download:

/US/microsoft-visual-c-2008.exe

Full analysis: https://app.any.run/tasks/dd0dd407-74ac-4eb1-8234-4c3108ce472a
Verdict: Malicious activity
Analysis date: February 15, 2024, 13:50:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

62F764849E8FCDF8BFBC342685641304

SHA1:

14537055D62DD70414DF193E7D0AB0B5C5DD8DE1

SHA256:

E81EB24F9910979DFC03ECC3006AB538EA361BE462A34FD3ED8901446A2D984A

SSDEEP:

98304:uRgzyPh7i+DFiMEEXHmoBdAQaY3eDVN/ouIgLDzJ2faTKA6Zd2LYvBZKdv1ldXml:oFcf96

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2964)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2964)

    • Starts a Microsoft application from unusual location

      • microsoft-visual-c-2008.exe (PID: 3672)
      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2332)

    • Executable content was dropped or overwritten

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2964)

    • Reads the Windows owner or organization settings

      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)

    • Reads the Internet Settings

      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)

    • Starts itself from another location

      • setup.exe (PID: 2964)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)

    • Reads settings of System Certificates

      • setup.exe (PID: 2332)

    • Checks Windows Trust Settings

      • setup.exe (PID: 2332)

  • INFO

    • Checks supported languages

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2964)
      • ngen.exe (PID: 2624)
      • msiexec.exe (PID: 2232)
      • setup.exe (PID: 2332)

    • Reads the computer name

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)
      • msiexec.exe (PID: 2232)
      • ngen.exe (PID: 2624)

    • Reads the machine GUID from the registry

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2332)
      • msiexec.exe (PID: 2232)

    • Reads Environment values

      • microsoft-visual-c-2008.exe (PID: 3660)

    • Create files in a temporary directory

      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)

    • Reads the software policy settings

      • setup.exe (PID: 2332)

    • Reads CPU info

      • setup.exe (PID: 2332)

    • Checks proxy server information

      • setup.exe (PID: 2332)

    • Creates files or folders in the user directory

      • setup.exe (PID: 2332)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (82.5)
.exe | Win32 Executable MS Visual C++ (generic) (7.3)
.exe | Win64 Executable (generic) (6.5)
.dll | Win32 Dynamic Link Library (generic) (1.5)
.exe | Win32 Executable (generic) (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2005:06:01 16:46:51+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 7.1
CodeSize: 31232
InitializedDataSize: 6144
UninitializedDataSize: -
EntryPoint: 0x5972
OSVersion: 5.2
ImageVersion: 5.2
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 9.0.30729.1
ProductVersionNumber: 9.0.30729.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual C++ 2008 Express Edition - ENU Setup
FileVersion: 9.0.30729.01
InternalName: vc_web.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: vc_web.exe
ProductName: Microsoft Visual C++ 2008 Express Edition - ENU
ProductVersion: 9.0.30729.01
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start microsoft-visual-c-2008.exe setup.exe setup.exe ngen.exe no specs msiexec.exe no specs microsoft-visual-c-2008.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2232C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2332"C:\Users\admin\AppData\Local\Temp\SIT30762.tmp\setup.exe" /web /CreatedTemp /NoExclude /InstalledFrom "c:\1fb8a05ba018b2f0d95ce8d0b3bbbf78"C:\Users\admin\AppData\Local\Temp\SIT30762.tmp\setup.exe
setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Suite Integration Toolkit Executable
Exit code:
0
Version:
9.0.30729.1 built by: SP
Modules
Images
c:\users\admin\appdata\local\temp\sit30762.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\sit30762.tmp\dlmgr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
2624C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe queue pauseC:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Common Language Runtime native compiler
Exit code:
0
Version:
2.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\ngen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2964c:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setup.exe /webC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setup.exe
microsoft-visual-c-2008.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Suite Integration Toolkit Executable
Exit code:
0
Version:
9.0.30729.1 built by: SP
Modules
Images
c:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\dlmgr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
3660"C:\Users\admin\AppData\Local\Temp\microsoft-visual-c-2008.exe" C:\Users\admin\AppData\Local\Temp\microsoft-visual-c-2008.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2008 Express Edition - ENU Setup
Exit code:
0
Version:
9.0.30729.01
Modules
Images
c:\users\admin\appdata\local\temp\microsoft-visual-c-2008.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3672"C:\Users\admin\AppData\Local\Temp\microsoft-visual-c-2008.exe" C:\Users\admin\AppData\Local\Temp\microsoft-visual-c-2008.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2008 Express Edition - ENU Setup
Exit code:
3221226540
Version:
9.0.30729.01
Modules
Images
c:\users\admin\appdata\local\temp\microsoft-visual-c-2008.exe
c:\windows\system32\ntdll.dll
Total events
9 199
Read events
9 130
Write events
57
Delete events
12

Modification events

(PID) Process:(2964) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2964) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2964) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2964) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2332) setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB61400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D7200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\9.0\Setup\Watson
Operation:writeName:UserID
Value:
{B1730502-006F-4F04-B6A5-FED5714DE360}
Executable files
34
Suspicious files
8
Text files
44
Unknown types
5

Dropped files

PID
Process
Filename
Type
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\DW20.EXEexecutable
MD5:B107CA0461FA5BDF12C252E070761B01
SHA256:9E736C88375E593CCB2FEF975818BD24B6E55311CF9F2C1CA65CDA3A300C72F2
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\vs_setup.MS_executable
MD5:1BF4FD059439AC9D09CC81B2471AF777
SHA256:5B57DABB4221208F7D617EB9020633525A3FF33B8F118A8AF9AF3E8D645B9269
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\readme.htmhtml
MD5:773C02293A1DAD7A2DA5B294612D8BF7
SHA256:929C3DAB834E9CCD732B66D0DC5D9D168930A5C34C2C20BE899C592ACD295248
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setup.sdbtxt
MD5:6C6635E87065DA7779EEF528FEF0745D
SHA256:8533FC7008AE0983EFCA2046ACB55BEA2A60DD1DAB2EFC955570F8C4B7A283BD
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\baseline.datbinary
MD5:B5CC387799ADFEAA492C67BCF5BF1880
SHA256:AC552BC2BC36A3014374A9E8AEE688884A68060BBA9E9C2949CE3394DE56C8B5
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\deffactory.datbinary
MD5:0E5123E75672806A52B516DFCE07F8E0
SHA256:BE4CE52DC0E6670F171B4C996F6017363516C745F2245EB75E8FA04A56AF7FB9
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\eula.1033.txttext
MD5:D3A286894736620C98A8A8062429B0C3
SHA256:ABF38B58077C6E86FB039D83A654EC2F842018D7C7E691312079994BF940C815
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\CustomText.1033.dllexecutable
MD5:D8D66B76B88B5D24C9F5E531FCA959F9
SHA256:6BDCC50F0AEEDFE239820267488AFC76C1D4B6015CD904D69444DD2126BD0457
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\logo.bmpimage
MD5:4C324436A26D083C9320FE9DA04EA042
SHA256:2C4724BFF4DFC2A44CD483D1551916112C9657DD7627CAF4A7FAB47DC75EF9F4
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\locdata.initext
MD5:C8601B7F3F7A9E01F94F0B40B0F00C35
SHA256:E6971EEF8D932DE9522FF129B7823F5C6038E461373574B07984CB9340488A9E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
10
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2332
setup.exe
GET
304
87.248.205.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?54a95c1eab34bab9
unknown
unknown
2332
setup.exe
GET
302
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkId=119075&clcid=0x409
unknown
unknown
2332
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
unknown
binary
471 b
unknown
2332
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
1080
svchost.exe
GET
200
87.248.205.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c503292d7802e201
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2332
setup.exe
23.213.166.81:80
go.microsoft.com
AKAMAI-AS
DE
unknown
2332
setup.exe
23.32.101.194:443
download.microsoft.com
AKAMAI-AS
SE
unknown
2332
setup.exe
87.248.205.0:80
ctldl.windowsupdate.com
LLNW
US
unknown
2332
setup.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2332
setup.exe
95.101.149.131:443
www.microsoft.com
Akamai International B.V.
NL
unknown
1080
svchost.exe
87.248.205.0:80
ctldl.windowsupdate.com
LLNW
US
unknown

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 23.213.166.81
whitelisted
download.microsoft.com
  • 23.32.101.194
whitelisted
ctldl.windowsupdate.com
  • 87.248.205.0
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted

Threats

No threats detected
Process
Message
setup.exe
Dest DC 71010510, Source DC 0901049E, Size: 474, 161
setup.exe
Dest DC 71010510, Source DC 780105A7, Size: 474, 57
setup.exe
Dest DC 610103EC, Source DC 7B0105A7, Size: 434, 26
setup.exe
Dest DC 71010510, Source DC 940101F0, Size: 434, 26
setup.exe
Dest DC 71010510, Source DC 860105A7, Size: 434, 26
setup.exe
Dest DC 71010510, Source DC BC0105A7, Size: 444, 69
setup.exe
Dest DC 610103EC, Source DC BF0105A7, Size: 444, 30
setup.exe
Dest DC 0D01049E, Source DC C20105A7, Size: 434, 26
setup.exe
Dest DC 0D01049E, Source DC 37010462, Size: 444, 69
setup.exe
Dest DC 0D01049E, Source DC 790104CC, Size: 444, 69
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/US/microsoft-visual-c-2008.exe