File name:

prosto-preview.m3u

Full analysis: https://app.any.run/tasks/34061266-026a-49a2-a9b4-d3983066ff0a
Verdict: Malicious activity
Analysis date: July 14, 2024, 20:13:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: M3U playlist, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
MD5:

14176AD185D9B149E1D1DF0AF5C610F4

SHA1:

ABEAFD1A1CF27485D335A9BD3CD99472C9BAB6C5

SHA256:

DE43DEA4138D4CA633035D7D4561A83C40B410EA05DC3F7BBB2CD50D43053F16

SSDEEP:

192:+lKum2Q3KFxPA8T44QoqgVKHmhtIQuxtPkJrTPXaXw4Xa:+lKum33KA8s4QoqgVKHmhtIQuxpkJrrx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • vlc.exe (PID: 3344)

    • Connects to unusual port

      • vlc.exe (PID: 3344)

  • INFO

    • Checks supported languages

      • vlc.exe (PID: 3344)

    • Reads the computer name

      • vlc.exe (PID: 3344)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.m3u8/m3u | Extended M3U playlist (UTF-8) (76.9)
.txt | Text - UTF-8 encoded (23)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT vlc.exe

Process information

PID
CMD
Path
Indicators
Parent process
3344"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file C:\Users\admin\Desktop\prosto-preview.m3uC:\Program Files\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Version:
3.0.11
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
6 339
Read events
6 315
Write events
24
Delete events
0

Modification events

(PID) Process:(3344) vlc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
vlc.exe
Executable files
0
Suspicious files
0
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
3344vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.iniini
MD5:5E3D69952218D8F59AEFBF092498BA95
SHA256:6E6940C8446AAE948A6007AD6103B1BFA8E130351CE546F985FBACFE4F24CE66
3344vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.gq3344ini
MD5:BA3C485F0D6072A29967B639302A107B
SHA256:4ED7C95D137AC93D3AF6893A2E071FEB2E00F12FD6FF79A58F7F6E5F1BEF4CB0
3344vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Hp3344ini
MD5:5E3D69952218D8F59AEFBF092498BA95
SHA256:6E6940C8446AAE948A6007AD6103B1BFA8E130351CE546F985FBACFE4F24CE66
3344vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.locktext
MD5:34C05000B1A987E0896899D20922AE31
SHA256:3C28DE47676981BC6371975CBAC2EF7D4D9A2BD29C33622549F32DE4E88C2BAE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
45
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3344
vlc.exe
GET
200
176.122.99.7:7000
http://iptv.prosto.tv:7000/ch19/video.m3u8
unknown
unknown
3344
vlc.exe
GET
200
176.122.99.7:7000
http://iptv.prosto.tv:7000/ch19/tracks-v2a1/mono.m3u8?live=1&ip=45.88.97.118&e=1723580019&st=XvP93ANei6_ok8gvRSBHZg
unknown
unknown
3344
vlc.exe
GET
200
176.122.99.7:7000
http://iptv.prosto.tv:7000/ch19/tracks-v2a1/2024/07/14/20/13/14-06000.ts?live=1&ip=45.88.97.118&e=1723580019&st=hGMybLZ3FwogipGh-mLJeA
unknown
unknown
3344
vlc.exe
GET
200
176.122.99.7:7000
http://iptv.prosto.tv:7000/ch19/tracks-v1a1/mono.m3u8?live=1&ip=45.88.97.118&e=1723580019&st=mSGJ1MPFJji6WABx-tZzSA
unknown
unknown
3344
vlc.exe
GET
200
176.122.99.7:7000
http://iptv.prosto.tv:7000/ch19/tracks-v1a1/mono.m3u8?live=1&ip=45.88.97.118&e=1723580019&st=mSGJ1MPFJji6WABx-tZzSA
unknown
unknown
1372
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
3344
vlc.exe
GET
200
176.122.99.7:7000
http://iptv.prosto.tv:7000/ch19/tracks-v1a1/2024/07/14/20/13/20-06000.ts?live=1&ip=45.88.97.118&e=1723580019&st=sSWRBFjkgc5SSiASA8wZ8w
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3344
vlc.exe
GET
404
176.122.99.7:7000
http://iptv.prosto.tv:7000/ch19/tracks-v1a1/2024/07/14/20/13/26-06000.ts?live=1&ip=45.88.97.118&e=1723580019&st=sSWRBFjkgc5SSiASA8wZ8w
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:137
whitelisted
1372
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1060
svchost.exe
224.0.0.252:5355
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
4
System
192.168.100.255:138
whitelisted
3344
vlc.exe
176.122.99.7:7000
iptv.prosto.tv
Ukrainian Telecommunication Group LLC
UA
unknown
1372
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
svchost.exe
23.48.23.145:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
iptv.prosto.tv
  • 176.122.99.7
  • 31.43.48.248
unknown
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
  • 199.232.210.172
  • 199.232.214.172
whitelisted
crl.microsoft.com
  • 23.48.23.145
  • 23.48.23.167
  • 23.48.23.166
  • 23.48.23.194
  • 23.48.23.177
  • 23.48.23.164
  • 23.48.23.143
  • 23.48.23.176
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
Process
Message
vlc.exe
main libvlc debug: VLC media player - 3.0.11 Vetinari
vlc.exe
main libvlc debug: Copyright © 1996-2020 the VideoLAN team
vlc.exe
main libvlc debug: revision 3.0.11-0-gdc0c5ced72
vlc.exe
main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
vlc.exe
main libvlc debug: using multimedia timers as clock source
vlc.exe
main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc.exe
main libvlc debug: searching plug-in modules
vlc.exe
main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
vlc.exe
main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
vlc.exe
main libvlc error: stale plugins cache: modified C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
prosto-preview.m3u