File name:

megogo-free-250224.m3u

Full analysis: https://app.any.run/tasks/49d38170-8cbe-49fd-a8ea-e375589af432
Verdict: Malicious activity
Analysis date: July 14, 2024, 20:27:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: M3U playlist, Unicode text, UTF-8 text, with very long lines (354), with CRLF line terminators
MD5:

00220174917B40F6008847263DE5A3E0

SHA1:

B0310908BAE156B8120737E57E5B99501BEAB7D5

SHA256:

D311086F3162B75755CCE4A82CC39046AB581F93811A0FFA5C581BFE41CABF64

SSDEEP:

96:WoKrn/2UFvYPG690SkZkqEl/Cd39v3u64H/UEIk0PC4s:Ibu0C0U9kv374Hhins

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • vlc.exe (PID: 3368)

    • There is functionality for taking screenshot (YARA)

      • vlc.exe (PID: 3368)

  • INFO

    • Checks supported languages

      • vlc.exe (PID: 3368)

    • Reads the computer name

      • vlc.exe (PID: 3368)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.m3u | Extended M3U playlist (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT vlc.exe

Process information

PID
CMD
Path
Indicators
Parent process
3368"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file C:\Users\admin\Desktop\megogo-free-250224.m3uC:\Program Files\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Version:
3.0.11
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
17 386
Read events
17 386
Write events
0
Delete events
0

Modification events

No data
Executable files
15
Suspicious files
0
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Uh3368ini
MD5:32A72AFECE031FBAC8AD56B255705D95
SHA256:15F4376C7FC42716036D0BC30142EEB880867E2C20326450E7521179BA58AB91
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.iniini
MD5:D4E14AB9044FAB1AA89A5820CE81CA03
SHA256:0A72E7CD605EFB8E2F2CF1756E35E9000753238C7C31B43BC59C7E2866BCC3F2
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Ya3368text
MD5:5B43490E00219862F2CD4F73BC7355F0
SHA256:46E9FB63A66D4CB7A6201AF1AADFAD9439E542353BAF391FBD8AB6A9EFE880CF
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.locktext
MD5:81215F9E252B35A10B62220D343BE14A
SHA256:B54D50B6FE2BE2E2A1923F28A2FF4F100AA1380FF32E4B800E402B17389B0654
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Xd3368text
MD5:465795BB94FC07BE2E60C4EB3C95E2D5
SHA256:C56FB5944713F5DA28EC4B27B4D53584555A2557F89EC232A13A23553AE2206A
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Nl3368text
MD5:A6F5C6FD388E44B376BAAD19A052006C
SHA256:5B16D3D8BC235915E62CBE612D7B8E28F79FECBEEF330496D259EFC3FD10C264
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.fl3368text
MD5:85D8FE27FD6D8DF85FEC6113323D5F77
SHA256:D5CB55531185A8209DC1A7EC335B56EBDC7E6DF3A18C1EB57C5FBA9409651BBE
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.if3368ini
MD5:F2ADCB1C495E59B237C5D270662283F7
SHA256:141314513CF216DF09F46A4B9ADB05588ADCBC987B319BEA728FADD710F97175
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.em3368text
MD5:72819224C25A6F7BCD66E31A4FFC27D1
SHA256:A1992F5622CA5A21D5563DBA61D4D0DE715E3C525F4D4E021DED54CC761DCDEA
3368vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Hp3368text
MD5:D4E14AB9044FAB1AA89A5820CE81CA03
SHA256:0A72E7CD605EFB8E2F2CF1756E35E9000753238C7C31B43BC59C7E2866BCC3F2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
21
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
2.19.126.163:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
1372
svchost.exe
GET
200
23.48.23.190:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:137
whitelisted
1372
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
3368
vlc.exe
195.182.7.47:443
vs847.vcdn.biz
Media IT 27 LLC
UA
unknown
3368
vlc.exe
195.182.7.126:443
vs3526.vcdn.biz
Media IT 27 LLC
UA
unknown
3368
vlc.exe
195.182.7.24:443
vs824.vcdn.biz
Media IT 27 LLC
UA
unknown
3368
vlc.exe
195.182.7.34:443
vs834.vcdn.biz
Media IT 27 LLC
UA
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.46
whitelisted
vs847.vcdn.biz
  • 195.182.7.47
unknown
vs3526.vcdn.biz
  • 195.182.7.126
unknown
vs824.vcdn.biz
  • 195.182.7.24
unknown
vs834.vcdn.biz
  • 195.182.7.34
unknown
vs825.vcdn.biz
  • 195.182.7.25
unknown
vs3507.vcdn.biz
  • 195.182.7.107
unknown
vs822.vcdn.biz
  • 195.182.7.22
unknown
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
ctldl.windowsupdate.com
  • 2.19.126.163
  • 2.19.126.137
whitelisted

Threats

No threats detected
Process
Message
vlc.exe
main libvlc debug: VLC media player - 3.0.11 Vetinari
vlc.exe
main libvlc debug: Copyright © 1996-2020 the VideoLAN team
vlc.exe
main libvlc debug: revision 3.0.11-0-gdc0c5ced72
vlc.exe
main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
vlc.exe
main libvlc debug: using multimedia timers as clock source
vlc.exe
main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc.exe
main libvlc debug: searching plug-in modules
vlc.exe
main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
vlc.exe
main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
vlc.exe
main libvlc error: stale plugins cache: modified C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
megogo-free-250224.m3u