File name:

vcredist_x86.exe

Full analysis: https://app.any.run/tasks/2015a2be-bd11-463a-8b47-ca5f32cfeda6
Verdict: Malicious activity
Analysis date: May 02, 2025, 23:18:10
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

8B17DA4FA1E1A443F315DE88D1A4F85A

SHA1:

0408689F797D3E370853E2E5FB860743D5FF1486

SHA256:

CE40E5F365DC4A4AF4688EBFC262EDBDB129FDAB31DE51F6E67F7FA52FE9FC2A

SSDEEP:

98304:VptV+pOGq2QSp7hOVxvHtzZ4GBCKVytsiAD193qh4iSNpBzNh0Ampw88jEC/55jG:V5NKj3sHVdhc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • vcredist_x86.exe (PID: 6708)
      • vcredist_x86.exe (PID: 2564)
      • Setup.exe (PID: 5868)

    • Connects to the CnC server

      • vcredist_x86.exe (PID: 6708)
      • FileCoAuth.exe (PID: 1388)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • vcredist_x86.exe (PID: 2564)
      • vcredist_x86.exe (PID: 6708)

    • Process drops legitimate windows executable

      • vcredist_x86.exe (PID: 6708)
      • Setup.exe (PID: 5868)
      • FileCoAuth.exe (PID: 1388)
      • msiexec.exe (PID: 4120)

    • Executable content was dropped or overwritten

      • vcredist_x86.exe (PID: 6708)
      • Setup.exe (PID: 5868)

    • Creates file in the systems drive root

      • vcredist_x86.exe (PID: 6708)

    • Reads security settings of Internet Explorer

      • Setup.exe (PID: 5868)
      • vcredist_x86.exe (PID: 6708)
      • FileCoAuth.exe (PID: 1388)

    • Contacting a server suspected of hosting an CnC

      • vcredist_x86.exe (PID: 6708)
      • FileCoAuth.exe (PID: 1388)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4120)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 4120)

    • Starts CMD.EXE for commands execution

      • FileCoAuth.exe (PID: 1388)

  • INFO

    • Checks supported languages

      • vcredist_x86.exe (PID: 6708)
      • Setup.exe (PID: 5868)
      • msiexec.exe (PID: 4120)

    • The sample compiled with english language support

      • vcredist_x86.exe (PID: 6708)
      • Setup.exe (PID: 5868)
      • msiexec.exe (PID: 4120)
      • FileCoAuth.exe (PID: 1388)

    • Creates files in the program directory

      • vcredist_x86.exe (PID: 6708)

    • Create files in a temporary directory

      • vcredist_x86.exe (PID: 6708)
      • Setup.exe (PID: 5868)

    • Reads the computer name

      • vcredist_x86.exe (PID: 6708)
      • Setup.exe (PID: 5868)
      • msiexec.exe (PID: 4120)

    • Reads the machine GUID from the registry

      • vcredist_x86.exe (PID: 6708)
      • Setup.exe (PID: 5868)
      • msiexec.exe (PID: 4120)

    • The sample compiled with japanese language support

      • vcredist_x86.exe (PID: 6708)
      • msiexec.exe (PID: 4120)

    • The sample compiled with korean language support

      • vcredist_x86.exe (PID: 6708)
      • msiexec.exe (PID: 4120)

    • The sample compiled with chinese language support

      • vcredist_x86.exe (PID: 6708)
      • msiexec.exe (PID: 4120)

    • The sample compiled with Italian language support

      • vcredist_x86.exe (PID: 6708)
      • msiexec.exe (PID: 4120)

    • The sample compiled with german language support

      • vcredist_x86.exe (PID: 6708)
      • msiexec.exe (PID: 4120)

    • The sample compiled with french language support

      • vcredist_x86.exe (PID: 6708)
      • msiexec.exe (PID: 4120)

    • The sample compiled with russian language support

      • vcredist_x86.exe (PID: 6708)
      • msiexec.exe (PID: 4120)

    • The sample compiled with spanish language support

      • vcredist_x86.exe (PID: 6708)
      • msiexec.exe (PID: 4120)

    • Checks proxy server information

      • vcredist_x86.exe (PID: 6708)
      • FileCoAuth.exe (PID: 1388)

    • Reads CPU info

      • Setup.exe (PID: 5868)

    • Reads the software policy settings

      • Setup.exe (PID: 5868)
      • msiexec.exe (PID: 4120)
      • slui.exe (PID: 6240)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4120)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 4120)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4120)

    • UPX packer has been detected

      • vcredist_x86.exe (PID: 6708)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (80.1)
.exe | Win32 Executable MS Visual C++ (generic) (7.1)
.exe | Win64 Executable (generic) (6.3)
.scr | Windows screen saver (2.9)
.dll | Win32 Dynamic Link Library (generic) (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2007:12:21 07:26:24+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 7.1
CodeSize: 34304
InitializedDataSize: 6656
UninitializedDataSize: -
EntryPoint: 0x63ff
OSVersion: 5.2
ImageVersion: 5.2
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 10.0.40219.1
ProductVersionNumber: 10.0.40219.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual C++ 2010 x86 Redistributable Setup
FileVersion: 10.0.40219.01
InternalName: vcredist_x86.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: vcredist_x86.exe
ProductName: Microsoft Visual C++ 2010 x86 Redistributable
ProductVersion: 10.0.40219.01
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
144
Monitored processes
8
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start vcredist_x86.exe setup.exe sppextcomobj.exe no specs slui.exe msiexec.exe filecoauth.exe slui.exe no specs vcredist_x86.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1388C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe -EmbeddingC:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDriveFile Co-Authoring Executable
Exit code:
0
Version:
19.043.0304.0013
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\19.043.0304.0013\filecoauth.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
1452C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2564"C:\Users\admin\AppData\Local\Temp\vcredist_x86.exe" C:\Users\admin\AppData\Local\Temp\vcredist_x86.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2010 x86 Redistributable Setup
Exit code:
3221226540
Version:
10.0.40219.01
Modules
Images
c:\users\admin\appdata\local\temp\vcredist_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4120C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5332C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
5868c:\a3b3d30a9aaf3000d0a73496\Setup.exe C:\a3b3d30a9aaf3000d0a73496\Setup.exe
vcredist_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Setup Installer
Exit code:
0
Version:
10.0.40219.1 built by: SP1Rel
Modules
Images
c:\a3b3d30a9aaf3000d0a73496\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6240"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6708"C:\Users\admin\AppData\Local\Temp\vcredist_x86.exe" C:\Users\admin\AppData\Local\Temp\vcredist_x86.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2010 x86 Redistributable Setup
Exit code:
0
Version:
10.0.40219.01
Modules
Images
c:\users\admin\appdata\local\temp\vcredist_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
9 534
Read events
9 291
Write events
235
Delete events
8

Modification events

(PID) Process:(6708) vcredist_x86.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6708) vcredist_x86.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6708) vcredist_x86.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4120) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
181000009DBB8F81B8BBDB01
(PID) Process:(4120) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
1EE43E3772B2D805BE75B2A1686BA3D740100B84F3F8057EB0AC6407686C5A39
(PID) Process:(4120) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(4120) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:c:\Config.Msi\
Value:
(PID) Process:(4120) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:c:\Config.Msi\10e080.rbs
Value:
31177656
(PID) Process:(4120) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:c:\Config.Msi\10e080.rbsLow
Value:
(PID) Process:(4120) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E4C35488E6280433B4A9504AC59CB06
Operation:writeName:1D5E3C0FEDA1E123187686FED06E995A
Value:
02:\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\x86\Version
Executable files
49
Suspicious files
22
Text files
49
Unknown types
1

Dropped files

PID
Process
Filename
Type
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\Setup.exeexecutable
MD5:9A1141FBCEEB2E196AE1BA115FD4BEE6
SHA256:28563D908450EB7B7E9ED07A934E0D68135B5BB48E866E0A1C913BD776A44FEF
6708vcredist_x86.exeC:\Program Files\Common Files\System\symsrv.dllexecutable
MD5:7574CF2C64F35161AB1292E2F532AABF
SHA256:DE055A89DE246E629A8694BDE18AF2B1605E4B9B493C7E4AEF669DD67ACF5085
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\SetupEngine.dllexecutable
MD5:A030C6B93740CBAA232FFAA08CCD3396
SHA256:0507720D52AE856BBF5FF3F01172A390B6C19517CB95514CD53F4A59859E8D63
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\sqmapi.dllexecutable
MD5:3F0363B40376047EFF6A9B97D633B750
SHA256:BD6395A58F55A8B1F4063E813CE7438F695B9B086BB965D8AC44E7A97D35A93C
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\watermark.bmpimage
MD5:1A5CAAFACFC8C7766E404D019249CF67
SHA256:2E87D5742413254DB10F7BD0762B6CDB98FF9C46CA9ACDDFD9B1C2E5418638F2
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\header.bmpimage
MD5:3AD1A8C3B96993BCDF45244BE2C00EEF
SHA256:133B86A4F1C67A159167489FDAEAB765BFA1050C23A7AE6D5C517188FB45F94A
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\UiInfo.xmlxml
MD5:4F90FCEF3836F5FC49426AD9938A1C60
SHA256:66A0299CE7EE12DD9FC2CFEAD3C3211E59BFB54D6C0627D044D44CEF6E70367B
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\SetupUi.dllexecutable
MD5:C744EC120E54027C57318C4720B4D6BE
SHA256:D1610B0A94A4DADC85EE32A7E5FFD6533EA42347D6F2D6871BEB03157B89A857
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\DisplayIcon.icoimage
MD5:F9657D290048E169FFABBBB9C7412BE0
SHA256:B74AD253B9B8F9FCADE725336509143828EE739CC2B24782BE3ECFF26F229160
6708vcredist_x86.exeC:\a3b3d30a9aaf3000d0a73496\DHtmlHeader.htmlhtml
MD5:CD131D41791A543CC6F6ED1EA5BD257C
SHA256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
29
DNS requests
21
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6708
vcredist_x86.exe
GET
403
173.255.194.134:80
http://www.aieov.com/logo.gif
unknown
malicious
6708
vcredist_x86.exe
GET
403
173.255.194.134:80
http://www.aieov.com/logo.gif
unknown
malicious
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4120
msiexec.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/CSPCA.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.74.206
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.166
  • 23.48.23.143
  • 23.48.23.156
  • 23.48.23.176
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 23.219.150.101
whitelisted
5isohu.com
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
www.aieov.com
  • 173.255.194.134
  • 45.33.18.44
  • 96.126.123.244
  • 45.33.23.183
  • 198.58.118.167
  • 45.79.19.196
  • 72.14.185.43
  • 45.33.30.197
  • 45.33.2.79
  • 45.33.20.235
  • 45.56.79.23
  • 72.14.178.174
malicious
login.live.com
  • 20.190.159.23
  • 40.126.31.0
  • 40.126.31.2
  • 40.126.31.71
  • 40.126.31.67
  • 20.190.159.129
  • 20.190.159.128
  • 40.126.31.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted

Threats

PID
Process
Class
Message
6708
vcredist_x86.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
6708
vcredist_x86.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
6708
vcredist_x86.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
1388
FileCoAuth.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Possible Floxif CnC Communication
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
vcredist_x86.exe