File name:

Halloween.exe

Full analysis: https://app.any.run/tasks/3faee3c2-6184-43a6-b888-72c5809bcc49
Verdict: Malicious activity
Analysis date: October 25, 2024, 04:36:30
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
lua
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

F0ECDCCB410A0F4E01CD6D41A52D56B2

SHA1:

23D1452A0FA794D6EE03B786DD4CF9EC189904CE

SHA256:

F23233BFFB08FCBBDA8237FECE95003BEA1453466150BE0EB0B2F0860A34B72E

SSDEEP:

98304:TgTYVfYa4uckN1T6ZbyeC/xij1A+LEew5/19SOGqSWqlz1Ymh5uC7o+vIeKJVJ:aNickN1T6Fyx/g/E75/19SOGLWqlBNhE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MBRKiller.exe (PID: 3676)

    • Uses Task Scheduler to run other applications

      • MBRKiller.exe (PID: 3676)

  • SUSPICIOUS

    • The executable file from the user directory is run by the CMD process

      • MBRKiller.exe (PID: 3676)
      • waves.exe (PID: 7328)
      • icons.exe (PID: 7596)
      • tunnel.exe (PID: 7800)
      • BitBlt.exe (PID: 8064)
      • icons.exe (PID: 1156)
      • tunnel.exe (PID: 4464)
      • scream.exe (PID: 5892)
      • scream.exe (PID: 7368)
      • scream.exe (PID: 1204)
      • scream.exe (PID: 7324)
      • scream.exe (PID: 6612)
      • scream.exe (PID: 7036)
      • scream.exe (PID: 2364)
      • CLWCP.exe (PID: 6988)
      • scream.exe (PID: 632)
      • scream.exe (PID: 5168)
      • scream.exe (PID: 6904)
      • scream.exe (PID: 3524)
      • scream.exe (PID: 7500)
      • scream.exe (PID: 7312)
      • scream.exe (PID: 5700)
      • scream.exe (PID: 7356)
      • BitBlt.exe (PID: 7756)
      • tunnel.exe (PID: 7772)
      • icons.exe (PID: 7668)
      • inv.exe (PID: 7128)
      • scream.exe (PID: 6276)
      • scream.exe (PID: 6328)
      • scream.exe (PID: 3000)
      • scream.exe (PID: 2980)
      • scream.exe (PID: 6224)
      • CLWCP.exe (PID: 6812)
      • CLWCP.exe (PID: 4464)

    • Executable content was dropped or overwritten

      • Halloween.exe (PID: 6212)

    • Reads security settings of Internet Explorer

      • Halloween.exe (PID: 6212)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 6152)

    • Starts CMD.EXE for commands execution

      • Halloween.exe (PID: 6212)

    • Executing commands from a ".bat" file

      • Halloween.exe (PID: 6212)

    • Probably fake Windows Update

      • schtasks.exe (PID: 2076)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 6152)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 6152)

    • There is functionality for taking screenshot (YARA)

      • vlc.exe (PID: 7112)

  • INFO

    • The process uses the downloaded file

      • Halloween.exe (PID: 6212)
      • cmd.exe (PID: 6152)

    • Process checks computer location settings

      • Halloween.exe (PID: 6212)

    • Reads the computer name

      • Halloween.exe (PID: 6212)
      • vlc.exe (PID: 7112)

    • Checks supported languages

      • Halloween.exe (PID: 6212)
      • MBRKiller.exe (PID: 3676)
      • CLWCP.exe (PID: 4464)
      • vlc.exe (PID: 7112)

    • Create files in a temporary directory

      • Halloween.exe (PID: 6212)

    • UPX packer has been detected

      • Halloween.exe (PID: 6212)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 7080)

    • The process uses Lua

      • vlc.exe (PID: 7112)

    • Sends debugging messages

      • vlc.exe (PID: 7112)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:11:08 13:12:07+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 2.5
CodeSize: 5767168
InitializedDataSize: 200704
UninitializedDataSize: 29433856
EntryPoint: 0x2191930
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: Debug, Pre-release, Private build
FileOS: Windows 16-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileDescription: Do not run this on Real PC
FileVersion: 1,0,0,0
ProductName: DeathPlus
ProductVersion: 1,0,0,0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
207
Monitored processes
75
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT halloween.exe cmd.exe no specs conhost.exe no specs taskkill.exe no specs reg.exe no specs mbrkiller.exe schtasks.exe no specs conhost.exe no specs THREAT vlc.exe notepad.exe no specs clwcp.exe no specs timeout.exe no specs waves.exe no specs timeout.exe no specs taskkill.exe no specs icons.exe no specs timeout.exe no specs conhost.exe no specs taskkill.exe no specs tunnel.exe no specs timeout.exe no specs conhost.exe no specs taskkill.exe no specs bitblt.exe no specs timeout.exe no specs conhost.exe no specs taskkill.exe no specs icons.exe no specs timeout.exe no specs conhost.exe no specs tunnel.exe no specs conhost.exe no specs timeout.exe no specs taskkill.exe no specs taskkill.exe no specs clwcp.exe no specs timeout.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs timeout.exe no specs clwcp.exe no specs timeout.exe no specs vlc.exe bitblt.exe no specs icons.exe no specs conhost.exe no specs conhost.exe no specs tunnel.exe no specs conhost.exe no specs timeout.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs inv.exe no specs timeout.exe no specs halloween.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632scream.exe C:\Users\admin\AppData\Local\Temp\BACD.tmp\scream.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\bacd.tmp\scream.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
696\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeicons.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
700\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1028taskkill /f /im icons.exeC:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1156icons.exe C:\Users\admin\AppData\Local\Temp\BACD.tmp\icons.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\bacd.tmp\icons.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1204scream.exe C:\Users\admin\AppData\Local\Temp\BACD.tmp\scream.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\bacd.tmp\scream.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2076schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\admin\AppData\Local\Temp\BACD.tmp\MBRKiller.exe"C:\Windows\SysWOW64\schtasks.exeMBRKiller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2088taskkill /f /im BitBlt.exeC:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2280timeout 5 /nobreakC:\Windows\SysWOW64\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2364scream.exe C:\Users\admin\AppData\Local\Temp\BACD.tmp\scream.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\bacd.tmp\scream.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
4 829
Read events
4 821
Write events
6
Delete events
2

Modification events

(PID) Process:(6152) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
Operation:writeName:VLC.wav
Value:
(PID) Process:(5892) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableTaskMgr
Value:
1
(PID) Process:(3676) MBRKiller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Windows Update
Value:
(PID) Process:(3676) MBRKiller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Update
Value:
C:\Users\admin\AppData\Local\Temp\BACD.tmp\MBRKiller.exe
(PID) Process:(3676) MBRKiller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Windows Update
Value:
C:\Users\admin\AppData\Local\Temp\BACD.tmp\MBRKiller.exe
(PID) Process:(6152) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
Value:
0100000000000000EF1CA57B9726DB01
(PID) Process:(6152) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
Operation:writeName:txtfile
Value:
Executable files
12
Suspicious files
2
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\fnaf.bmp
MD5:
SHA256:
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\clown.bmp
MD5:
SHA256:
3676MBRKiller.exe\Device\Harddisk0\DR0
MD5:
SHA256:
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\DeathPlus.battext
MD5:892F11B37E59D1BB0D8ACCD66402E12D
SHA256:AB473B1B6AE32BCB465DDDBD0A8079A12611BD7A2AF5DF45367A0AA6764E3E8A
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\icons.exeexecutable
MD5:3CA1D5768C2944D4284B1541653823C7
SHA256:4172C6120F8F98685698365D6DD52C80EB2080203CDDE479009BF8F4FA770AF0
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\BitBlt.exeexecutable
MD5:DEF5F510BDBEAC4B8332A99A51B1C88D
SHA256:A3CD12B2F1E28ECD1EE80E4050277DAA646ABDB03F765DB5F9F0E2DB6E72D370
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\bsod.htahtml
MD5:0814302779986578A2FB3C96206077A9
SHA256:CE07F998E0ECE87FE3ACA6E9C2A3ACC1D9E2C4C41F288198BCDEB376D86603C5
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\tunnel.exeexecutable
MD5:7DAE1FB2E3A65E8DD594B021A6923E24
SHA256:732ADADB4C7167E61F0F5763C2C01E43FB01369683D23C9652AEA99F6C42C810
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\CLWCP.exeexecutable
MD5:E62EE6F1EFC85CB36D62AB779DB6E4EC
SHA256:13B4EC59785A1B367EFB691A3D5C86EB5AAF1CA0062521C4782E1BAAC6633F8A
6152cmd.exeC:\Users\admin\Desktop\note.txttext
MD5:3420DDCB4BC853F482F42850BEE72490
SHA256:343BA8F566AD4135B22CC7C63680AD0215DBC6D96398B9E7B4F032F9D2F03E57
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
45
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3644
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
1552
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7684
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7684
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
3524
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4360
SearchApp.exe
92.123.104.40:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
google.com
  • 216.58.206.46
whitelisted
www.bing.com
  • 92.123.104.40
  • 92.123.104.32
  • 92.123.104.64
  • 92.123.104.33
  • 92.123.104.19
  • 92.123.104.28
  • 92.123.104.11
  • 92.123.104.59
  • 92.123.104.21
  • 92.123.104.34
  • 92.123.104.52
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.76
  • 40.126.32.72
  • 20.190.160.22
  • 40.126.32.138
  • 20.190.160.14
  • 40.126.32.74
  • 20.190.160.17
whitelisted
th.bing.com
  • 92.123.104.64
  • 92.123.104.19
  • 92.123.104.11
  • 92.123.104.34
  • 92.123.104.21
  • 92.123.104.52
  • 92.123.104.59
  • 92.123.104.32
  • 92.123.104.40
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted

Threats

No threats detected
Process
Message
vlc.exe
main libvlc debug: using multimedia timers as clock source
vlc.exe
main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc.exe
main libvlc debug: VLC media player - 3.0.11 Vetinari
vlc.exe
main libvlc debug: Copyright © 1996-2020 the VideoLAN team
vlc.exe
main libvlc debug: revision 3.0.11-0-gdc0c5ced72
vlc.exe
main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=x86_64-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=x86_64-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x64/contrib/x86_64-w64-mingw32/lib/pkgconfig'
vlc.exe
main libvlc debug: searching plug-in modules
vlc.exe
main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
vlc.exe
main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
vlc.exe
main libvlc debug: plug-ins loaded: 494 modules
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Halloween.exe