download:

/US/microsoft-visual-c-2008.exe

Full analysis: https://app.any.run/tasks/dd0dd407-74ac-4eb1-8234-4c3108ce472a
Verdict: Malicious activity
Analysis date: February 15, 2024, 13:50:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

62F764849E8FCDF8BFBC342685641304

SHA1:

14537055D62DD70414DF193E7D0AB0B5C5DD8DE1

SHA256:

E81EB24F9910979DFC03ECC3006AB538EA361BE462A34FD3ED8901446A2D984A

SSDEEP:

98304:uRgzyPh7i+DFiMEEXHmoBdAQaY3eDVN/ouIgLDzJ2faTKA6Zd2LYvBZKdv1ldXml:oFcf96

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2964)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • microsoft-visual-c-2008.exe (PID: 3672)
      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2332)

    • Process drops legitimate windows executable

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2964)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 2964)
      • microsoft-visual-c-2008.exe (PID: 3660)

    • Starts itself from another location

      • setup.exe (PID: 2964)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)

    • Reads the Windows owner or organization settings

      • setup.exe (PID: 2332)
      • setup.exe (PID: 2964)

    • Checks Windows Trust Settings

      • setup.exe (PID: 2332)

    • Reads settings of System Certificates

      • setup.exe (PID: 2332)

    • Reads the Internet Settings

      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)

  • INFO

    • Checks supported languages

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2332)
      • ngen.exe (PID: 2624)
      • msiexec.exe (PID: 2232)
      • setup.exe (PID: 2964)

    • Reads the computer name

      • microsoft-visual-c-2008.exe (PID: 3660)
      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)
      • ngen.exe (PID: 2624)
      • msiexec.exe (PID: 2232)

    • Create files in a temporary directory

      • setup.exe (PID: 2964)
      • setup.exe (PID: 2332)

    • Reads Environment values

      • microsoft-visual-c-2008.exe (PID: 3660)

    • Reads the software policy settings

      • setup.exe (PID: 2332)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 2332)
      • msiexec.exe (PID: 2232)
      • microsoft-visual-c-2008.exe (PID: 3660)

    • Checks proxy server information

      • setup.exe (PID: 2332)

    • Reads CPU info

      • setup.exe (PID: 2332)

    • Creates files or folders in the user directory

      • setup.exe (PID: 2332)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (82.5)
.exe | Win32 Executable MS Visual C++ (generic) (7.3)
.exe | Win64 Executable (generic) (6.5)
.dll | Win32 Dynamic Link Library (generic) (1.5)
.exe | Win32 Executable (generic) (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2005:06:01 16:46:51+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 7.1
CodeSize: 31232
InitializedDataSize: 6144
UninitializedDataSize: -
EntryPoint: 0x5972
OSVersion: 5.2
ImageVersion: 5.2
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 9.0.30729.1
ProductVersionNumber: 9.0.30729.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual C++ 2008 Express Edition - ENU Setup
FileVersion: 9.0.30729.01
InternalName: vc_web.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: vc_web.exe
ProductName: Microsoft Visual C++ 2008 Express Edition - ENU
ProductVersion: 9.0.30729.01
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start microsoft-visual-c-2008.exe setup.exe setup.exe ngen.exe no specs msiexec.exe no specs microsoft-visual-c-2008.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2232C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2332"C:\Users\admin\AppData\Local\Temp\SIT30762.tmp\setup.exe" /web /CreatedTemp /NoExclude /InstalledFrom "c:\1fb8a05ba018b2f0d95ce8d0b3bbbf78"C:\Users\admin\AppData\Local\Temp\SIT30762.tmp\setup.exe
setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Suite Integration Toolkit Executable
Exit code:
0
Version:
9.0.30729.1 built by: SP
Modules
Images
c:\users\admin\appdata\local\temp\sit30762.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\sit30762.tmp\dlmgr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
2624C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe queue pauseC:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Common Language Runtime native compiler
Exit code:
0
Version:
2.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Images
c:\windows\microsoft.net\framework\v2.0.50727\ngen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2964c:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setup.exe /webC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setup.exe
microsoft-visual-c-2008.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Suite Integration Toolkit Executable
Exit code:
0
Version:
9.0.30729.1 built by: SP
Modules
Images
c:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\dlmgr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
3660"C:\Users\admin\AppData\Local\Temp\microsoft-visual-c-2008.exe" C:\Users\admin\AppData\Local\Temp\microsoft-visual-c-2008.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2008 Express Edition - ENU Setup
Exit code:
0
Version:
9.0.30729.01
Modules
Images
c:\users\admin\appdata\local\temp\microsoft-visual-c-2008.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3672"C:\Users\admin\AppData\Local\Temp\microsoft-visual-c-2008.exe" C:\Users\admin\AppData\Local\Temp\microsoft-visual-c-2008.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2008 Express Edition - ENU Setup
Exit code:
3221226540
Version:
9.0.30729.01
Modules
Images
c:\users\admin\appdata\local\temp\microsoft-visual-c-2008.exe
c:\windows\system32\ntdll.dll
Total events
9 199
Read events
9 130
Write events
57
Delete events
12

Modification events

(PID) Process:(2964) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2964) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2964) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2964) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2332) setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB61400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D7200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2332) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\9.0\Setup\Watson
Operation:writeName:UserID
Value:
{B1730502-006F-4F04-B6A5-FED5714DE360}
Executable files
34
Suspicious files
8
Text files
44
Unknown types
5

Dropped files

PID
Process
Filename
Type
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\DW20.EXEexecutable
MD5:B107CA0461FA5BDF12C252E070761B01
SHA256:9E736C88375E593CCB2FEF975818BD24B6E55311CF9F2C1CA65CDA3A300C72F2
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\vs_setup.pdibinary
MD5:BE1E4D558CACF37B1C7B5335FDEB7914
SHA256:D22C6F75D0AF8097E587C5DF86849AC26B1E069B772C62240FDFF89798DC81FB
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\baseline.datbinary
MD5:B5CC387799ADFEAA492C67BCF5BF1880
SHA256:AC552BC2BC36A3014374A9E8AEE688884A68060BBA9E9C2949CE3394DE56C8B5
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setup.sdbtxt
MD5:6C6635E87065DA7779EEF528FEF0745D
SHA256:8533FC7008AE0983EFCA2046ACB55BEA2A60DD1DAB2EFC955570F8C4B7A283BD
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\logo.bmpimage
MD5:4C324436A26D083C9320FE9DA04EA042
SHA256:2C4724BFF4DFC2A44CD483D1551916112C9657DD7627CAF4A7FAB47DC75EF9F4
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\CustomText.1033.dllexecutable
MD5:D8D66B76B88B5D24C9F5E531FCA959F9
SHA256:6BDCC50F0AEEDFE239820267488AFC76C1D4B6015CD904D69444DD2126BD0457
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\locdata.initext
MD5:C8601B7F3F7A9E01F94F0B40B0F00C35
SHA256:E6971EEF8D932DE9522FF129B7823F5C6038E461373574B07984CB9340488A9E
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\vs_setup.MS_executable
MD5:1BF4FD059439AC9D09CC81B2471AF777
SHA256:5B57DABB4221208F7D617EB9020633525A3FF33B8F118A8AF9AF3E8D645B9269
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\DWINTL20.DLLexecutable
MD5:33E67E66437E8029149170C206E98335
SHA256:56A26BFD1C53494D67F430837A35D89EE80B88032F534F7F71B84E12123084AF
3660microsoft-visual-c-2008.exeC:\1fb8a05ba018b2f0d95ce8d0b3bbbf78\setupres.dllexecutable
MD5:96EC18F147BB09C0C74AFF5BDE53616C
SHA256:E0A243F25D30AF8C0A18509AC493295B567B4A44CE55FA4E6569FE59AD003CFD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
10
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2332
setup.exe
GET
302
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkId=119075&clcid=0x409
unknown
unknown
2332
setup.exe
GET
304
87.248.205.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?54a95c1eab34bab9
unknown
unknown
2332
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
unknown
binary
471 b
unknown
2332
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
1080
svchost.exe
GET
200
87.248.205.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c503292d7802e201
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2332
setup.exe
23.213.166.81:80
go.microsoft.com
AKAMAI-AS
DE
unknown
2332
setup.exe
23.32.101.194:443
download.microsoft.com
AKAMAI-AS
SE
unknown
2332
setup.exe
87.248.205.0:80
ctldl.windowsupdate.com
LLNW
US
unknown
2332
setup.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2332
setup.exe
95.101.149.131:443
www.microsoft.com
Akamai International B.V.
NL
unknown
1080
svchost.exe
87.248.205.0:80
ctldl.windowsupdate.com
LLNW
US
unknown

DNS requests

Domain
IP
Reputation
go.microsoft.com
  • 23.213.166.81
whitelisted
download.microsoft.com
  • 23.32.101.194
whitelisted
ctldl.windowsupdate.com
  • 87.248.205.0
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted

Threats

No threats detected
Process
Message
setup.exe
Dest DC 71010510, Source DC 0901049E, Size: 474, 161
setup.exe
Dest DC 71010510, Source DC 780105A7, Size: 474, 57
setup.exe
Dest DC 610103EC, Source DC 7B0105A7, Size: 434, 26
setup.exe
Dest DC 71010510, Source DC 940101F0, Size: 434, 26
setup.exe
Dest DC 71010510, Source DC 860105A7, Size: 434, 26
setup.exe
Dest DC 71010510, Source DC BC0105A7, Size: 444, 69
setup.exe
Dest DC 610103EC, Source DC BF0105A7, Size: 444, 30
setup.exe
Dest DC 0D01049E, Source DC C20105A7, Size: 434, 26
setup.exe
Dest DC 0D01049E, Source DC 37010462, Size: 444, 69
setup.exe
Dest DC 0D01049E, Source DC 790104CC, Size: 444, 69
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/US/microsoft-visual-c-2008.exe