File name:

Halloween.exe

Full analysis: https://app.any.run/tasks/3faee3c2-6184-43a6-b888-72c5809bcc49
Verdict: Malicious activity
Analysis date: October 25, 2024, 04:36:30
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
lua
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

F0ECDCCB410A0F4E01CD6D41A52D56B2

SHA1:

23D1452A0FA794D6EE03B786DD4CF9EC189904CE

SHA256:

F23233BFFB08FCBBDA8237FECE95003BEA1453466150BE0EB0B2F0860A34B72E

SSDEEP:

98304:TgTYVfYa4uckN1T6ZbyeC/xij1A+LEew5/19SOGqSWqlz1Ymh5uC7o+vIeKJVJ:aNickN1T6Fyx/g/E75/19SOGLWqlBNhE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • MBRKiller.exe (PID: 3676)

    • Changes the autorun value in the registry

      • MBRKiller.exe (PID: 3676)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Halloween.exe (PID: 6212)

    • Executable content was dropped or overwritten

      • Halloween.exe (PID: 6212)

    • Starts CMD.EXE for commands execution

      • Halloween.exe (PID: 6212)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 6152)

    • The executable file from the user directory is run by the CMD process

      • MBRKiller.exe (PID: 3676)
      • waves.exe (PID: 7328)
      • icons.exe (PID: 7596)
      • tunnel.exe (PID: 7800)
      • BitBlt.exe (PID: 8064)
      • icons.exe (PID: 1156)
      • tunnel.exe (PID: 4464)
      • CLWCP.exe (PID: 6988)
      • scream.exe (PID: 632)
      • scream.exe (PID: 5892)
      • scream.exe (PID: 5168)
      • scream.exe (PID: 1204)
      • scream.exe (PID: 6904)
      • scream.exe (PID: 7324)
      • scream.exe (PID: 7036)
      • scream.exe (PID: 7368)
      • scream.exe (PID: 6612)
      • scream.exe (PID: 2364)
      • scream.exe (PID: 6276)
      • scream.exe (PID: 7500)
      • scream.exe (PID: 5700)
      • scream.exe (PID: 6328)
      • scream.exe (PID: 7312)
      • BitBlt.exe (PID: 7756)
      • scream.exe (PID: 3000)
      • scream.exe (PID: 6224)
      • scream.exe (PID: 2980)
      • scream.exe (PID: 7356)
      • CLWCP.exe (PID: 6812)
      • scream.exe (PID: 3524)
      • inv.exe (PID: 7128)
      • icons.exe (PID: 7668)
      • tunnel.exe (PID: 7772)
      • CLWCP.exe (PID: 4464)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 6152)

    • There is functionality for taking screenshot (YARA)

      • vlc.exe (PID: 7112)

    • Probably fake Windows Update

      • schtasks.exe (PID: 2076)

    • Executing commands from a ".bat" file

      • Halloween.exe (PID: 6212)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 6152)

  • INFO

    • Create files in a temporary directory

      • Halloween.exe (PID: 6212)

    • Checks supported languages

      • Halloween.exe (PID: 6212)
      • CLWCP.exe (PID: 4464)
      • vlc.exe (PID: 7112)
      • MBRKiller.exe (PID: 3676)

    • Reads the computer name

      • Halloween.exe (PID: 6212)
      • vlc.exe (PID: 7112)

    • Process checks computer location settings

      • Halloween.exe (PID: 6212)

    • The process uses the downloaded file

      • Halloween.exe (PID: 6212)
      • cmd.exe (PID: 6152)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 7080)

    • UPX packer has been detected

      • Halloween.exe (PID: 6212)

    • Sends debugging messages

      • vlc.exe (PID: 7112)

    • The process uses Lua

      • vlc.exe (PID: 7112)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:11:08 13:12:07+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 2.5
CodeSize: 5767168
InitializedDataSize: 200704
UninitializedDataSize: 29433856
EntryPoint: 0x2191930
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: Debug, Pre-release, Private build
FileOS: Windows 16-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileDescription: Do not run this on Real PC
FileVersion: 1,0,0,0
ProductName: DeathPlus
ProductVersion: 1,0,0,0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
207
Monitored processes
75
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT halloween.exe cmd.exe no specs conhost.exe no specs taskkill.exe no specs reg.exe no specs mbrkiller.exe schtasks.exe no specs conhost.exe no specs THREAT vlc.exe notepad.exe no specs clwcp.exe no specs timeout.exe no specs waves.exe no specs timeout.exe no specs taskkill.exe no specs icons.exe no specs timeout.exe no specs conhost.exe no specs taskkill.exe no specs tunnel.exe no specs timeout.exe no specs conhost.exe no specs taskkill.exe no specs bitblt.exe no specs timeout.exe no specs conhost.exe no specs taskkill.exe no specs icons.exe no specs timeout.exe no specs conhost.exe no specs tunnel.exe no specs conhost.exe no specs timeout.exe no specs taskkill.exe no specs taskkill.exe no specs clwcp.exe no specs timeout.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs scream.exe no specs timeout.exe no specs clwcp.exe no specs timeout.exe no specs vlc.exe bitblt.exe no specs icons.exe no specs conhost.exe no specs conhost.exe no specs tunnel.exe no specs conhost.exe no specs timeout.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs inv.exe no specs timeout.exe no specs halloween.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632scream.exe C:\Users\admin\AppData\Local\Temp\BACD.tmp\scream.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\bacd.tmp\scream.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
696\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeicons.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
700\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1028taskkill /f /im icons.exeC:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1156icons.exe C:\Users\admin\AppData\Local\Temp\BACD.tmp\icons.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\bacd.tmp\icons.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1204scream.exe C:\Users\admin\AppData\Local\Temp\BACD.tmp\scream.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\bacd.tmp\scream.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2076schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\admin\AppData\Local\Temp\BACD.tmp\MBRKiller.exe"C:\Windows\SysWOW64\schtasks.exeMBRKiller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2088taskkill /f /im BitBlt.exeC:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2280timeout 5 /nobreakC:\Windows\SysWOW64\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2364scream.exe C:\Users\admin\AppData\Local\Temp\BACD.tmp\scream.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\bacd.tmp\scream.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
4 829
Read events
4 821
Write events
6
Delete events
2

Modification events

(PID) Process:(6152) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
Operation:writeName:VLC.wav
Value:
(PID) Process:(5892) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableTaskMgr
Value:
1
(PID) Process:(3676) MBRKiller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Windows Update
Value:
(PID) Process:(3676) MBRKiller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Update
Value:
C:\Users\admin\AppData\Local\Temp\BACD.tmp\MBRKiller.exe
(PID) Process:(3676) MBRKiller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Windows Update
Value:
C:\Users\admin\AppData\Local\Temp\BACD.tmp\MBRKiller.exe
(PID) Process:(6152) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
Value:
0100000000000000EF1CA57B9726DB01
(PID) Process:(6152) cmd.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
Operation:writeName:txtfile
Value:
Executable files
12
Suspicious files
2
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\fnaf.bmp
MD5:
SHA256:
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\clown.bmp
MD5:
SHA256:
3676MBRKiller.exe\Device\Harddisk0\DR0
MD5:
SHA256:
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\DeathPlus.battext
MD5:892F11B37E59D1BB0D8ACCD66402E12D
SHA256:AB473B1B6AE32BCB465DDDBD0A8079A12611BD7A2AF5DF45367A0AA6764E3E8A
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\MBRKiller.exeexecutable
MD5:6C3D5092B6515B57C144BDCFCD641D13
SHA256:DF3416733483B30D3E0725EC07CAEA190176D4305F93EEB3CACCE84802EA8E01
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\scare.mp4binary
MD5:17042B9E5FC04A571311CD484F17B9EB
SHA256:A9B0F1F849E0B41924F5E80B0C4948E63FC4B4F335BBDF0F997B03A3AFF55424
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\noise.wavwav
MD5:6FB3826CE933E7748E14CB31D1E50A74
SHA256:81EB82AC1911503143BBAA44646CFEDE618A0807E9DCCCEF09F1DEB4D8700CE4
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\scream.exeexecutable
MD5:CBF06517A75EEE73FF7A614981384457
SHA256:AE5252BE8CAD37A12F70F94751F5A9DB15866A6C395DC5EBA505ECB05D414A9A
7112vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.initext
MD5:97D876C16BF79C70A5A6DEB5F5C1DB7E
SHA256:D79E96BCBBDFA3852BEE829A4C514E2555C74394AF4C73E98637117627C717FA
6212Halloween.exeC:\Users\admin\AppData\Local\Temp\BACD.tmp\inv.exeexecutable
MD5:EBB811D0396C06A70FE74D9B23679446
SHA256:28E979002CB4DB546BF9D9D58F5A55FD8319BE638A0974C634CAE6E7E9DBCD89
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
45
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1552
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7684
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3644
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7684
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
3524
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4360
SearchApp.exe
92.123.104.40:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
google.com
  • 216.58.206.46
whitelisted
www.bing.com
  • 92.123.104.40
  • 92.123.104.32
  • 92.123.104.64
  • 92.123.104.33
  • 92.123.104.19
  • 92.123.104.28
  • 92.123.104.11
  • 92.123.104.59
  • 92.123.104.21
  • 92.123.104.34
  • 92.123.104.52
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.76
  • 40.126.32.72
  • 20.190.160.22
  • 40.126.32.138
  • 20.190.160.14
  • 40.126.32.74
  • 20.190.160.17
whitelisted
th.bing.com
  • 92.123.104.64
  • 92.123.104.19
  • 92.123.104.11
  • 92.123.104.34
  • 92.123.104.21
  • 92.123.104.52
  • 92.123.104.59
  • 92.123.104.32
  • 92.123.104.40
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted

Threats

No threats detected
Process
Message
vlc.exe
main libvlc debug: using multimedia timers as clock source
vlc.exe
main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc.exe
main libvlc debug: VLC media player - 3.0.11 Vetinari
vlc.exe
main libvlc debug: Copyright © 1996-2020 the VideoLAN team
vlc.exe
main libvlc debug: revision 3.0.11-0-gdc0c5ced72
vlc.exe
main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=x86_64-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=x86_64-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x64/contrib/x86_64-w64-mingw32/lib/pkgconfig'
vlc.exe
main libvlc debug: searching plug-in modules
vlc.exe
main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
vlc.exe
main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
vlc.exe
main libvlc debug: plug-ins loaded: 494 modules
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Halloween.exe