE\SOFTWARE\Classes\MediaFoundation\MediaSources\Preferred /registry /grant S-1-5-32-544 /full /r:cont_obj /sid /silentC:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsC145.tmpmedia.player.codec.pack.v4.5.9.setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
3
Modules
Images
c:\users\admin\appdata\local\temp\nsa76da.tmp\nsc145.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
680"C:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsEAFD.tmp" C:\Windows\system32\Codecs\SetACL.exe -on HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation\MediaSources\DoNotUse -ot reg -actn ace -ace n:S-1-5-32-544;s:y;p:read -silentC:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsEAFD.tmpmedia.player.codec.pack.v4.5.9.setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsa76da.tmp\nseafd.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
696"C:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsF38C.tmp" C:\Windows\system32\Codecs\SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\ByteStreamHandlers\.mp4" -ot reg -actn setowner -ownr n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;s:y -silentC:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsF38C.tmpmedia.player.codec.pack.v4.5.9.setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsa76da.tmp\nsf38c.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
840"C:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsC5B4.tmp" "C:\Windows\system32\Codecs\SetACL.exe" "MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\ByteStreamHandlers\.mp4" /registry /grant S-1-5-32-544 /full /r:cont_obj /sid /silentC:\Users\admin\AppData\Local\Temp\nsa76DA.tmp\nsC5B4.tmpmedia.player.codec.pack.v4.5.9.setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
3
Modules
Images
c:\users\admin\appdata\local\temp\nsa76da.tmp\nsc5b4.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
840C:\Windows\system32\Codecs\SetACL.exe -on HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation\MediaSources\DoNotUse -ot reg -actn ace -ace n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;s:y;p:full -silentC:\Windows\System32\Codecs\SetACL.exensEE80.tmp
User:
admin
Company:
Helge Klein
Integrity Level:
HIGH
Description:
SetACL 3
Exit code:
25
Version:
3.0.6.0
Modules
Images
c:\windows\system32\codecs\setacl.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\activeds.dll
844C:\Windows\system32\Codecs\SetACL.exe -on HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation\MediaSources\DoNotUse -ot reg -actn setowner -ownr n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;s:y -silentC:\Windows\System32\Codecs\SetACL.exensE35B.tmp
User:
admin
Company:
Helge Klein
Integrity Level:
HIGH
Description:
SetACL 3
Exit code:
0
Version:
3.0.6.0
Modules
Images
c:\windows\system32\codecs\setacl.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\activeds.dll
Total events
33 938
Read events
33 612
Write events
314
Delete events
12

Modification events

(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2044) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
375
Suspicious files
1 097
Text files
139
Unknown types
0

Dropped files

PID
Process
Filename
Type
296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\media.player.codec.pack.v4.5.9.setup.exe.5fuvru2.partial
MD5:
SHA256:
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\media.player.codec.pack.v4.5.9.setup.exe
MD5:
SHA256:
296iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\media.player.codec.pack.v4.5.9.setup[1].exeexecutable
MD5:C99E94D5C4E4D1FA46504B75013ED2A7
SHA256:6DDCAAFD33EDC2EF33460F5A17969946C4494880696EE667E5CE77BF29B4E865
296iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
1536media.player.codec.pack.v4.5.9.setup.exeC:\Users\admin\AppData\Local\Temp\nsx8105.tmp\easy.initext
MD5:591221C5757B60A84F0E9A72E3022368
SHA256:21C45F50C62AA042AA43CCF26B3133C8F69318EE273CAA3896D0CD683D2C71F2
296iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:E6AC57E8AACFC97C04C86D0AEE61B4CC
SHA256:D612754CC8550C6F59652C7AAA9CEDF5B29FA6E87020DB1DC20EB74DEBB66E9D
296iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:C6E7A3EF2CA48B5F3D632715CC7331AE
SHA256:2DB0AFD67885E0E9D677A7E8C092C3A24EF2E2876874CDD44A8855CA6A8E5E58
1536media.player.codec.pack.v4.5.9.setup.exeC:\Users\admin\AppData\Local\Temp\nsc80D5.tmp
MD5:
SHA256:
296iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:5E69290251309BD7AD3E029D8A212758
SHA256:36AC95C2BA0979B1BC6431C3C34E62A9BEFB71662E903E2DB7FD7737BF1CFDD9
296iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:5F154B69B6A47B3F82AB9E837E2D98A8
SHA256:34A6133E78859D9881B30914BD958C7841C361FCE4F1278E944A99A682B7BA77
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
67
DNS requests
99
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
296
iexplore.exe
GET
200
184.24.77.199:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f6bf34dbb61e71d7
unknown
compressed
4.66 Kb
unknown
296
iexplore.exe
GET
200
184.24.77.199:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?608cb4ab6d3f68d3
unknown
compressed
4.66 Kb
unknown
1080
svchost.exe
GET
304
72.247.153.162:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a414549a770d7263
unknown
unknown
296
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
binary
1.42 Kb
unknown
296
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
unknown
2044
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
2044
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
unknown
binary
471 b
unknown
2044
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
binary
471 b
unknown
2044
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
296
iexplore.exe
51.195.149.65:443
www.mediaplayercodecpack.com
OVH SAS
FR
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
296
iexplore.exe
184.24.77.199:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
296
iexplore.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
shared
1080
svchost.exe
224.0.0.252:5355
unknown
1080
svchost.exe
72.247.153.162:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2044
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
2044
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1536
media.player.codec.pack.v4.5.9.setup.exe
13.32.23.230:443
d3j6hg32mwjrha.cloudfront.net
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
www.mediaplayercodecpack.com
  • 51.195.149.65
unknown
ctldl.windowsupdate.com
  • 184.24.77.199
  • 184.24.77.205
  • 184.24.77.180
  • 184.24.77.197
  • 72.247.153.162
  • 72.247.153.178
whitelisted
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
d3j6hg32mwjrha.cloudfront.net
  • 13.32.23.230
  • 13.32.23.193
  • 13.32.23.156
  • 13.32.23.101
whitelisted
d1ej3nsy6n25r4.cloudfront.net
  • 18.238.248.3
  • 18.238.248.80
  • 18.238.248.151
  • 18.238.248.112
  • 18.245.62.213
  • 18.245.62.158
  • 18.245.62.156
  • 18.245.62.136
unknown
ieonline.microsoft.com
  • 204.79.197.200
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.mediaplayercodecpack.com/files/media.player.codec.pack.v4.5.9.setup.exe