File name:

熊猫抖音直播助手云安装程序.exe

Full analysis: https://app.any.run/tasks/8f57c31f-36ae-4a8a-bcd7-84f31e24e69d
Verdict: Malicious activity
Analysis date: April 15, 2026, 02:00:19
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ftp
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

B4C58B9AF7C840D60B8C36CE66832DE8

SHA1:

4A911D553BD8687F2ACE0C9237A5BF1D302E91B7

SHA256:

A1674372E861D5D35978BC13AB4D688425000C97B070BF551D3CF44861BE210E

SSDEEP:

98304:bbV9BtHOlZj3B8SHSZ5lfYop4II6BdXPSFSj5vY+VawMCK30eC5QnYNXR0ZjUj9s:nlsB/lsB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 熊猫抖音直播助手云安装程序.exe (PID: 3276)
      • ÐÜèֱ²¥ÖúÊÖ.exe (PID: 7840)

    • Creates file in the systems drive root

      • ÐÜèֱ²¥ÖúÊÖ.exe (PID: 7840)

  • INFO

    • Reads the computer name

      • 熊猫抖音直播助手云安装程序.exe (PID: 3276)
      • ÐÜèֱ²¥ÖúÊÖ.exe (PID: 7840)
      • vlc.exe (PID: 8012)
      • vlc.exe (PID: 3136)

    • Creates files or folders in the user directory

      • 熊猫抖音直播助手云安装程序.exe (PID: 3276)

    • Checks supported languages

      • 熊猫抖音直播助手云安装程序.exe (PID: 3276)
      • ÐÜèֱ²¥ÖúÊÖ.exe (PID: 7840)
      • vlc.exe (PID: 8012)
      • vlc.exe (PID: 3136)

    • The sample compiled with chinese language support

      • 熊猫抖音直播助手云安装程序.exe (PID: 3276)
      • ÐÜèֱ²¥ÖúÊÖ.exe (PID: 7840)

    • Reads security settings of Internet Explorer

      • 熊猫抖音直播助手云安装程序.exe (PID: 3276)
      • ÐÜèֱ²¥ÖúÊÖ.exe (PID: 7840)

    • Reads the machine GUID from the registry

      • 熊猫抖音直播助手云安装程序.exe (PID: 3276)

    • There is functionality for taking screenshot (YARA)

      • 熊猫抖音直播助手云安装程序.exe (PID: 3276)

    • JScript runtime error (SCRIPT)

      • ÐÜèֱ²¥ÖúÊÖ.exe (PID: 7840)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (35.8)
.exe | Win64 Executable (generic) (31.7)
.scr | Windows screen saver (15)
.dll | Win32 Dynamic Link Library (generic) (7.5)
.exe | Win32 Executable (generic) (5.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2026:04:06 14:42:42+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 647168
InitializedDataSize: 11984896
UninitializedDataSize: -
EntryPoint: 0x7edb5
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
FileVersion: 1.0.0.0
FileDescription: 熊猫直播助手自动安装程序
ProductName: 熊猫直播助手自动安装程序
ProductVersion: 1.0.0.0
CompanyName: 熊猫直播助手自动更新程序
LegalCopyright: 熊猫直播助手自动更新程序
Comments: 熊猫直播助手自动安装程序
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 熊猫抖音直播助手云安装程序.exe ðüã¨ö±²¥öúêö.exe vlc.exe vlc.exe 熊猫抖音直播助手云安装程序.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3136"C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe
ÐÜèֱ²¥ÖúÊÖ.exe
User:
admin
Company:
VideoLAN
Integrity Level:
HIGH
Description:
VLC media player
Version:
3.0.11
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\program files\videolan\vlc\libvlc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3276"C:\Users\admin\AppData\Local\Temp\熊猫抖音直播助手云安装程序.exe" C:\Users\admin\AppData\Local\Temp\熊猫抖音直播助手云安装程序.exe
explorer.exe
User:
admin
Company:
熊猫直播助手自动更新程序
Integrity Level:
HIGH
Description:
熊猫直播助手自动安装程序
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\熊猫抖音直播助手云安装程序.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7484"C:\Users\admin\AppData\Local\Temp\熊猫抖音直播助手云安装程序.exe" C:\Users\admin\AppData\Local\Temp\熊猫抖音直播助手云安装程序.exeexplorer.exe
User:
admin
Company:
熊猫直播助手自动更新程序
Integrity Level:
MEDIUM
Description:
熊猫直播助手自动安装程序
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\熊猫抖音直播助手云安装程序.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7840C:\ÐÜèֱ²¥ÖúÊÖ\ÐÜèֱ²¥ÖúÊÖ.exeC:\ÐÜèֱ²¥ÖúÊÖ\ÐÜèֱ²¥ÖúÊÖ.exe
熊猫抖音直播助手云安装程序.exe
User:
admin
Company:
熊猫直播助手
Integrity Level:
HIGH
Description:
熊猫直播助手
Version:
1.0.0.0
Modules
Images
c:\ðüã¨ö±²¥öúêö\ðüã¨ö±²¥öúêö.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
8012"C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe
ÐÜèֱ²¥ÖúÊÖ.exe
User:
admin
Company:
VideoLAN
Integrity Level:
HIGH
Description:
VLC media player
Version:
3.0.11
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
2 833
Read events
2 825
Write events
8
Delete events
0

Modification events

(PID) Process:(3276) 熊猫抖音直播助手云安装程序.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3276) 熊猫抖音直播助手云安装程序.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3276) 熊猫抖音直播助手云安装程序.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7840) ÐÜèֱ²¥ÖúÊÖ.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings
Operation:writeName:JITDebug
Value:
0
(PID) Process:(7840) ÐÜèֱ²¥ÖúÊÖ.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\ðüã¨ö±²¥öúêö.exe
Operation:writeName:JScriptSetScriptStateStarted
Value:
2CB60E0000000000
(PID) Process:(7840) ÐÜèֱ²¥ÖúÊÖ.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7840) ÐÜèֱ²¥ÖúÊÖ.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7840) ÐÜèֱ²¥ÖúÊÖ.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
3
Suspicious files
4
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3276熊猫抖音直播助手云安装程序.exeC:\Users\admin\Desktop\ÐÜèֱ²¥ÖúÊÖ.lnkbinary
MD5:72C96E4D76A3AE6A6000F26D1E06838E
SHA256:399E3691673901D7E858F9FED2D067FA22289E1521705BD18B82D3884C005C2C
3276熊猫抖音直播助手云安装程序.exeC:\ÐÜèֱ²¥ÖúÊÖ\ÐÜèֱ²¥ÖúÊÖ.exeexecutable
MD5:885FF9022D4FCD1E7563DB7F9F61203E
SHA256:38C4F94CA2E44BE0BB2634960F461D70255A8C22FCE524B432251C6E0A1FBA17
3276熊猫抖音直播助手云安装程序.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D5FAEBA92E61A471109FCCFFF03BD7A5binary
MD5:C8632A3C3E76FDB9EC39FFCD0C772A61
SHA256:AC4B912FDCBD314A513DF355E30F80DFF8555F19DF7A4ECE4143A018164E867F
3276熊猫抖音直播助手云安装程序.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:7F924EAEA21BB91214FF7B4525F3BD29
SHA256:E718475014C8F51A8F2746FBE90A7BFF516B65BEF36EE6340A5FC746BC5DFC32
3276熊猫抖音直播助手云安装程序.exeC:\ÐÜèֱ²¥ÖúÊÖ\update.exeexecutable
MD5:A9F55B1A05BD21156F2F96D680D216FF
SHA256:93661E783C40EF855F61997D5C92A252E5180E651998A26D42B704DEE60F935B
7840ÐÜèֱ²¥ÖúÊÖ.exeC:\Óû§E0-AD-78-8F-1C-9F.txttext
MD5:BA9832283438C8FD705436690F0FAD5A
SHA256:F90A88CB44CFD5B32DF8DDE67C01C81A9CADF86A8519E0DE947163494A277A69
3276熊猫抖音直播助手云安装程序.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D5FAEBA92E61A471109FCCFFF03BD7A5binary
MD5:82B4883DF4D797EE171B08BCBAB19FC1
SHA256:223D9B7568FDE3DA9FBDF3AA2D218D27F95DB92E506EB33856C99D087AAC81AB
7840ÐÜèֱ²¥ÖúÊÖ.exeC:\ÐÜèֱ²¥ÖúÊÖ\HPSocket4C.dllexecutable
MD5:A3B44F5D1750D10028987C7372B61B9E
SHA256:64FF8FFE24ED9F8AEA1D514B796EAEB320C198A11FA9C98E05A24A760E4E43CF
7840ÐÜèֱ²¥ÖúÊÖ.exeC:\update.txttext
MD5:07078A97D66756F213DBCA3E379BF084
SHA256:FBD04E1AAE9CE0B11A8946E2C9AC2619F7428A64D32D01EFF61D809DCB70EE8E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
31
DNS requests
23
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3276
熊猫抖音直播助手云安装程序.exe
GET
45.207.198.129:443
https://www.yzzs100.com/%E7%86%8A%E7%8C%AB%E7%9B%B4%E6%92%AD%E5%8A%A9%E6%89%8B%2E%65%78%65
US
malicious
3276
熊猫抖音直播助手云安装程序.exe
GET
45.207.198.129:443
https://www.yzzs100.com/%E7%86%8A%E7%8C%AB%E7%9B%B4%E6%92%AD%E5%8A%A9%E6%89%8B%2E%65%78%65
US
malicious
5276
MoUsoCoreWorker.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
3276
熊猫抖音直播助手云安装程序.exe
GET
200
104.18.20.213:80
http://r13.c.lencr.org/16.crl
US
binary
205 Kb
whitelisted
3552
SIHClient.exe
GET
304
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
3552
SIHClient.exe
GET
200
135.232.92.97:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
3552
SIHClient.exe
GET
200
135.232.92.137:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
3552
SIHClient.exe
GET
304
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
5392
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5392
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5392
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
128.24.231.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
184.86.251.27:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.40.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3276
熊猫抖音直播助手云安装程序.exe
45.207.198.129:443
www.yzzs100.com
COGNETCLOUD
US
malicious
3276
熊猫抖音直播助手云安装程序.exe
104.18.20.213:80
r13.c.lencr.org
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 20.73.194.208
  • 40.127.240.158
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.64
whitelisted
google.com
  • 142.250.154.100
  • 142.250.154.139
  • 142.250.154.102
  • 142.250.154.113
  • 142.250.154.138
  • 142.250.154.101
whitelisted
www.bing.com
  • 184.86.251.27
  • 184.86.251.22
whitelisted
ocsp.digicert.com
  • 23.11.40.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
www.yzzs100.com
  • 45.207.198.129
unknown
r13.c.lencr.org
  • 104.18.20.213
  • 104.18.21.213
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted

Threats

PID
Process
Class
Message
5392
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7840
ÐÜèֱ²¥ÖúÊÖ.exe
Misc activity
HUNTING [ANY.RUN] TCP binary protocol 32-LE data-len prefix on non-standard port outbound
7840
ÐÜèֱ²¥ÖúÊÖ.exe
Misc activity
HUNTING [ANY.RUN] TCP binary protocol 32-LE data-len prefix on non-standard port inbound
7840
ÐÜèֱ²¥ÖúÊÖ.exe
Misc activity
INFO [ANY.RUN] FTP protocol command for uploading a file
3276
熊猫抖音直播助手云安装程序.exe
A Network Trojan was detected
ET HUNTING Suspicious User-Agent (Agent and 5 or 6 digits)
Process
Message
vlc.exe
main libvlc debug: VLC media player - 3.0.11 Vetinari
vlc.exe
main libvlc debug: Copyright © 1996-2020 the VideoLAN team
vlc.exe
main libvlc debug: revision 3.0.11-0-gdc0c5ced72
vlc.exe
main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=x86_64-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=x86_64-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x64/contrib/x86_64-w64-mingw32/lib/pkgconfig'
vlc.exe
main libvlc debug: using multimedia timers as clock source
vlc.exe
main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc.exe
main libvlc debug: searching plug-in modules
vlc.exe
main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
vlc.exe
main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
vlc.exe
main libvlc debug: plug-ins loaded: 494 modules
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
熊猫抖音直播助手云安装程序.exe