File name:

VisualCppRedist_AIO_x86_x64.exe

Full analysis: https://app.any.run/tasks/a8c95042-1998-4b8e-bc3d-24df4095b39c
Verdict: Malicious activity
Analysis date: May 24, 2025, 13:08:52
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

8E9A608C5754C574CE87A28164A411F9

SHA1:

A2C74BDDFE01FEAC9A43566CB845E9F99246AF84

SHA256:

341513A8C49E3780BC01ACDE9C893E8176072412F042E83F2A9F296E6328EBA4

SSDEEP:

196608:mDdDvu3NvBIFuE7FIUsUpdJJFacCagqlcan4xc6SSh6Y8Dk:mDdq3NvOz7FgUYjacUWqSh65Dk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)
      • msiexec.exe (PID: 5668)
      • vcredist_x64.exe (PID: 8152)
      • VC_redist.x86.exe (PID: 7396)
      • VC_redist.x64.exe (PID: 1676)
      • TiWorker.exe (PID: 4608)

    • Starts a Microsoft application from unusual location

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • VisualCppRedist_AIO_x86_x64.exe (PID: 7396)

    • Executable content was dropped or overwritten

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)
      • vcredist_x64.exe (PID: 8152)
      • VC_redist.x86.exe (PID: 4652)
      • VC_redist.x86.exe (PID: 7396)
      • VC_redist.x64.exe (PID: 7528)
      • VC_redist.x64.exe (PID: 1676)
      • TiWorker.exe (PID: 4608)

    • Executing commands from ".cmd" file

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)

    • The process drops C-runtime libraries

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • Starts CMD.EXE for commands execution

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • cmd.exe (PID: 7980)

    • Reads security settings of Internet Explorer

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)

    • The process executes VB scripts

      • cmd.exe (PID: 2088)
      • cmd.exe (PID: 5064)
      • cmd.exe (PID: 5380)
      • cmd.exe (PID: 5328)
      • cmd.exe (PID: 8020)
      • cmd.exe (PID: 7920)
      • cmd.exe (PID: 1240)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • cscript.exe (PID: 4696)
      • cscript.exe (PID: 5512)
      • cscript.exe (PID: 5988)

    • Hides command output

      • cmd.exe (PID: 1324)
      • cmd.exe (PID: 5408)

    • Application launched itself

      • vcredist_x64.exe (PID: 8152)
      • cmd.exe (PID: 7980)
      • VC_redist.x86.exe (PID: 7352)
      • VC_redist.x64.exe (PID: 7560)
      • VC_redist.x64.exe (PID: 7528)
      • VC_redist.x86.exe (PID: 4652)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 7980)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 7980)

    • Executes as Windows Service

      • VSSVC.exe (PID: 8188)

    • Searches for installed software

      • vcredist_x64.exe (PID: 6660)
      • dllhost.exe (PID: 720)

    • Uses WMIC.EXE to obtain computer system information

      • cmd.exe (PID: 7980)

  • INFO

    • Create files in a temporary directory

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)

    • The sample compiled with spanish language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • Reads the computer name

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)
      • vcredist_x64.exe (PID: 8152)

    • The sample compiled with german language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with french language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with korean language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • Process checks computer location settings

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)

    • The sample compiled with russian language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with english language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 6660)
      • msiexec.exe (PID: 5668)
      • VC_redist.x86.exe (PID: 4652)
      • vcredist_x64.exe (PID: 8152)
      • VC_redist.x86.exe (PID: 7396)
      • VC_redist.x64.exe (PID: 7528)
      • VC_redist.x64.exe (PID: 1676)
      • TiWorker.exe (PID: 4608)

    • The sample compiled with chinese language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • Checks supported languages

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • vcredist_x64.exe (PID: 8152)
      • vcredist_x64.exe (PID: 6660)

    • The sample compiled with Italian language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • Checks operating system version

      • cmd.exe (PID: 7980)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 8188)
      • cscript.exe (PID: 4696)
      • cscript.exe (PID: 5512)
      • cscript.exe (PID: 5988)

    • The sample compiled with japanese language support

      • VisualCppRedist_AIO_x86_x64.exe (PID: 7544)
      • msiexec.exe (PID: 5668)
      • TiWorker.exe (PID: 4608)

    • Manages system restore points

      • SrTasks.exe (PID: 4724)
      • SrTasks.exe (PID: 3968)
      • SrTasks.exe (PID: 6148)
      • SrTasks.exe (PID: 4008)
      • SrTasks.exe (PID: 1040)
      • SrTasks.exe (PID: 8132)
      • SrTasks.exe (PID: 3012)
      • SrTasks.exe (PID: 5172)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:03:05 12:48:36+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 96256
InitializedDataSize: 345600
UninitializedDataSize: -
EntryPoint: 0x17d2f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 14.44.35112.1
ProductVersionNumber: 14.44.35112.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual C++ Redistributable Setup
FileVersion: 14.44.35112.1
InternalName: VCRedist_AIO_x86_x64.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
ProductName: Microsoft® Visual Studio®
OriginalFileName: VCRedist_AIO_x86_x64.exe
ProductVersion: 14.44.35112.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
417
Monitored processes
284
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start visualcppredist_aio_x86_x64.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs reg.exe no specs wmic.exe no specs find.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs find.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs findstr.exe no specs vcredist_x64.exe vcredist_x64.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe reg.exe no specs vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe reg.exe no specs vc_redist.x64.exe no specs vc_redist.x64.exe vc_redist.x64.exe reg.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs reg.exe no specs find.exe no specs findstr.exe no specs findstr.exe no specs msiexec.exe no specs slui.exe srtasks.exe no specs conhost.exe no specs msiexec.exe no specs tiworker.exe msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs visualcppredist_aio_x86_x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
208find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
300reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{610487D9-3460-328A-9333-219D43A75CC5} /v UninstallString C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
496find /i "VC_RED_enu_" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
516findstr /r "{.*-.*-.*-.*-.*}" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
536find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
536findstr /r "{.*-.*-.*-.*-.*}" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
632find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
660find /i "HKEY_LOCAL_MACHINE" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
660reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53CF6934-A98D-3D84-9146-FC4EDF3D5641} /v UninstallString C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
82 920
Read events
78 151
Write events
3 605
Delete events
1 164

Modification events

(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
480000000000000022950C18ADCCDB01D0020000201C0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8152) vcredist_x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
400000000000000022950C18ADCCDB01D81F0000CC1F0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000060096018ADCCDB01D0020000201C0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000416C6218ADCCDB01D0020000201C0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
480000000000000082A55D18ADCCDB01D0020000201C0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
480000000000000082A55D18ADCCDB01D0020000201C0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
480000000000000015270219ADCCDB01D0020000201C0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(720) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000082872319ADCCDB01D0020000F4180000E80300000100000000000000000000002F819076CB39314A9379276B6071E1E300000000000000000000000000000000
(PID) Process:(8188) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000094152D19ADCCDB01FC1F00004C1B0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(8188) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000094152D19ADCCDB01FC1F000090170000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
800
Suspicious files
357
Text files
318
Unknown types
0

Dropped files

PID
Process
Filename
Type
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\~DF76A5D42909BFDBBC.TMPbinary
MD5:0EF198DC2DFAEF4B3DEBE5025C52C391
SHA256:36EBE1CAFBE62432D0D5B0FA80C4E781E10F9E96B268A93BAEE81DBE03A9A447
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\vbc\vcrun.msiexecutable
MD5:02A7A8F705FB831559BAAC094A0B4269
SHA256:15684D42D6107225E93CBA6C6A3311A7A86D4B515027DA263FCD949D818532F2
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2008\x86\vc_red.msiexecutable
MD5:824F1F188704D3DE77660D90FEA6B136
SHA256:72A46F29C780949C1151EFADD899806EE192B6FB4A87A9646D638DF95F3A0BBF
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2005\x64\vcredist.msiexecutable
MD5:75A443807EF22CB222A1882A0776EBFF
SHA256:DC35915B2747B9EE661FA00630C0983099240BF3231B4B4C1575AEF19D6D2D9B
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2008\x64\vc_red.msiexecutable
MD5:0ADDB501B3B96ED396CC8E7115DC309D
SHA256:BE98639D76E927263D64E49DF858B64710F5BF484B30ECAD2974C4C4AAE949C6
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2013\x86\vc_runtimeAdditional_x86.msiexecutable
MD5:DD9A3B56FBB8B4875F14E7E84D75A433
SHA256:5D27CE80AA2A736111FA396C987029803019D93058744FADA2BB2A959630A3E2
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2012\x64\vc_runtimeMinimum_x64.msiexecutable
MD5:921BAB4220B28DDB685B45DDB12D4341
SHA256:3AF92A99CA2177EF54893A6EE89F5771EB551E706AA15D0AED587E32F3A34566
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2022\x86\vc_runtimeAdditional_x86.msiexecutable
MD5:523E2F91008BCB0F161D7939675DDEA2
SHA256:9ADCE8E397B1ED9FB349D9E6EFFAB088FC5B0B3A195F3B9835F6E19DA6DD6731
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2022\x64\vc_runtimeAdditional_x64.msiexecutable
MD5:820C19AC98653D80FB98B3C4A7AA1D24
SHA256:9C123673EDD5538979C167CAD33008923500015A38F92F4EDA20641081A2EF85
7544VisualCppRedist_AIO_x86_x64.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\2022\x64\vc_runtimeMinimum_x64.msiexecutable
MD5:17A157D8C65FDF24E76E8CB709BCDEDC
SHA256:396F6AD924A8ECC03E46640FB9D36033293358DE5F43779B50E2D7F7436456FE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
68
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6652
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
400
20.190.160.14:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.14:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.22:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
40.126.32.133:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
GET
304
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
2104
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7772
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
POST
400
40.126.32.136:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
200
20.190.160.65:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6652
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6652
RUXIMICS.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6652
RUXIMICS.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
2104
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
  • 23.32.238.112
  • 23.32.238.107
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 2.23.181.156
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.128
  • 20.190.160.4
  • 40.126.32.76
  • 40.126.32.140
  • 40.126.32.72
  • 40.126.32.68
  • 20.190.160.67
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
go.microsoft.com
  • 23.218.210.69
  • 95.100.186.9
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VisualCppRedist_AIO_x86_x64.exe